| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: svchost Virus der viel CPU verbrauchtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2013, 02:02
| #1 | |
| |  svchost Virus der viel CPU verbraucht Hallo! Ich habe in letzter Zeit bemerkt das es zu erheblichen Laggs in Spielen kommt, Also prompt den Task Manager geöffnet, und siehe da... "svchost.exe" verbraucht 17% Leistung Meines CPUs... Ich habe die exe beendet, und alles geht wieder. Jedoch startet er sich beim nächsten Windowsstart wieder.. Die exe wird im TEMP Ordner aufgerufen, das heißt das es ein Virus ist, weil svchost eigentlich in system32 ist. Ich habe mir Heute den Process Explorer geholt, dieser Zeigt mir an was der Command Line für die Exe ist Zitat:
Ich habe die Datei bereits gelöscht, aber sie kommt immer wieder (Nach jedem Neustart)  Ich bitte um Hilfe! Virustotal sagt folgendes: https://www.virustotal.com/de/file/841071526b73eabb07d891ff359ad3fb424bf9b5a83577e5ea409b1deb849838/analysis/1364777991/ Code:
ATTFilter https://www.virustotal.com/file/841071526b73eabb07d891ff359ad3fb424bf9b5a83577e5ea409b1deb849838/analysis/1364777991/
MD5: 207e8913fb9874d344c4b7841ea2a013
SHA1: 7d9227722e81e4e3f6697f02636952af193541e9
Detect: 6 / 46
Win32:PUP-gen [PUP] (Avast)
not-a-virus:RiskTool.Win32.BitCoinMiner.cid (Kaspersky)
SPR/BitCoin.F (AntiVir)
Trojan.Win32.BitCoinMiner.AMN (A) (Emsisoft)
a variant of Win32/BitCoinMiner.N (ESET-NOD32)
not-a-virus:RiskTool.Win32.BitCoinMiner (Ikarus)
Geändert von dodori (01.04.2013 um 02:30 Uhr) |
|
01.04.2013, 19:43
| #2 |
| /// Helfer-Team  |  svchost Virus der viel CPU verbraucht Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
01.04.2013, 23:57
| #3 | |||
| | svchost Virus der viel CPU verbraucht Ok,
__________________Ich habe 3 mal mit mbar gescannt und es kamen IMMER die gleichen Viren, es bringt nichts das noch öfter zu machen.... die drei Logfiles von mbar: 1. Zitat:
Zitat:
Zitat:
www.pastebin.com/p6JJ8PnY |
|
02.04.2013, 07:05
| #4 |
| /// Helfer-Team | svchost Virus der viel CPU verbraucht Logs zippen und als Dateien anhaengen, falls sie zu gross sein sollten. |
|
02.04.2013, 07:14
| #5 |
| | svchost Virus der viel CPU verbraucht Hab sie mal alle gezippt.OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.04.2013 00:43:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 12,68 Gb Available Physical Memory | 79,34% Memory free 31,96 Gb Paging File | 27,96 Gb Available in Paging File | 87,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 290,10 Gb Free Space | 31,15% Space Free | Partition Type: NTFS Drive D: | 5,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 1,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\AppData\Local\Temp\svchost.exe () PRC - C:\Users\User\AppData\Local\Temp\svchost.exe () PRC - C:\Users\User\AppData\Local\Temp\svchost.exe () PRC - C:\Users\User\AppData\Local\Temp\svchost.exe () PRC - C:\Users\User\AppData\Local\Temp\svchost.exe () PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ) PRC - C:\Users\User\AppData\Local\Pokki\Engine\pokki.exe (Pokki) PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\IB Updater\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) PRC - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe (Iminent) PRC - C:\Program Files (x86)\puush\puush.exe () PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () PRC - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe () PRC - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Windows\DAODx.exe () PRC - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe (Take-Two Interactive Software, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\User\AppData\Local\Temp\svchost.exe () MOD - C:\Users\User\AppData\Local\Temp\zlib1.dll () MOD - C:\Users\User\AppData\Local\Temp\libidn-11.dll () MOD - C:\Users\User\AppData\Local\Temp\libcurl-4.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Origin\tufao.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1505fb78e94fbe5ee73563a5e10ecead\System.Messaging.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d0726d49d268d97b4bcbe8b96548bc7c\System.Workflow.Runtime.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\272d9c2ba363f3e7cb5f2c89b99f2e2d\System.Workflow.ComponentModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4a2adcf04444a71d27fb7ad7381f3b8f\System.Workflow.Activities.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\31a8f96f8939ac18a867ee26cc37eda8\System.Design.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4976e150a5d096db3981d4d56dda5a8e\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll () MOD - C:\Users\User\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll () MOD - C:\Users\User\AppData\Local\Pokki\Engine\chrome.dll () MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () MOD - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\46c1da3f2c4c666140a414394e1cb20b\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9714573400d1d3724808c63f1fd6de83\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\puush\puush.exe () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Users\User\AppData\Local\Pokki\Engine\avformat-53.dll () MOD - C:\Users\User\AppData\Local\Pokki\Engine\avcodec-53.dll () MOD - C:\Users\User\AppData\Local\Pokki\Engine\avutil-51.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\SysWOW64\PrxerNsp.dll () MOD - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyovpnc.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.crypto.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.SSL.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.rand.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\twisted.protocols._c_urlarg.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\zope.interface._zope_interface_coptimizations.pyd () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.dll () MOD - C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32com.shell.shell.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pythoncom26.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32gui.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32api.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32process.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32event.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pywintypes26.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32pdh.pyd () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_de_31bf3856ad364e35\System.Workflow.Runtime.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\select.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_hashlib.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyexpat.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ctypes.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ssl.pyd () MOD - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_socket.pyd () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\DAODx.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE () SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (IB Updater) -- C:\Programme\IB Updater\ExtensionUpdaterService.exe () SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SProtection) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe (Iminent) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe (The OpenVPN Project) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.) DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC) DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.) DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=404C00FFDEA70CCC IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 10247514 IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=404C00FFDEA70CCC IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 36 C6 CC C3 FB CD 01 [binary data] IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes,DefaultScope = {01bd49d7-c76b-4310-8beb-14d7e5f322c6} IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=404C00FFDEA70CCC IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6R8SHYKoKT&i=26 IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = usvpn.newfreevpn.com ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:6.5.5.1 FF - prefs.js..extensions.enabledAddons: noreply@u2bviews.com:2.1.5 FF - prefs.js..extensions.enabledAddons: exif_viewer@mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.17.3.100013 FF - prefs.js..extensions.enabledAddons: {0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1095.52 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "EasyLife" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "EasyLife" FF - prefs.js..browser.startup.homepage: "hxxp://search.easylifeapp.com/?pid=34&r=2013/02/15&hid=2871535812&lg=EN&cc=DE" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.easylifeapp.com/?pid=34&abc=ff1&r=2013/02/15&hid=2871535812&lg=EN&cc=DE&l=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.03 17:04:10 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.03 17:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.03 17:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2013.02.10 08:56:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.03 17:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.28 21:03:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 17:41:10 | 000,037,909 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.16 18:49:21 | 000,000,000 | ---D | M] [2013.01.18 20:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.04.01 22:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions [2013.01.28 17:04:49 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\ffxtlbr@incredibar.com [2013.03.16 18:49:16 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\ffxtlbr@mixidj.com [2013.03.16 06:06:39 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\noreply@u2bviews.com [2013.03.02 19:05:44 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\1lj4yh94.default\extensions\toolbar@ask.com [2013.04.01 02:25:42 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2013.02.20 13:18:44 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\extensions\pricepeep@getpricepeep.com.xpi [2013.01.18 20:40:08 | 000,002,402 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\bingp.xml [2013.02.15 19:01:42 | 000,000,580 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\EasyLife.xml [2013.03.16 06:52:43 | 000,002,376 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\icq.xml [2013.03.16 18:49:18 | 000,001,296 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\mixidj.xml [2013.01.28 17:04:43 | 000,002,203 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1lj4yh94.default\searchplugins\MyStart Search.xml [2013.03.05 18:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.05 18:14:49 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2013.02.10 08:56:23 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM [2013.03.16 18:49:21 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2013.01.28 21:03:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.28 21:03:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.16 18:49:10 | 000,006,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.01.28 21:03:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.28 21:03:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.28 21:03:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.28 21:03:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.28 21:03:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=404C00FFDEA70CCC CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: IB Updater = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\ CHR - Extension: Cut the Rope = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\ CHR - Extension: Ultimate Flash Sonic = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0\ CHR - Extension: Iminent = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.13.4.1_0\ CHR - Extension: Wajam = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: Break The Wall = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn\1.5_0\ CHR - Extension: PricePeep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.0.22_0\ CHR - Extension: Minecraft = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlpgoledhpdldmmhcgfcaecodnkmoiea\0.0.0.8_0\ CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll () O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe] C:\Users\User\AppData\Roaming\Adobe\color.vbe () O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [icq] C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [iDevice Manager Launcher] C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" File not found O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe () O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000011 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll (www.flyvpn.com) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.102 80.69.103.78 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93AC1449-00C3-4293-8E13-CA30B7F421E5}: DhcpNameServer = 80.69.100.102 80.69.103.78 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.21 10:33:27 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.09.28 20:22:49 | 000,000,074 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{04defebd-6240-11e2-9004-50465db5ab52}\Shell - "" = AutoRun O33 - MountPoints2\{04defebd-6240-11e2-9004-50465db5ab52}\Shell\AutoRun\command - "" = I:\Setup.exe -- [2011.09.28 20:22:49 | 000,618,212 | R--- | M] (Team17 ) O33 - MountPoints2\{685ecd30-5b65-11e2-acbe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{685ecd30-5b65-11e2-acbe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010.11.21 10:33:27 | 000,106,768 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.02 00:34:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Luigi's Mansion Dark Moon_ROM [2013.04.02 00:10:37 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Mep [2013.04.01 22:56:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\3DS Emulator 2.9.4 [2013.04.01 20:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar [2013.04.01 02:40:49 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\User\Desktop\procexp.exe [2013.04.01 02:22:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Exif Viewer [2013.04.01 02:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exif Viewer [2013.04.01 02:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exif Viewer [2013.04.01 02:21:40 | 000,000,000 | ---D | C] -- C:\Windows\uninstall [2013.03.30 20:13:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Raven's Roleplay 0.3x [2013.03.30 03:29:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.30 03:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.30 03:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.30 03:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.29 23:19:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV [2013.03.29 23:19:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\New Technology Studio [2013.03.29 23:19:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\New Technology Studio [2013.03.29 03:06:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2013.03.28 00:56:26 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Hasi =3 [2013.03.28 00:54:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\libimobiledevice [2013.03.28 00:53:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\7952b161783638652fd847e0607544d46321e8fa [2013.03.28 00:53:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\log [2013.03.28 00:53:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\4Videosoft Studio [2013.03.28 00:53:47 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\4Videosoft Studio [2013.03.28 00:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft [2013.03.28 00:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\4Videosoft Studio [2013.03.28 00:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4Videosoft Studio [2013.03.27 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Doctor Entertainment AB [2013.03.26 02:29:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.26 00:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.26 00:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.25 22:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\VideoCopilot [2013.03.25 21:36:57 | 000,000,000 | ---D | C] -- C:\adobeTemp [2013.03.25 00:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.03.21 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Battlefield 3 [2013.03.21 19:18:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ESN [2013.03.21 19:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2013.03.21 17:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.03.21 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2013.03.21 15:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 [2013.03.21 15:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3 [2013.03.21 15:07:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft Corporation [2013.03.21 15:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2013.03.21 14:35:55 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.21 14:35:55 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.21 14:35:55 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.21 14:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2013.03.21 14:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.03.21 14:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.03.21 14:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.03.21 14:23:18 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Visual Studio 2010 [2013.03.21 14:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2013.03.21 14:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2013.03.21 14:21:32 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2013.03.21 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2013.03.21 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2013.03.21 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2013.03.21 14:21:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.21 14:15:11 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.03.21 14:15:11 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.03.21 14:15:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.03.21 14:15:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.03.21 14:15:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.03.21 14:15:07 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.21 14:15:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.03.21 14:15:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.03.21 14:15:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.03.21 14:15:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.03.21 14:14:59 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.03.21 14:14:30 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.03.21 09:10:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.03.21 09:10:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.03.21 04:01:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.21 04:00:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.21 01:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.03.20 15:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag [2013.03.20 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tag [2013.03.18 18:35:53 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\da [2013.03.17 19:24:11 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Keybinder DELUXE [2013.03.17 19:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3 [2013.03.17 19:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2013.03.17 19:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.3 [2013.03.16 22:06:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\MINENKRAFT [2013.03.16 21:56:48 | 000,000,000 | ---D | C] -- C:\Users\User\jagexcache [2013.03.16 18:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortop SWF Resources Extractor [2013.03.16 18:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fortop SWF Resources Extractor [2013.03.16 18:51:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki [2013.03.16 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Pokki [2013.03.16 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.03.16 18:49:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\CRMixiDJTB [2013.03.16 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.03.16 18:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixidj [2013.03.16 18:49:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2013.03.16 18:49:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Wajam [2013.03.16 18:49:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon [2013.03.16 18:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.03.16 18:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2013.03.16 18:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep [2013.03.16 07:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2013.03.16 06:59:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ [2013.03.16 06:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M [2013.03.16 06:52:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.03.16 06:52:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQM [2013.03.16 06:52:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ-Profile [2013.03.16 06:03:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\U2bviews [2013.03.16 06:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\U2bviews [2013.03.14 22:01:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Any Video Converter [2013.03.14 21:59:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AnvSoft [2013.03.14 21:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2013.03.14 21:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2013.03.14 01:02:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 01:02:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 01:02:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 01:02:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 01:02:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 01:02:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 01:02:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 01:02:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 01:02:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 01:02:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 01:02:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 01:02:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 01:02:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 01:02:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.14 01:02:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.10 16:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.03.10 16:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17 [2013.03.10 03:50:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Games [2013.03.10 03:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2013.03.09 20:33:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HideIt 3.0 [2013.03.09 20:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Precise Logix [2013.03.08 00:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield [2013.03.07 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Audacity [2013.03.07 18:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013.03.07 17:22:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\collection [2013.03.06 23:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ [2013.03.06 23:58:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.03.06 23:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.03.06 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SimCity [2013.03.06 17:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FlyVPN [2013.03.06 17:06:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyVPN [2013.03.06 17:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlyVPN [2013.03.05 19:00:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Proxifier [2013.03.05 19:00:45 | 000,103,016 | ---- | C] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll [2013.03.05 19:00:45 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll [2013.03.05 19:00:45 | 000,076,392 | ---- | C] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll [2013.03.05 19:00:45 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll [2013.03.05 19:00:45 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SPORDER.DLL [2013.03.05 19:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier [2013.03.05 19:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier [2013.03.05 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PrivateTunnel [2013.03.05 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies [2013.03.05 18:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2013.03.05 18:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2013.03.05 18:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2013.03.05 18:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Hotspot Shield [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.02 00:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.02 00:31:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.02 00:16:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928150652-2756980015-3035233101-1000UA.job [2013.04.01 22:11:27 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 22:11:27 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 22:07:07 | 001,162,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.01 22:07:07 | 000,788,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.01 22:07:07 | 000,292,670 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.01 22:07:07 | 000,250,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.01 22:07:07 | 000,006,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.01 22:01:18 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.04.01 22:00:42 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.04.01 22:00:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.01 22:00:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.01 22:00:22 | 4280,901,630 | -HS- | M] () -- C:\hiberfil.sys [2013.04.01 19:16:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3928150652-2756980015-3035233101-1000Core.job [2013.04.01 18:49:43 | 000,000,000 | ---- | M] () -- C:\END [2013.04.01 06:55:19 | 000,008,918 | ---- | M] () -- C:\Users\User\Desktop\Skype-Logo-iOS.jpg [2013.04.01 02:21:46 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Exif Viewer.lnk [2013.03.31 23:55:36 | 000,317,168 | ---- | M] () -- C:\Users\User\Documents\2013-03-31_23.55.09.png [2013.03.31 19:11:13 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.31 19:11:13 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.31 19:10:52 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.03.26 17:20:34 | 004,923,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.26 05:34:36 | 000,003,584 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.24 17:20:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.21 15:55:28 | 000,000,114 | ---- | M] () -- C:\Users\User\SciTE.session [2013.03.21 14:35:42 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.21 14:35:42 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.21 14:35:42 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.21 04:07:34 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2013.03.21 04:07:34 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2013.03.17 19:29:18 | 000,000,356 | ---- | M] () -- C:\Users\User\Desktop\Wie kann man bei MTA San Andreas so schnell -Polizeikontrolle ....url [2013.03.17 19:01:59 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.03.16 22:38:50 | 000,000,001 | ---- | M] () -- C:\Users\User\random.dat [2013.03.16 22:02:49 | 000,000,045 | ---- | M] () -- C:\Users\User\jagex_cl_loginapplet_LIVE.dat [2013.03.16 21:56:48 | 000,000,043 | ---- | M] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat [2013.03.14 22:34:13 | 000,078,230 | ---- | M] () -- C:\Users\User\dd.camproj [2013.03.13 21:36:07 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 21:36:07 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.07 23:15:31 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.03.07 19:12:32 | 012,278,504 | ---- | M] () -- C:\Users\User\Documents\Calli Kartell feat. Alex McMeat - RaUsWeRfEn.wav [2013.03.06 23:58:16 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\SimCity™.lnk [2013.03.05 18:37:46 | 000,002,296 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.01 22:38:55 | 000,587,370 | ---- | C] () -- C:\Users\User\Desktop\IMG_0115.JPG [2013.04.01 06:55:19 | 000,008,918 | ---- | C] () -- C:\Users\User\Desktop\Skype-Logo-iOS.jpg [2013.04.01 02:21:46 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Exif Viewer.lnk [2013.03.31 23:55:35 | 000,317,168 | ---- | C] () -- C:\Users\User\Documents\2013-03-31_23.55.09.png [2013.03.29 03:14:43 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2013.03.25 21:39:42 | 000,001,202 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk [2013.03.21 15:55:28 | 000,000,114 | ---- | C] () -- C:\Users\User\SciTE.session [2013.03.17 19:29:18 | 000,000,356 | ---- | C] () -- C:\Users\User\Desktop\Wie kann man bei MTA San Andreas so schnell -Polizeikontrolle ....url [2013.03.17 19:01:59 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.03.16 22:02:49 | 000,000,045 | ---- | C] () -- C:\Users\User\jagex_cl_loginapplet_LIVE.dat [2013.03.16 21:56:48 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat [2013.03.16 21:56:48 | 000,000,001 | ---- | C] () -- C:\Users\User\random.dat [2013.03.16 18:51:35 | 000,002,131 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk [2013.03.16 18:49:05 | 000,000,000 | ---- | C] () -- C:\END [2013.03.15 18:42:29 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.14 22:11:44 | 000,078,230 | ---- | C] () -- C:\Users\User\dd.camproj [2013.03.07 19:11:28 | 012,278,504 | ---- | C] () -- C:\Users\User\Documents\Calli Kartell feat. Alex McMeat - RaUsWeRfEn.wav [2013.03.07 18:25:00 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.03.06 23:58:16 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\SimCity™.lnk [2013.03.06 18:41:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl [2013.03.05 19:00:45 | 000,057,448 | ---- | C] () -- C:\Windows\SysNative\PrxerNsp.dll [2013.03.05 19:00:45 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll [2013.03.05 18:37:46 | 000,002,296 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2013.03.05 18:37:46 | 000,001,373 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivateTunnel.lnk [2013.02.25 20:37:55 | 717,238,272 | ---- | C] () -- C:\Users\User\Best Of Squirt2.avi [2013.02.25 20:37:55 | 716,347,392 | ---- | C] () -- C:\Users\User\Best_of_Squirt1.avi [2013.02.12 01:44:22 | 000,188,783 | ---- | C] () -- C:\Users\User\ddd.camproj [2013.02.12 01:41:45 | 002,532,145 | ---- | C] () -- C:\Users\User\17-instructor-mooselini-s-rap.mp3 [2013.02.12 01:08:53 | 002,950,260 | ---- | C] () -- C:\Users\User\23-prince-fleaswallow-s-rap.mp3 [2013.02.10 18:26:13 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.07 17:10:35 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.04 22:03:03 | 001,303,865 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.16.png [2013.02.04 22:03:03 | 001,157,850 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.28.png [2013.02.04 22:03:03 | 001,061,311 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.10.png [2013.02.04 22:03:03 | 000,772,711 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.23.png [2013.02.04 22:03:03 | 000,260,252 | ---- | C] () -- C:\Users\User\2013-02-04_21.00.38.png [2013.02.04 22:03:03 | 000,249,800 | ---- | C] () -- C:\Users\User\2013-02-04_21.01.03.png [2013.02.04 03:18:16 | 000,000,046 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan [2013.02.02 12:02:51 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.02 12:02:06 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.02.02 12:02:06 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.26 02:03:34 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2013.01.25 23:13:55 | 000,006,438 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.23 17:15:42 | 000,837,206 | ---- | C] () -- C:\Users\User\IMG_1548.JPG [2013.01.23 17:15:42 | 000,674,443 | ---- | C] () -- C:\Users\User\IMG_1549.JPG [2013.01.23 16:42:33 | 000,703,104 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.30 18:23:03 | 000,798,716 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.30 18:22:53 | 000,201,920 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.06.30 18:22:15 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.05.25 04:27:25 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll [2011.05.25 04:27:17 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.05.25 04:26:54 | 000,028,814 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.05.25 04:18:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2006.09.26 14:00:02 | 000,000,294 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$R5R1QI2\c_images\stickers\l.gif [2006.09.26 14:00:02 | 000,000,403 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$R5R1QI2\c_images\stickers\n.gif [2006.09.26 12:00:02 | 000,000,294 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$RDSYY11\Hotel cms\c_images\stickers\l.gif [2006.09.26 12:00:02 | 000,000,403 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3928150652-2756980015-3035233101-1000\$RDSYY11\Hotel cms\c_images\stickers\n.gif [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >  |
|
02.04.2013, 08:24
| #6 |
| /// Helfer-Team | svchost Virus der viel CPU verbraucht Erschreckender Zustand. Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\User\AppData\Local\Temp\svchost.exe ()
MOD - C:\Users\User\AppData\Local\Temp\zlib1.dll ()
MOD - C:\Users\User\AppData\Local\Temp\libidn-11.dll ()
MOD - C:\Users\User\AppData\Local\Temp\libcurl-4.dll ()
MOD - C:\Users\User\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Users\User\AppData\Local\Pokki\Engine\chrome.dll ()
O4 - HKLM..\Run: [Adobe] C:\Users\User\AppData\Roaming\Adobe\color.vbe ()
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [icq] C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-3928150652-2756980015-3035233101-1000..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013.03.28 00:53:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\7952b161783638652fd847e0607544d46321e8fa
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\User\*.tmp
C:\Users\User\AppData\*.dll
C:\Users\User\AppData\*.exe
C:\Users\User\AppData\Local\Temp\*.exe
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ --> svchost Virus der viel CPU verbraucht |
|
02.04.2013, 17:40
| #7 |
| | svchost Virus der viel CPU verbraucht So, hab mal die Logfiles angehängt, das sind alle. Apropos, Was meinen sie mit "Erschreckender Zustand." ?  |
|
03.04.2013, 08:46
| #8 | |
| /// Helfer-Team | svchost Virus der viel CPU verbrauchtZitat:
Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
18.05.2013, 10:36
| #9 |
| /// Helfer-Team | svchost Virus der viel CPU verbraucht Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu svchost Virus der viel CPU verbraucht |
| adware.shopper, emsisoft, explorer, folgendes, gelöscht, heuristics.reserved.word.exploit, kommt immer wieder, manager, not-a-virus:risktool.win32.bitcoinminer.cid, ordner, risktool.win32.bitcoinminer, spielen, spr/bitcoin.f, svchost.exe, system, task manager, temp, trojan.agent.gen, trojan.win32.bitcoinminer.amn, virus, virustotal, win32/bitcoinminer.n, win32:pup-gen [pup] |
Linear-Darstellung
