GVU Trojaner mit Webcam

Dimon · 10.09.2012, 17:34

Okay, hier die log.txt:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-09-06.04 - Hitless 10.09.2012  17:48:59.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.8136.5996 [GMT 2:00]
ausgeführt von:: c:\users\Hitless\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\lol
c:\program files (x86)\lol\League of Legends\0x0407.ini
c:\program files (x86)\lol\League of Legends\0x0409.ini
c:\program files (x86)\lol\League of Legends\0x040a.ini
c:\program files (x86)\lol\League of Legends\0x040c.ini
c:\program files (x86)\lol\League of Legends\data1.cab
c:\program files (x86)\lol\League of Legends\data1.hdr
c:\program files (x86)\lol\League of Legends\data2.cab
c:\program files (x86)\lol\League of Legends\ISSetup.dll
c:\program files (x86)\lol\League of Legends\layout.bin
c:\program files (x86)\lol\League of Legends\setup.exe
c:\program files (x86)\lol\League of Legends\setup.ini
c:\program files (x86)\lol\League of Legends\setup.inx
c:\program files (x86)\lol\League of Legends\setup.isn
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\Roaming
c:\users\Hitless\AppData\Local\assembly\tmp
c:\users\Hitless\AppData\Local\Temp\wgsdgsdgdsgsd.exe
c:\users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\Hitless\AppData\Roaming\System
c:\users\Hitless\AppData\Roaming\System\tappls.eax
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-10 bis 2012-09-10  ))))))))))))))))))))))))))))))
.
.
2012-09-10 15:56 . 2012-09-10 15:56	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-10 15:56 . 2012-09-10 15:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-10 15:54 . 2012-09-10 15:54	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DF0DD26-468B-46B3-8C83-283E691406D6}\offreg.dll
2012-09-07 11:44 . 2012-09-07 11:44	--------	d-----w-	C:\_OTL
2012-09-07 11:31 . 2012-09-07 11:31	--------	d-----w-	c:\windows\system32\appmgmt
2012-09-05 08:43 . 2012-09-05 08:43	--------	d-----w-	c:\program files\CCleaner
2012-09-04 21:56 . 2012-09-04 21:56	--------	d-----w-	c:\users\Hitless\AppData\Roaming\Malwarebytes
2012-09-04 21:56 . 2012-09-05 08:42	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-04 21:56 . 2012-09-04 21:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-04 21:56 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-04 09:02 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DF0DD26-468B-46B3-8C83-283E691406D6}\mpengine.dll
2012-08-31 20:00 . 2012-08-31 20:00	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2012-08-31 19:59 . 2012-08-31 19:59	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2012-08-31 01:09 . 2012-08-31 01:09	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 15:17 . 2012-08-24 15:37	--------	d-----w-	c:\users\Hitless\AppData\Local\Darksiders
2012-08-24 15:16 . 2012-08-24 15:16	--------	d-----w-	c:\program files (x86)\THQ
2012-08-15 09:26 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-13 11:35 . 2012-08-13 11:35	5115584	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 08:40 . 2011-12-09 21:39	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-08-16 16:24 . 2012-04-20 07:45	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 16:24 . 2011-12-10 16:44	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:13 . 2012-02-01 22:19	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-15 16:58 . 2012-07-15 16:58	816	----a-w-	c:\windows\system32\backup3.reg
2012-07-15 16:58 . 2012-07-15 16:58	808	----a-w-	c:\windows\system32\backup2.reg
2012-07-15 16:58 . 2012-07-15 16:58	808	----a-w-	c:\windows\system32\backup1.reg
2012-07-15 16:58 . 2012-07-15 16:59	31232	----a-w-	c:\windows\system32\kbdneo2.dll
2012-07-02 07:37 . 2012-01-11 07:53	1423360	----a-w-	c:\windows\system32\incvo8bjx.tsp
2012-06-27 13:18 . 2012-06-03 11:54	26112	----a-w-	c:\windows\system32\drivers\pccsmcfdx64.sys
2012-06-20 11:53 . 2011-12-25 14:18	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-06-20 11:53 . 2011-12-25 14:18	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-06-20 11:53 . 2011-12-25 14:18	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-06-20 11:53 . 2011-12-25 14:18	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify Web Helper"="c:\users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-19 1193176]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Infium"="c:\program files (x86)\QIP 2012\qip.exe" [2012-03-15 7350736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 116648]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GPU-Z;GPU-Z;c:\users\Hitless\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 116648]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-12-09 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-08 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/05/20 20:29];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 17:40 146928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-18 499200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-18 869376]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-12-09 29792]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2011-01-04 534144]
S3 AVPolDIR;AVerMedia USB Polaris Series Dummy IR Service;c:\windows\system32\DRIVERS\AVPolDIR.sys [2011-01-04 7168]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-11-18 75264]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2011-03-23 8199016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 16:24]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 12:51]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 12:51]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job
- c:\users\Hitless\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:03]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job
- c:\users\Hitless\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-01-07 13:07	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-30 1605632]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-12-09 789920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.ask.com/?l=dis&o=15430
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Hitless\AppData\Roaming\Mozilla\Firefox\Profiles\biur54b3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4078036523-660427857-514968831-1000\Software\SecuROM\License information*]
"datasecu"=hex:ee,c2,5a,52,db,4e,34,c0,f3,a2,ce,5c,79,4d,da,ed,aa,b0,a6,0a,1c,
   e6,21,e1,d5,bf,4d,a2,10,57,61,9f,b0,22,c5,d2,4a,71,7c,0f,11,59,7c,28,3d,d4,\
"rkeysecu"=hex:b3,1e,39,48,ab,c3,e6,aa,84,74,5a,f0,08,26,cc,47
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-10  17:59:30
ComboFix-quarantined-files.txt  2012-09-10 15:59
.
Vor Suchlauf: 197.644.464.128 bytes free
Nach Suchlauf: 197.569.011.712 bytes free
.
- - End Of File - - 98397D7D167C3F824DD7677A4BC6B377
         
 --- --- ---

Psychotic · 11.09.2012, 10:04

Schritt 1: CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

http://www.trojaner-board.de/123525-gvu-trojaner-webcam-2.html#post912160

Driver::
Update-Service
Update-Service-Installer-Service

Collect::
C:\Windows\SysNative\pouawxp0u.dll
C:\Windows\SysWOW64\UpdSvc.dll
c:\windows\system32\incvo8bjx.tsp

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6D,52,6F,6F,74,25,5C,53,\
  79,73,74,65,6D,33,32,5C,64,6E,73,72,73,6C,76,72,2E,64,6C,6C,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6D,52,6F,6F,74,25,5C,53,\
  79,73,74,65,6D,33,32,5C,77,6B,73,73,76,63,2E,64,6C,6C,00

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2: Reg export

Drücke die Windows- und die R-Taste gleichzeitig.
Kopiere den Inhalt folgender codebox in das sich öffnende Fenster:

Code:

ATTFilter

regedit /e %userprofile%\Desktop\look.txt HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Auf deinem Desktop sollte sich nun eine look.txt befinden. Poste deren Inhalt ebenfalls hier!

Dimon · 11.09.2012, 11:36

Hi, hier die neue log.txt:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-09-11.01 - Hitless 11.09.2012  12:04:57.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.8136.6029 [GMT 2:00]
ausgeführt von:: c:\users\Hitless\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Hitless\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pouawxp0u.dll
c:\windows\system32\incvo8bjx.tsp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-11 bis 2012-09-11  ))))))))))))))))))))))))))))))
.
.
2012-09-11 10:11 . 2012-09-11 10:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-11 10:11 . 2012-09-11 10:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-07 11:44 . 2012-09-07 11:44	--------	d-----w-	C:\_OTL
2012-09-07 11:31 . 2012-09-07 11:31	--------	d-----w-	c:\windows\system32\appmgmt
2012-09-05 08:43 . 2012-09-05 08:43	--------	d-----w-	c:\program files\CCleaner
2012-09-04 21:56 . 2012-09-04 21:56	--------	d-----w-	c:\users\Hitless\AppData\Roaming\Malwarebytes
2012-09-04 21:56 . 2012-09-05 08:42	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-04 21:56 . 2012-09-04 21:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-04 21:56 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-04 09:02 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DF0DD26-468B-46B3-8C83-283E691406D6}\mpengine.dll
2012-08-31 20:00 . 2012-08-31 20:00	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2012-08-31 19:59 . 2012-08-31 19:59	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2012-08-31 01:09 . 2012-08-31 01:09	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 15:17 . 2012-08-24 15:37	--------	d-----w-	c:\users\Hitless\AppData\Local\Darksiders
2012-08-24 15:16 . 2012-08-24 15:16	--------	d-----w-	c:\program files (x86)\THQ
2012-08-15 09:26 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-13 11:35 . 2012-08-13 11:35	5115584	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 08:40 . 2011-12-09 21:39	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-08-16 16:24 . 2012-04-20 07:45	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 16:24 . 2011-12-10 16:44	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:13 . 2012-02-01 22:19	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-15 16:58 . 2012-07-15 16:58	816	----a-w-	c:\windows\system32\backup3.reg
2012-07-15 16:58 . 2012-07-15 16:58	808	----a-w-	c:\windows\system32\backup2.reg
2012-07-15 16:58 . 2012-07-15 16:58	808	----a-w-	c:\windows\system32\backup1.reg
2012-07-15 16:58 . 2012-07-15 16:59	31232	----a-w-	c:\windows\system32\kbdneo2.dll
2012-06-27 13:18 . 2012-06-03 11:54	26112	----a-w-	c:\windows\system32\drivers\pccsmcfdx64.sys
2012-06-20 11:53 . 2011-12-25 14:18	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-06-20 11:53 . 2011-12-25 14:18	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-06-20 11:53 . 2011-12-25 14:18	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-06-20 11:53 . 2011-12-25 14:18	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-09-10_15.56.49   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-09 13:45 . 2012-09-11 09:49	57534              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-11 09:49	33420              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 13:45 . 2012-09-11 09:49	16472              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4078036523-660427857-514968831-1000_UserData.bin
- 2011-12-09 12:46 . 2012-09-10 15:41	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 12:46 . 2012-09-11 10:13	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 12:46 . 2012-09-10 15:41	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 12:46 . 2012-09-11 10:13	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-11 10:13	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-10 15:41	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-11 21:32 . 2012-09-11 09:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-11 21:32 . 2012-09-10 15:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-11 21:32 . 2012-09-11 09:46	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-11 21:32 . 2012-09-10 15:40	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-11 21:32 . 2012-09-10 15:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-11 21:32 . 2012-09-11 09:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-16 10:23 . 2012-09-11 10:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-16 10:23 . 2012-09-10 15:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-16 10:23 . 2012-09-10 15:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-16 10:23 . 2012-09-11 10:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-11 10:12 . 2012-09-11 10:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-10 15:40 . 2012-09-10 15:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-11 10:12 . 2012-09-11 10:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-10 15:40 . 2012-09-10 15:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-09-10 15:45	718320              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-11 09:59	718320              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-11 09:59	146342              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-10 15:45	146342              c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-09 18:24	292180              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-11 10:11	292180              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-09 19:15 . 2012-09-09 18:24	9648404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4078036523-660427857-514968831-1000-8192.dat
+ 2011-12-09 19:15 . 2012-09-11 10:11	9648404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4078036523-660427857-514968831-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify Web Helper"="c:\users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-19 1193176]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Infium"="c:\program files (x86)\QIP 2012\qip.exe" [2012-03-15 7350736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GPU-Z;GPU-Z;c:\users\Hitless\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 116648]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-12-09 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-08 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/05/20 20:29];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 17:40 146928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-18 499200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-18 869376]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-12-09 29792]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2011-01-04 534144]
S3 AVPolDIR;AVerMedia USB Polaris Series Dummy IR Service;c:\windows\system32\DRIVERS\AVPolDIR.sys [2011-01-04 7168]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-11-18 75264]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2011-03-23 8199016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 16:24]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 12:51]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 12:51]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job
- c:\users\Hitless\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:03]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job
- c:\users\Hitless\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-01-07 13:07	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-30 1605632]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-12-09 789920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.ask.com/?l=dis&o=15430
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Hitless\AppData\Roaming\Mozilla\Firefox\Profiles\biur54b3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4078036523-660427857-514968831-1000\Software\SecuROM\License information*]
"datasecu"=hex:ee,c2,5a,52,db,4e,34,c0,f3,a2,ce,5c,79,4d,da,ed,aa,b0,a6,0a,1c,
   e6,21,e1,d5,bf,4d,a2,10,57,61,9f,b0,22,c5,d2,4a,71,7c,0f,11,59,7c,28,3d,d4,\
"rkeysecu"=hex:b3,1e,39,48,ab,c3,e6,aa,84,74,5a,f0,08,26,cc,47
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-11  12:21:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-11 10:21
.
Vor Suchlauf: 197.635.059.712 bytes free
Nach Suchlauf: 197.154.299.904 bytes free
.
- - End Of File - - 7014D5518591641CA830EF415D070E72
         
 --- --- ---
Hochladen war erfolgreich

Psychotic · 11.09.2012, 11:43

Reg export

Drücke die Windows- und die R-Taste gleichzeitig.
Kopiere den Inhalt folgender codebox in das sich öffnende Fenster:

Code:

ATTFilter

regedit /e %userprofile%\Desktop\look.txt HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost

Auf deinem Desktop sollte sich nun eine look.txt befinden. Poste deren Inhalt ebenfalls hier!

Dimon · 11.09.2012, 12:46

Irgendwie wurde per Befehl keine look.txt auf dem Desktop erstellt, da habe ich den Export per regedit manuell gemacht.
Hier die look.txt:

Code:

ATTFilter

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost
Class Name:        <NO CLASS>
Last Write Time:   11.12.2011 - 17:11
Value 0
  Name:            netsvcs
  Type:            REG_MULTI_SZ
  Data:            AeLookupSvc
                   CertPropSvc
                   SCPolicySvc
                   lanmanserver
                   gpsvc
                   AudioSrv
                   FastUserSwitchingCompatibility
                   Ias
                   Irmon
                   Nla
                   Ntmssvc
                   NWCWorkstation
                   Nwsapagent
                   Rasauto
                   Rasman
                   Remoteaccess
                   SENS
                   Sharedaccess
                   SRService
                   Tapisrv
                   Wmi
                   WmdmPmSp
                   TermService
                   wuauserv
                   BITS
                   ShellHWDetection
                   LogonHours
                   PCAudit
                   helpsvc
                   uploadmgr
                   iphlpsvc
                   msiscsi
                   schedule
                   SessionEnv
                   winmgmt
                   AppMgmt

Value 1
  Name:            LocalService
  Type:            REG_MULTI_SZ
  Data:            RemoteRegistry
                   WinHttpAutoProxySvc
                   sppuinotify
                   netprofm
                   WebClient

Value 2
  Name:            LocalSystemNetworkRestricted
  Type:            REG_MULTI_SZ
  Data:            Netman
                   AudioEndpointBuilder
                   dot3svc
                   WPDBusEnum
                   wlansvc

Value 3
  Name:            LocalServiceNoNetwork
  Type:            REG_MULTI_SZ
  Data:            PLA

Value 4
  Name:            rpcss
  Type:            REG_MULTI_SZ
  Data:            RpcSs

Value 5
  Name:            LocalServiceNetworkRestricted
  Type:            REG_MULTI_SZ
  Data:            AudioSrv
                   BthHFSrv
                   LmHosts
                   wscsvc
                   WPCSvc

Value 6
  Name:            LocalServiceAndNoImpersonation
  Type:            REG_MULTI_SZ
  Data:            SSDPSRV
                   upnphost
                   SCardSvr
                   TBS
                   QWAVE
                   wcncsvc

Value 7
  Name:            DcomLaunch
  Type:            REG_MULTI_SZ
  Data:            Power
                   PlugPlay
                   DcomLaunch

Value 8
  Name:            NetworkService
  Type:            REG_MULTI_SZ
  Data:            CryptSvc
                   DHCP
                   TermService
                   DNSCache
                   NapAgent
                   nlasvc
                   WinRM
                   WECSVC
                   Tapisrv

Value 9
  Name:            imgsvc
  Type:            REG_MULTI_SZ
  Data:            StiSvc

Value 10
  Name:            wcssvc
  Type:            REG_MULTI_SZ
  Data:            WcsPlugInService

Value 11
  Name:            Update-Service-Installer-Service
  Type:            REG_MULTI_SZ
  Data:            Update-Service-Installer-Service

Value 12
  Name:            Update-Service
  Type:            REG_MULTI_SZ
  Data:            Update-Service


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            AuthenticationCapabilities
  Type:            REG_DWORD
  Data:            0x2000

Value 1
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            AuthenticationCapabilities
  Type:            REG_DWORD
  Data:            0x2000

Value 1
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted
Class Name:        <NO CLASS>
Last Write Time:   10.09.2012 - 17:56
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            DefaultRpcStackSize
  Type:            REG_DWORD
  Data:            0x40


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            AuthenticationCapabilities
  Type:            REG_DWORD
  Data:            0x3020

Value 1
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            DefaultRpcStackSize
  Type:            REG_DWORD
  Data:            0x1c


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            AuthenticationCapabilities
  Type:            REG_DWORD
  Data:            0x2000

Value 2
  Name:            AuthenticationLevel
  Type:            REG_DWORD
  Data:            0x6


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            AuthenticationCapabilities
  Type:            REG_DWORD
  Data:            0x2000

Value 2
  Name:            AuthenticationLevel
  Type:            REG_DWORD
  Data:            0x6


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc
Class Name:        <NO CLASS>
Last Write Time:   14.07.2009 - 06:53
Value 0
  Name:            CoInitializeSecurityParam
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            CoInitializeSecurityAppID
  Type:            REG_SZ
  Data:            {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}

Psychotic · 11.09.2012, 18:14

Schritt 1: CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von dem folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

KILLALL:
REGISTRY::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2: Custom scan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Dimon · 11.09.2012, 22:04

Combofix:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-09-11.02 - Hitless 11.09.2012  20:10:35.3.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.8136.6006 [GMT 2:00]
ausgeführt von:: c:\users\Hitless\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Hitless\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-11 bis 2012-09-11  ))))))))))))))))))))))))))))))
.
.
2012-09-11 18:16 . 2012-09-11 18:16	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-11 18:16 . 2012-09-11 18:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-07 11:44 . 2012-09-07 11:44	--------	d-----w-	C:\_OTL
2012-09-07 11:31 . 2012-09-07 11:31	--------	d-----w-	c:\windows\system32\appmgmt
2012-09-05 08:43 . 2012-09-05 08:43	--------	d-----w-	c:\program files\CCleaner
2012-09-04 21:56 . 2012-09-04 21:56	--------	d-----w-	c:\users\Hitless\AppData\Roaming\Malwarebytes
2012-09-04 21:56 . 2012-09-05 08:42	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-04 21:56 . 2012-09-04 21:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-04 21:56 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-04 09:02 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DF0DD26-468B-46B3-8C83-283E691406D6}\mpengine.dll
2012-08-31 20:00 . 2012-08-31 20:00	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2012-08-31 19:59 . 2012-08-31 19:59	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2012-08-31 01:09 . 2012-08-31 01:09	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 15:17 . 2012-08-24 15:37	--------	d-----w-	c:\users\Hitless\AppData\Local\Darksiders
2012-08-24 15:16 . 2012-08-24 15:16	--------	d-----w-	c:\program files (x86)\THQ
2012-08-15 09:26 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-13 11:35 . 2012-08-13 11:35	5115584	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 08:40 . 2011-12-09 21:39	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-08-16 16:24 . 2012-04-20 07:45	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 16:24 . 2011-12-10 16:44	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:13 . 2012-02-01 22:19	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-15 16:58 . 2012-07-15 16:58	816	----a-w-	c:\windows\system32\backup3.reg
2012-07-15 16:58 . 2012-07-15 16:58	808	----a-w-	c:\windows\system32\backup2.reg
2012-07-15 16:58 . 2012-07-15 16:58	808	----a-w-	c:\windows\system32\backup1.reg
2012-07-15 16:58 . 2012-07-15 16:59	31232	----a-w-	c:\windows\system32\kbdneo2.dll
2012-06-27 13:18 . 2012-06-03 11:54	26112	----a-w-	c:\windows\system32\drivers\pccsmcfdx64.sys
2012-06-20 11:53 . 2011-12-25 14:18	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-06-20 11:53 . 2011-12-25 14:18	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-06-20 11:53 . 2011-12-25 14:18	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-06-20 11:53 . 2011-12-25 14:18	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-09-10_15.56.49   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-09 13:45 . 2012-09-11 18:19	57952              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-11 18:19	33468              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 13:45 . 2012-09-11 18:19	16788              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4078036523-660427857-514968831-1000_UserData.bin
- 2011-12-09 12:46 . 2012-09-10 15:41	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 12:46 . 2012-09-11 18:17	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 12:46 . 2012-09-10 15:41	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 12:46 . 2012-09-11 18:17	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-10 15:41	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-11 18:17	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-11 21:32 . 2012-09-11 09:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-11 21:32 . 2012-09-10 15:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-11 21:32 . 2012-09-11 09:46	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-11 21:32 . 2012-09-10 15:40	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-11 21:32 . 2012-09-10 15:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-11 21:32 . 2012-09-11 09:46	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-16 10:23 . 2012-09-10 15:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-16 10:23 . 2012-09-11 18:14	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-16 10:23 . 2012-09-11 18:14	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-16 10:23 . 2012-09-10 15:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-17 16:14 . 2012-09-11 11:32	5774              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-09-11 18:16 . 2012-09-11 18:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-10 15:40 . 2012-09-10 15:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-11 18:16 . 2012-09-11 18:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-10 15:40 . 2012-09-10 15:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-09 14:52 . 2012-09-11 11:25	380064              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-10 15:45	718320              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-11 11:38	718320              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-11 11:38	146342              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-10 15:45	146342              c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-09-05 14:13	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-09-11 10:22	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-09-11 18:16	292180              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-09 18:24	292180              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-09 19:15 . 2012-09-11 18:16	9648404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4078036523-660427857-514968831-1000-8192.dat
- 2011-12-09 19:15 . 2012-09-09 18:24	9648404              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4078036523-660427857-514968831-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify Web Helper"="c:\users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-19 1193176]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Infium"="c:\program files (x86)\QIP 2012\qip.exe" [2012-03-15 7350736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GPU-Z;GPU-Z;c:\users\Hitless\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 116648]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-12-09 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-08 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/05/20 20:29];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 17:40 146928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-18 499200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-18 869376]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-12-09 29792]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2011-01-04 534144]
S3 AVPolDIR;AVerMedia USB Polaris Series Dummy IR Service;c:\windows\system32\DRIVERS\AVPolDIR.sys [2011-01-04 7168]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-11-18 75264]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2011-03-23 8199016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 16:24]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 12:51]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 12:51]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job
- c:\users\Hitless\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:03]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job
- c:\users\Hitless\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\Hitless\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-01-07 13:07	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-30 1605632]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-12-09 789920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.ask.com/?l=dis&o=15430
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Hitless\AppData\Roaming\Mozilla\Firefox\Profiles\biur54b3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4078036523-660427857-514968831-1000\Software\SecuROM\License information*]
"datasecu"=hex:ee,c2,5a,52,db,4e,34,c0,f3,a2,ce,5c,79,4d,da,ed,aa,b0,a6,0a,1c,
   e6,21,e1,d5,bf,4d,a2,10,57,61,9f,b0,22,c5,d2,4a,71,7c,0f,11,59,7c,28,3d,d4,\
"rkeysecu"=hex:b3,1e,39,48,ab,c3,e6,aa,84,74,5a,f0,08,26,cc,47
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-11  20:23:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-11 18:23
ComboFix2.txt  2012-09-11 10:23
.
Vor Suchlauf: 197.015.175.168 bytes free
Nach Suchlauf: 196.932.632.576 bytes free
.
- - End Of File - - AF76E67864A432BCD8E6DDA228A30146
         
 --- --- ---

OTL. Diesmal keine Extra.txt bei:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.09.2012 20:44:12 - Run 4
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Hitless\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,39% Memory free
15,89 Gb Paging File | 13,70 Gb Available in Paging File | 86,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 502,14 Gb Total Space | 183,52 Gb Free Space | 36,55% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 188,67 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 6,87 Gb Free Space | 92,21% Space Free | Partition Type: FAT32
 
Computer Name: YEAH-PC | User Name: Hitless | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hitless\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ab35163db89cc1062851c42f90151ef\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b81e3e084d74df5d723dd33d6b9a2dff\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (WCMVCAM) -- C:\Windows\SysNative\drivers\wcmvcam64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AVPolDIR) -- C:\Windows\SysNative\drivers\AVPolDIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (AVerPola) -- C:\Windows\SysNative\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15430
IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\SearchScopes\{26D3E265-8919-495E-815F-448819DD8BF1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=60ee8282-04d8-44f6-a465-152e0e5ed252&apn_sauid=BD50D608-5F7B-4D01-BE41-FB4063705327
IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.09 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Extensions
[2012.09.04 17:36:23 | 000,002,323 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\Mozilla\Firefox\Profiles\biur54b3.default\searchplugins\askcom.xml
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.27 10:25:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.31 03:09:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 07:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 03:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 07:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 07:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 07:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 07:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp\1.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.09.11 12:11:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP)
O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [Spotify Web Helper] C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4078036523-660427857-514968831-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4078036523-660427857-514968831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4078036523-660427857-514968831-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\tnnsvqxhl.dll File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162B4ED2-46CB-40DE-A088-478E14DD0097}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6533412C-6187-47D8-B091-3724CD296A69}: DhcpNameServer = 131.234.137.24 131.234.137.23
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.01 16:35:42 | 000,008,192 | ---- | M] (Microsoft) - G:\AutoOff.exe -- [ FAT32 ]
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.11 20:37:32 | 000,000,000 | R--D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012.09.11 20:23:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.11 20:17:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.09.11 20:06:20 | 004,759,433 | R--- | C] (Swearware) -- C:\Users\Hitless\Desktop\ComboFix.exe
[2012.09.10 17:46:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.10 17:46:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.10 17:46:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.10 17:46:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.10 17:46:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.07 13:44:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.07 13:31:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.09.05 16:08:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe
[2012.09.05 16:03:53 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe
[2012.09.05 13:59:48 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.04 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Malwarebytes
[2012.09.04 23:56:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.04 17:36:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.08.31 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.08.31 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.08.31 21:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.08.24 17:17:25 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Local\Darksiders
[2012.08.24 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.08.24 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.08.19 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harpsoft
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 20:44:15 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 20:44:15 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 20:41:06 | 000,872,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.11 20:41:06 | 000,718,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.11 20:41:06 | 000,146,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.11 20:37:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.11 20:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 20:36:13 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.11 20:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.11 20:23:31 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job
[2012.09.11 20:03:10 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.11 20:00:24 | 004,759,433 | R--- | M] (Swearware) -- C:\Users\Hitless\Desktop\ComboFix.exe
[2012.09.11 17:23:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job
[2012.09.11 12:11:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.05 18:20:34 | 000,000,512 | ---- | M] () -- C:\Users\Hitless\Desktop\MBR.dat
[2012.09.05 16:05:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe
[2012.09.05 16:00:56 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe
[2012.09.05 13:55:38 | 000,511,265 | ---- | M] () -- C:\Users\Hitless\Desktop\adwcleaner.exe
[2012.09.04 18:14:48 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe
[2012.08.19 11:07:39 | 000,000,556 | ---- | M] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.08.15 11:39:54 | 000,306,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.10 17:46:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.10 17:46:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.10 17:46:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.10 17:46:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.10 17:46:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.05 18:20:34 | 000,000,512 | ---- | C] () -- C:\Users\Hitless\Desktop\MBR.dat
[2012.09.05 13:59:48 | 000,511,265 | ---- | C] () -- C:\Users\Hitless\Desktop\adwcleaner.exe
[2012.08.19 11:07:38 | 000,000,556 | ---- | C] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.04.20 23:19:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.04.20 22:59:06 | 000,039,620 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.02.01 19:19:00 | 000,000,749 | ---- | C] () -- C:\Users\Hitless\.recently-used.xbel
[2012.01.07 15:07:37 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:04 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2011.12.16 16:14:52 | 000,000,600 | ---- | C] () -- C:\Users\Hitless\AppData\Local\PUTTY.RND
[2011.12.11 13:29:05 | 000,000,017 | ---- | C] () -- C:\Users\Hitless\AppData\Local\resmon.resmoncfg
[2011.12.10 20:59:19 | 000,000,032 | ---- | C] () -- C:\Users\Hitless\.simfy
[2011.12.09 15:23:32 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.09 15:18:36 | 000,858,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.09 14:59:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.09 14:59:37 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.09 14:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.03.01 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\.minecraft
[2011.12.10 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Atari
[2012.08.10 12:17:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Audacity
[2012.08.01 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\BCGameTime
[2012.08.09 22:23:06 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock
[2012.08.24 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock2
[2012.05.06 03:38:11 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\calibre
[2012.09.05 10:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DAEMON Tools Lite
[2012.05.01 20:51:36 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2012.04.24 10:02:22 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dev-Cpp
[2012.09.05 10:36:08 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dropbox
[2012.07.31 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Foxit Software
[2012.02.01 19:19:00 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\geany
[2011.12.09 23:38:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Leadertech
[2012.07.12 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\LolClient
[2012.06.03 14:01:53 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia
[2012.06.03 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia Suite
[2012.01.08 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Notepad++
[2012.01.31 18:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\OpenOffice.org
[2012.06.03 14:03:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\PC Suite
[2011.12.16 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\QIP
[2012.07.09 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\runic games
[2011.12.10 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Simfy
[2012.09.11 14:11:26 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Spotify
[2012.08.01 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TIPP10
[2012.09.05 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TS3Client
[2012.02.10 15:48:44 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WebcamMax
[2012.03.20 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WinEdt Team
[2012.02.01 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\xm1
[2012.09.03 01:01:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers

 >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers

 >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
 >
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
 >
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
"ServiceMain" = SetAccessPolicy
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com

 >
 
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost

 >
"netsvcs" = [Binary data over 100 bytes]
"LocalService" = [Binary data over 100 bytes]
"LocalSystemNetworkRestricted" = [Binary data over 100 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = [Binary data over 100 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< %SystemRoot%\system32\*.tsp
 >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< %SystemRoot%\system32\*.tsp /64

 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.20 15:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
 
< C:\Windows\system32\*.dll /360

 >
[2012.01.07 15:07:04 | 001,044,480 | ---- | M] () -- C:\Windows\system32\3DImageRenderer.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | M] () -- C:\Windows\system32\Apblend.dll
[2012.01.07 15:07:37 | 000,011,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\biologon.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.01.07 15:07:37 | 001,025,376 | ---- | M] (Lenovo) -- C:\Windows\system32\CamOpEx.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2011.12.09 19:29:32 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32\CmdLineExt_x64.dll
[2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2012.01.07 15:07:04 | 003,727,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3dx9_35.dll
[2012.05.04 19:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.01.07 15:07:04 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\Windows\system32\DevIL.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2012.06.27 07:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012.06.27 07:50:44 | 002,073,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.06.27 07:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.01.07 15:07:04 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\Windows\system32\ILU.dll
[2012.01.07 15:07:04 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\Windows\system32\ILUT.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012.01.07 15:07:37 | 001,394,016 | ---- | M] (Lenovo) -- C:\Windows\system32\Imagereog.dll
[2012.06.16 06:26:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2012.06.27 07:50:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.01.07 15:07:37 | 000,025,952 | ---- | M] (Lenovo) -- C:\Windows\system32\Lenovo.Veriface.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | M] () -- C:\Windows\system32\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:37 | 002,086,240 | ---- | M] () -- C:\Windows\system32\LenovoVeriface.Interface.dll
[2012.02.02 00:17:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll
[2012.06.27 07:51:29 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012.06.27 07:51:30 | 006,027,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2012.06.27 07:51:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2012.05.20 20:26:58 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp71.dll
[2012.05.20 20:26:58 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr71.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.05.20 20:26:58 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3a.dll
[2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.05.04 19:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2011.11.08 05:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll
[2011.11.08 05:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll
[2011.11.08 05:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll
[2011.11.08 05:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll
[2011.11.08 05:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll
[2011.11.08 05:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll
[2011.11.08 05:51:00 | 000,301,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdecodemft.dll
[2011.11.08 05:51:00 | 000,203,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvinit.dll
[2011.11.08 05:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll
[2011.11.08 05:51:00 | 000,330,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoptimusmft.dll
[2011.11.08 05:51:00 | 000,716,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvumdshim.dll
[2011.11.08 05:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll
[2011.11.08 05:51:00 | 000,484,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\oemdspif.dll
[2012.06.20 13:53:19 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\system32\OpenAL32.dll
[2011.11.08 05:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | M] () -- C:\Windows\system32\PicNotify.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | M] () -- C:\Windows\system32\SIntf16.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | M] () -- C:\Windows\system32\SIntf32.dll
[2012.04.20 23:19:25 | 000,021,840 | ---- | M] () -- C:\Windows\system32\SIntfNT.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.01.07 15:07:37 | 002,278,752 | ---- | M] (TODO: <Company name>) -- C:\Windows\system32\TakeSnpshot.dll
[2011.11.05 06:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2012.06.27 07:53:05 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2012.06.27 07:53:05 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.06.16 06:26:57 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2012.06.27 07:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.06.20 13:53:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\system32\wrap_oal.dll
[2011.09.28 18:45:42 | 015,453,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\xlive.dll
[2011.09.28 18:45:42 | 013,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\xlivefnt.dll
 
< C:\Windows\SysNative\*.dll /360

 >
[2012.01.07 15:07:36 | 001,510,752 | ---- | M] () -- C:\Windows\SysNative\Apblend64.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.01.09 17:28:20 | 000,166,912 | ---- | M] (Nokia) -- C:\Windows\SysNative\ccdcmbwux64.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.04.24 07:37:36 | 001,462,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.04.24 07:37:37 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.04.24 07:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2011.10.26 07:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.11.08 20:40:34 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.03 08:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.11.08 05:51:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
[2011.10.15 08:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.01.07 15:07:36 | 000,783,712 | ---- | M] () -- C:\Windows\SysNative\EncIcons.dll
[2012.01.07 15:07:36 | 001,508,192 | ---- | M] () -- C:\Windows\SysNative\IcnOvrly.dll
[2012.06.27 09:02:40 | 012,297,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2012.06.27 09:02:41 | 002,453,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2012.06.27 09:02:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.01.07 15:07:36 | 001,769,312 | ---- | M] (Lenovo) -- C:\Windows\SysNative\imagereog.dll
[2012.06.16 07:15:56 | 000,911,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.27 09:02:52 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.07.15 18:58:23 | 000,031,232 | ---- | M] (neo-layout.org) -- C:\Windows\SysNative\kbdneo2.dll
[2012.01.07 15:07:37 | 000,562,016 | ---- | M] () -- C:\Windows\SysNative\Lenovo.VerifaceStub.dll
[2011.12.09 15:47:25 | 000,279,968 | ---- | M] (Lenovo) -- C:\Windows\SysNative\LenovoSdk.OKTDLL.dll
[2011.12.09 15:45:21 | 000,019,872 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Windows\SysNative\LenovoSDKEmSubSystem.dll
[2012.01.07 15:07:37 | 002,432,352 | ---- | M] () -- C:\Windows\SysNative\LenovoVeriface.Interface.dll
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2011.11.17 08:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.02.02 00:17:21 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.06.27 09:03:29 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.27 09:03:32 | 009,059,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2012.06.27 09:03:32 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.06.06 08:06:16 | 001,881,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.06.06 08:06:16 | 002,004,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.06.02 07:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.01.09 17:28:20 | 000,057,856 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll
[2012.01.09 17:28:20 | 000,640,000 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdcoclsx64.dll
[2011.11.08 20:40:40 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2011.11.17 08:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2011.11.08 05:51:00 | 001,349,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2011.11.08 05:51:00 | 000,055,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2011.11.08 05:51:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.11.08 05:51:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.11.08 05:51:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.11.08 05:51:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.11.08 05:51:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.11.08 05:51:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.11.08 05:51:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.11.08 05:51:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2011.11.08 05:51:00 | 001,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011.11.08 05:51:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011.11.08 05:51:00 | 000,241,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2011.11.08 05:51:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.11.08 05:51:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.11.08 05:51:00 | 000,371,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoptimusmft.dll
[2011.11.08 05:51:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.11.08 05:51:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.11.08 05:51:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.11.08 05:51:00 | 000,860,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2011.11.08 05:51:00 | 008,792,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.06.20 13:53:19 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.11.08 05:51:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.11.19 16:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.06.03 00:36:32 | 000,354,304 | ---- | M] () -- C:\Windows\SysNative\pouawxp0u.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2011.10.26 07:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011.10.26 07:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2011.11.17 08:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.01.07 15:07:36 | 000,628,064 | ---- | M] () -- C:\Windows\SysNative\SimpleExt.dll
[2012.01.07 15:07:37 | 000,628,064 | ---- | M] () -- C:\Windows\SysNative\SimpleExt64.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2011.11.17 08:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011.11.17 08:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.07 15:07:37 | 002,822,496 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\TakeSnpshot.dll
[2011.11.05 07:32:50 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2012.06.27 09:06:35 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.27 09:06:36 | 001,494,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.06.16 07:16:04 | 000,609,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.01.09 17:28:26 | 001,721,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01009.dll
[2011.11.17 08:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.02.11 08:43:47 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.06.27 09:06:53 | 001,188,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2012.03.01 08:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2012.06.20 13:53:19 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.04.22 13:51:40 | 002,152,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFUpdate_01009.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
 
< C:\Windows\SysWOW64\*.dll /360

 >
[2012.01.07 15:07:04 | 001,044,480 | ---- | M] () -- C:\Windows\SysWOW64\3DImageRenderer.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | M] () -- C:\Windows\SysWOW64\Apblend.dll
[2012.01.07 15:07:37 | 000,011,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\biologon.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.01.07 15:07:37 | 001,025,376 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\CamOpEx.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2011.12.09 19:29:32 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWOW64\CmdLineExt_x64.dll
[2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2012.01.07 15:07:04 | 003,727,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx9_35.dll
[2012.05.04 19:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.01.07 15:07:04 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\DevIL.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EncDec.dll
[2012.06.27 07:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2012.06.27 07:50:44 | 002,073,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2012.06.27 07:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.01.07 15:07:04 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\ILU.dll
[2012.01.07 15:07:04 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\ILUT.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2012.01.07 15:07:37 | 001,394,016 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\Imagereog.dll
[2012.06.16 06:26:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2012.06.27 07:50:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.01.07 15:07:37 | 000,025,952 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\Lenovo.Veriface.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | M] () -- C:\Windows\SysWOW64\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:37 | 002,086,240 | ---- | M] () -- C:\Windows\SysWOW64\LenovoVeriface.Interface.dll
[2012.02.02 00:17:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msclmd.dll
[2012.06.27 07:51:29 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2012.06.27 07:51:30 | 006,027,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2012.06.27 07:51:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2012.05.20 20:26:58 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
[2012.05.20 20:26:58 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.05.20 20:26:58 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3a.dll
[2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.05.04 19:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npDeployJava1.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
[2011.11.08 05:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll
[2011.11.08 05:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcompiler.dll
[2011.11.08 05:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuda.dll
[2011.11.08 05:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvenc.dll
[2011.11.08 05:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvid.dll
[2011.11.08 05:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll
[2011.11.08 05:51:00 | 000,301,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvdecodemft.dll
[2011.11.08 05:51:00 | 000,203,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvinit.dll
[2011.11.08 05:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoglv32.dll
[2011.11.08 05:51:00 | 000,330,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoptimusmft.dll
[2011.11.08 05:51:00 | 000,716,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvumdshim.dll
[2011.11.08 05:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll
[2011.11.08 05:51:00 | 000,484,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\oemdspif.dll
[2012.06.20 13:53:19 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWOW64\OpenAL32.dll
[2011.11.08 05:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWOW64\OpenCL.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\packager.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | M] () -- C:\Windows\SysWOW64\PicNotify.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | M] () -- C:\Windows\SysWOW64\SIntf16.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | M] () -- C:\Windows\SysWOW64\SIntf32.dll
[2012.04.20 23:19:25 | 000,021,840 | ---- | M] () -- C:\Windows\SysWOW64\SIntfNT.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.01.07 15:07:37 | 002,278,752 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysWOW64\TakeSnpshot.dll
[2011.11.05 06:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2012.06.27 07:53:05 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2012.06.27 07:53:05 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.06.16 06:26:57 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
[2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2012.06.27 07:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2012.06.20 13:53:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWOW64\wrap_oal.dll
[2011.09.28 18:45:42 | 015,453,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xlive.dll
[2011.09.28 18:45:42 | 013,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xlivefnt.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >

--- --- ---

[/CODE]

Psychotic · 11.09.2012, 22:37

Schritt 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
C:\Windows\SysNative\pouawxp0u.dll
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Dimon · 12.09.2012, 09:04

Zu Schritt 1: Ich hab es gestartet und kurz dadrauf kam ein "BlueScreen" wo stand das Windows gestoppt wurde oder aufhörte zu arbeiten.

Nachdem Neustart habe ich trotzdem Schritt 2 gemacht. Das ist das Ergebnis:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Hitless :: YEAH-PC [administrator]

11.09.2012 23:52:41
mbam-log-2012-09-11 (23-52-41).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 500804
Time elapsed: 1 hour(s), 41 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Qoobox\Quarantine\C\Users\Hitless\AppData\Local\Temp\wgsdgsdgdsgsd.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Hitless\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\4e8d9846-224bff4e (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

Psychotic · 12.09.2012, 09:26

Gut, dann eben so:

Schritt 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
[2012.06.03 00:36:32 | 000,354,304 | ---- | M] () -- C:\Windows\SysNative\pouawxp0u.dll
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

:Files
C:\Windows\system32\tnnsvqxhl.dll /lsp

:Commands
[reboot]
[emptyjava]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Dimon · 12.09.2012, 10:05

1. Versuch: Range Check Error. Und Avira (habs vergessen aus zu machen) muckt auf das es den Mediyes Trojaner im Moved Ordner von OTL gefunden hat (OTL hat es versucht in Quaratäne zu bringen?). Dachte Avira stört.

2. Versuch: Ohne Avira. Einfach nur Range Check Error.

Psychotic · 12.09.2012, 10:15

OK, warte bitte noch einmal. Den GVU-Trojaner sind wir lange los aber Mediyes hat noch Spuren hinterlassen. Die Infektion ist hartnäckig und selten, deshalb müssen wir uns intern absprechen, um dir die bestmögliche Hilfe zukommen lassen zu können!

Psychotic · 12.09.2012, 10:40

Ein Rest des Schädlings hat sich noch in einem schwer erreichbaren Teil des Betriebssystems eingenistet, den müssen wir noch erledigen!

Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

:Files
tnnsvqxhl.dll /lsp
C:\Windows\SysNative\pouawxp0u.dll

:Commands
[reboot]
[emptyjava]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Dimon · 12.09.2012, 14:44

Vielen Dank wegen dem GVU Trojaner. Heisst das, dass ich mit dem Laptop jetzt wieder ins Internet kann oder sollte ich wegen dem Mediyes Trojaner lieber noch nicht?

Zum Fix:
Beim ersten Versuch hat er etwa eine Stunde an einer Stelle gescannt(Statusleiste hat sich nicht geändert). Ich dachte der ist wieder stecken geblieben oder ähnliches, also habe ich OTL geschlossen und noch einmal versucht den Fix zu starten. Dann kam gleich wieder der Range Check Error.
Wie lange sollte so ein Fix den ungefähr dauern?

Psychotic · 12.09.2012, 18:27

Nur wenige Sekunden! Wir müssen das Problem mal eingrenzen...nimm folgenden Fix:

Code:

ATTFilter

:Files
tnnsvqxhl.dll /lsp
C:\Windows\SysNative\pouawxp0u.dll

:Commands
[reboot]

GVU Trojaner mit Webcam

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Webcam