| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit WebcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.09.2012, 21:34
| #31 |
 |  GVU Trojaner mit Webcam Immer noch Range Check Error |
|
13.09.2012, 12:04
| #32 |
| /// Malwareteam    | GVU Trojaner mit Webcam Schritt 1: LSP-Fix
__________________Bitte downloade dir LSPFix
Schritt 2: Custom scan zur Kontrolle
Code:
ATTFilter HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
__________________ |
|
13.09.2012, 17:41
| #33 |
| | GVU Trojaner mit Webcam OTL.txt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.09.2012 18:00:22 - Run 5 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Hitless\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 75,06% Memory free 15,89 Gb Paging File | 13,69 Gb Available in Paging File | 86,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 502,14 Gb Total Space | 181,73 Gb Free Space | 36,19% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 188,67 Gb Free Space | 96,60% Space Free | Partition Type: NTFS Drive G: | 7,45 Gb Total Space | 6,87 Gb Free Space | 92,20% Space Free | Partition Type: FAT32 Computer Name: YEAH-PC | User Name: Hitless | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hitless\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\QIP 2012\qip.exe (QIP) PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ab35163db89cc1062851c42f90151ef\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b81e3e084d74df5d723dd33d6b9a2dff\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\QIP 2012\Protos\Social\Social.dll () MOD - C:\Program Files (x86)\QIP 2012\Protos\MRA\pics.dll () MOD - C:\Program Files (x86)\QIP 2012\Protos\MRA\mra.dll () MOD - C:\Program Files (x86)\QIP 2012\Protos\InfICQ\inficq.dll () MOD - C:\Program Files (x86)\QIP 2012\Plugins\Win7Helper\Win7Helper.dll () MOD - C:\Program Files (x86)\QIP 2012\Plugins\cards\cards.dll () MOD - C:\Program Files (x86)\QIP 2012\Core\voip.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll () ========== Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.) SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (WCMVCAM) -- C:\Windows\SysNative\drivers\wcmvcam64.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AVPolDIR) -- C:\Windows\SysNative\drivers\AVPolDIR.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (AVerPola) -- C:\Windows\SysNative\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15430 IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\SearchScopes\{26D3E265-8919-495E-815F-448819DD8BF1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=60ee8282-04d8-44f6-a465-152e0e5ed252&apn_sauid=BD50D608-5F7B-4D01-BE41-FB4063705327 IE - HKU\S-1-5-21-4078036523-660427857-514968831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.09 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Extensions [2012.09.04 17:36:23 | 000,002,323 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\mozilla\firefox\profiles\biur54b3.default\searchplugins\askcom.xml [2012.07.04 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.08.27 10:25:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.04 10:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.31 03:09:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.23 07:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 03:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 07:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 07:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 07:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 07:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp\1.0_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.5_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.0_0\ CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.09.11 12:11:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-4078036523-660427857-514968831-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP) O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [Spotify Web Helper] C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4078036523-660427857-514968831-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4078036523-660427857-514968831-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4078036523-660427857-514968831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4078036523-660427857-514968831-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162B4ED2-46CB-40DE-A088-478E14DD0097}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6533412C-6187-47D8-B091-3724CD296A69}: DhcpNameServer = 131.234.137.24 131.234.137.23 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.02.01 16:35:42 | 000,008,192 | ---- | M] (Microsoft) - G:\AutoOff.exe -- [ FAT32 ] O32 - Unable to obtain root file information for disk G:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.13 17:55:35 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Hitless\Desktop\LSPFix.exe [2012.09.13 17:47:35 | 000,000,000 | R--D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9 [2012.09.12 10:56:26 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe [2012.09.11 23:44:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.09.11 20:23:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.09.11 20:17:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.09.11 20:06:20 | 004,759,433 | R--- | C] (Swearware) -- C:\Users\Hitless\Desktop\ComboFix.exe [2012.09.10 17:46:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.10 17:46:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.10 17:46:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.10 17:46:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.10 17:46:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.07 13:44:56 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.07 13:31:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.09.05 16:08:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe [2012.09.05 16:03:53 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe [2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.04 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Malwarebytes [2012.09.04 23:56:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.04 17:36:20 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.08.31 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.08.31 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2012.08.31 21:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012.08.24 17:17:25 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Local\Darksiders [2012.08.24 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2012.08.24 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ [2012.08.19 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harpsoft [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.13 18:03:10 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.13 17:55:54 | 000,872,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.13 17:55:54 | 000,718,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.13 17:55:54 | 000,146,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.13 17:54:10 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 17:54:10 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 17:51:06 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Hitless\Desktop\LSPFix.exe [2012.09.13 17:47:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.13 17:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.13 17:46:01 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys [2012.09.13 00:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.13 00:23:21 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job [2012.09.12 17:23:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job [2012.09.12 10:52:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe [2012.09.11 23:43:58 | 724,706,051 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.11 20:00:24 | 004,759,433 | R--- | M] (Swearware) -- C:\Users\Hitless\Desktop\ComboFix.exe [2012.09.11 12:11:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.05 18:20:34 | 000,000,512 | ---- | M] () -- C:\Users\Hitless\Desktop\MBR.dat [2012.09.05 16:05:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe [2012.09.05 16:00:56 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe [2012.09.05 13:55:38 | 000,511,265 | ---- | M] () -- C:\Users\Hitless\Desktop\adwcleaner.exe [2012.08.19 11:07:39 | 000,000,556 | ---- | M] () -- C:\Users\Hitless\Desktop\bendometer.zip [2012.08.15 11:39:54 | 000,306,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.11 23:43:58 | 724,706,051 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.09.10 17:46:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.10 17:46:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.10 17:46:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.10 17:46:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.10 17:46:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.05 18:20:34 | 000,000,512 | ---- | C] () -- C:\Users\Hitless\Desktop\MBR.dat [2012.09.05 13:59:48 | 000,511,265 | ---- | C] () -- C:\Users\Hitless\Desktop\adwcleaner.exe [2012.08.19 11:07:38 | 000,000,556 | ---- | C] () -- C:\Users\Hitless\Desktop\bendometer.zip [2012.04.20 23:19:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.04.20 23:19:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.04.20 23:19:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.04.20 22:59:06 | 000,039,620 | ---- | C] () -- C:\Windows\DIIUnin.dat [2012.02.01 19:19:00 | 000,000,749 | ---- | C] () -- C:\Users\Hitless\.recently-used.xbel [2012.01.07 15:07:37 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll [2012.01.07 15:07:37 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll [2012.01.07 15:07:37 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll [2012.01.07 15:07:37 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll [2012.01.07 15:07:04 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll [2011.12.16 16:14:52 | 000,000,600 | ---- | C] () -- C:\Users\Hitless\AppData\Local\PUTTY.RND [2011.12.11 13:29:05 | 000,000,017 | ---- | C] () -- C:\Users\Hitless\AppData\Local\resmon.resmoncfg [2011.12.10 20:59:19 | 000,000,032 | ---- | C] () -- C:\Users\Hitless\.simfy [2011.12.09 15:23:32 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.12.09 15:18:36 | 000,858,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.09 14:59:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.09 14:59:37 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.09 14:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.03.01 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\.minecraft [2011.12.10 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Atari [2012.08.10 12:17:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Audacity [2012.08.01 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\BCGameTime [2012.08.09 22:23:06 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock [2012.08.24 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock2 [2012.05.06 03:38:11 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\calibre [2012.09.05 10:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DAEMON Tools Lite [2012.05.01 20:51:36 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ [2012.04.24 10:02:22 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dev-Cpp [2012.09.13 17:54:46 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dropbox [2012.07.31 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Foxit Software [2012.02.01 19:19:00 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\geany [2011.12.09 23:38:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Leadertech [2012.07.12 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\LolClient [2012.06.03 14:01:53 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia [2012.06.03 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia Suite [2012.01.08 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Notepad++ [2012.01.31 18:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\OpenOffice.org [2012.06.03 14:03:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\PC Suite [2011.12.16 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\QIP [2012.07.09 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\runic games [2011.12.10 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Simfy [2012.09.12 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Spotify [2012.08.01 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TIPP10 [2012.09.05 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TS3Client [2012.02.10 15:48:44 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WebcamMax [2012.03.20 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WinEdt Team [2012.02.01 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\xm1 [2012.09.03 01:01:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters > "ServiceDll" = %SystemRoot%\System32\wkssvc.dll "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters > "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll "ServiceMain" = SetAccessPolicy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc] < %SystemRoot%\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < %SystemRoot%\system32\*.tsp /64 > [2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp [2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp [2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp [2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp [2010.11.20 15:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp < C:\Windows\system32\*.dll /360 > [2012.01.07 15:07:04 | 001,044,480 | ---- | M] () -- C:\Windows\system32\3DImageRenderer.dll [2012.01.07 15:07:37 | 001,500,512 | ---- | M] () -- C:\Windows\system32\Apblend.dll [2012.01.07 15:07:37 | 000,011,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\biologon.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2012.01.07 15:07:37 | 001,025,376 | ---- | M] (Lenovo) -- C:\Windows\system32\CamOpEx.dll [2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll [2011.12.09 19:29:32 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32\CmdLineExt_x64.dll [2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2012.01.07 15:07:04 | 003,727,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3dx9_35.dll [2012.05.04 19:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll [2012.01.07 15:07:04 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\Windows\system32\DevIL.dll [2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll [2012.06.27 07:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2012.06.27 07:50:44 | 002,073,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2012.06.27 07:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2012.01.07 15:07:04 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\Windows\system32\ILU.dll [2012.01.07 15:07:04 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\Windows\system32\ILUT.dll [2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2012.01.07 15:07:37 | 001,394,016 | ---- | M] (Lenovo) -- C:\Windows\system32\Imagereog.dll [2012.06.16 06:26:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2012.06.27 07:50:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.01.07 15:07:37 | 000,025,952 | ---- | M] (Lenovo) -- C:\Windows\system32\Lenovo.Veriface.dll [2012.01.07 15:07:37 | 000,472,416 | ---- | M] () -- C:\Windows\system32\Lenovo.VerifaceStub.dll [2012.01.07 15:07:37 | 002,086,240 | ---- | M] () -- C:\Windows\system32\LenovoVeriface.Interface.dll [2012.02.02 00:17:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll [2012.06.27 07:51:29 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2012.06.27 07:51:30 | 006,027,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2012.06.27 07:51:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll [2012.05.20 20:26:58 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp71.dll [2012.05.20 20:26:58 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr71.dll [2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012.05.20 20:26:58 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3a.dll [2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2012.05.04 19:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll [2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll [2011.11.08 05:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll [2011.11.08 05:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll [2011.11.08 05:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll [2011.11.08 05:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll [2011.11.08 05:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll [2011.11.08 05:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll [2011.11.08 05:51:00 | 000,301,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdecodemft.dll [2011.11.08 05:51:00 | 000,203,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvinit.dll [2011.11.08 05:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll [2011.11.08 05:51:00 | 000,330,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoptimusmft.dll [2011.11.08 05:51:00 | 000,716,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvumdshim.dll [2011.11.08 05:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll [2011.11.08 05:51:00 | 000,484,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\oemdspif.dll [2012.06.20 13:53:19 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\system32\OpenAL32.dll [2011.11.08 05:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll [2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll [2012.01.07 15:07:37 | 001,171,456 | ---- | M] () -- C:\Windows\system32\PicNotify.dll [2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll [2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll [2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2012.04.20 23:19:25 | 000,012,067 | ---- | M] () -- C:\Windows\system32\SIntf16.dll [2012.04.20 23:19:25 | 000,017,212 | ---- | M] () -- C:\Windows\system32\SIntf32.dll [2012.04.20 23:19:25 | 000,021,840 | ---- | M] () -- C:\Windows\system32\SIntfNT.dll [2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll [2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll [2012.01.07 15:07:37 | 002,278,752 | ---- | M] (TODO: <Company name>) -- C:\Windows\system32\TakeSnpshot.dll [2011.11.05 06:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2012.06.27 07:53:05 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2012.06.27 07:53:05 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2012.06.16 06:26:57 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll [2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2012.06.27 07:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2012.06.20 13:53:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\system32\wrap_oal.dll [2011.09.28 18:45:42 | 015,453,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\xlive.dll [2011.09.28 18:45:42 | 013,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\xlivefnt.dll < C:\Windows\SysNative\*.dll /360 > [2012.01.07 15:07:36 | 001,510,752 | ---- | M] () -- C:\Windows\SysNative\Apblend64.dll [2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll [2012.01.09 17:28:20 | 000,166,912 | ---- | M] (Nokia) -- C:\Windows\SysNative\ccdcmbwux64.dll [2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.04.24 07:37:36 | 001,462,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.04.24 07:37:37 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.04.24 07:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll [2011.10.26 07:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.11.08 20:40:34 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.03.03 08:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.11.08 05:51:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll [2011.10.15 08:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2012.01.07 15:07:36 | 000,783,712 | ---- | M] () -- C:\Windows\SysNative\EncIcons.dll [2012.01.07 15:07:36 | 001,508,192 | ---- | M] () -- C:\Windows\SysNative\IcnOvrly.dll [2012.06.27 09:02:40 | 012,297,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll [2012.06.27 09:02:41 | 002,453,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2012.06.27 09:02:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.01.07 15:07:36 | 001,769,312 | ---- | M] (Lenovo) -- C:\Windows\SysNative\imagereog.dll [2012.06.16 07:15:56 | 000,911,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.27 09:02:52 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2012.07.15 18:58:23 | 000,031,232 | ---- | M] (neo-layout.org) -- C:\Windows\SysNative\kbdneo2.dll [2012.01.07 15:07:37 | 000,562,016 | ---- | M] () -- C:\Windows\SysNative\Lenovo.VerifaceStub.dll [2011.12.09 15:47:25 | 000,279,968 | ---- | M] (Lenovo) -- C:\Windows\SysNative\LenovoSdk.OKTDLL.dll [2011.12.09 15:45:21 | 000,019,872 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Windows\SysNative\LenovoSDKEmSubSystem.dll [2012.01.07 15:07:37 | 002,432,352 | ---- | M] () -- C:\Windows\SysNative\LenovoVeriface.Interface.dll [2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2011.11.17 08:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.02.02 00:17:21 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012.06.27 09:03:29 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.27 09:03:32 | 009,059,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2012.06.27 09:03:32 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.06.06 08:06:16 | 001,881,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll [2012.06.06 08:06:16 | 002,004,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll [2012.06.02 07:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.01.09 17:28:20 | 000,057,856 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll [2012.01.09 17:28:20 | 000,640,000 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdcoclsx64.dll [2011.11.08 20:40:40 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2011.11.17 08:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2011.11.08 05:51:00 | 001,349,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll [2011.11.08 05:51:00 | 000,055,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll [2011.11.08 05:51:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2011.11.08 05:51:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.11.08 05:51:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2011.11.08 05:51:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.11.08 05:51:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.11.08 05:51:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.11.08 05:51:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.11.08 05:51:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2011.11.08 05:51:00 | 001,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2011.11.08 05:51:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll [2011.11.08 05:51:00 | 000,241,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2011.11.08 05:51:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2011.11.08 05:51:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.11.08 05:51:00 | 000,371,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoptimusmft.dll [2011.11.08 05:51:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2011.11.08 05:51:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2011.11.08 05:51:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2011.11.08 05:51:00 | 000,860,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2011.11.08 05:51:00 | 008,792,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.06.20 13:53:19 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2011.11.08 05:51:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.11.19 16:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll [2011.10.26 07:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2011.10.26 07:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll [2011.11.17 08:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll [2012.01.07 15:07:36 | 000,628,064 | ---- | M] () -- C:\Windows\SysNative\SimpleExt.dll [2012.01.07 15:07:37 | 000,628,064 | ---- | M] () -- C:\Windows\SysNative\SimpleExt64.dll [2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2011.11.17 08:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2011.11.17 08:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.01.07 15:07:37 | 002,822,496 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\TakeSnpshot.dll [2011.11.05 07:32:50 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll [2012.06.27 09:06:35 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.27 09:06:36 | 001,494,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll [2012.06.16 07:16:04 | 000,609,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.01.09 17:28:26 | 001,721,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01009.dll [2011.11.17 08:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012.02.11 08:43:47 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.06.27 09:06:53 | 001,188,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2012.03.01 08:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll [2012.06.20 13:53:19 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.04.22 13:51:40 | 002,152,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFUpdate_01009.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll < C:\Windows\SysWOW64\*.dll /360 > [2012.01.07 15:07:04 | 001,044,480 | ---- | M] () -- C:\Windows\SysWOW64\3DImageRenderer.dll [2012.01.07 15:07:37 | 001,500,512 | ---- | M] () -- C:\Windows\SysWOW64\Apblend.dll [2012.01.07 15:07:37 | 000,011,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\biologon.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll [2012.01.07 15:07:37 | 001,025,376 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\CamOpEx.dll [2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll [2011.12.09 19:29:32 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWOW64\CmdLineExt_x64.dll [2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll [2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll [2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll [2012.01.07 15:07:04 | 003,727,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx9_35.dll [2012.05.04 19:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll [2012.01.07 15:07:04 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\DevIL.dll [2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll [2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EncDec.dll [2012.06.27 07:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll [2012.06.27 07:50:44 | 002,073,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll [2012.06.27 07:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll [2012.01.07 15:07:04 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\ILU.dll [2012.01.07 15:07:04 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\ILUT.dll [2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll [2012.01.07 15:07:37 | 001,394,016 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\Imagereog.dll [2012.06.16 06:26:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll [2012.06.27 07:50:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll [2012.01.07 15:07:37 | 000,025,952 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\Lenovo.Veriface.dll [2012.01.07 15:07:37 | 000,472,416 | ---- | M] () -- C:\Windows\SysWOW64\Lenovo.VerifaceStub.dll [2012.01.07 15:07:37 | 002,086,240 | ---- | M] () -- C:\Windows\SysWOW64\LenovoVeriface.Interface.dll [2012.02.02 00:17:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msclmd.dll [2012.06.27 07:51:29 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll [2012.06.27 07:51:30 | 006,027,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll [2012.06.27 07:51:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll [2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll [2012.05.20 20:26:58 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll [2012.05.20 20:26:58 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll [2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll [2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll [2012.05.20 20:26:58 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3a.dll [2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll [2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll [2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll [2012.05.04 19:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npDeployJava1.dll [2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll [2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll [2011.11.08 05:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll [2011.11.08 05:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcompiler.dll [2011.11.08 05:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuda.dll [2011.11.08 05:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvenc.dll [2011.11.08 05:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvid.dll [2011.11.08 05:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll [2011.11.08 05:51:00 | 000,301,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvdecodemft.dll [2011.11.08 05:51:00 | 000,203,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvinit.dll [2011.11.08 05:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoglv32.dll [2011.11.08 05:51:00 | 000,330,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoptimusmft.dll [2011.11.08 05:51:00 | 000,716,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvumdshim.dll [2011.11.08 05:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll [2011.11.08 05:51:00 | 000,484,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\oemdspif.dll [2012.06.20 13:53:19 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWOW64\OpenAL32.dll [2011.11.08 05:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWOW64\OpenCL.dll [2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\packager.dll [2012.01.07 15:07:37 | 001,171,456 | ---- | M] () -- C:\Windows\SysWOW64\PicNotify.dll [2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll [2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll [2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll [2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll [2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll [2012.04.20 23:19:25 | 000,012,067 | ---- | M] () -- C:\Windows\SysWOW64\SIntf16.dll [2012.04.20 23:19:25 | 000,017,212 | ---- | M] () -- C:\Windows\SysWOW64\SIntf32.dll [2012.04.20 23:19:25 | 000,021,840 | ---- | M] () -- C:\Windows\SysWOW64\SIntfNT.dll [2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll [2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll [2012.01.07 15:07:37 | 002,278,752 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysWOW64\TakeSnpshot.dll [2011.11.05 06:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll [2012.06.27 07:53:05 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll [2012.06.27 07:53:05 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll [2012.06.16 06:26:57 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll [2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll [2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll [2012.06.27 07:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll [2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll [2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll [2012.06.20 13:53:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWOW64\wrap_oal.dll [2011.09.28 18:45:42 | 015,453,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xlive.dll [2011.09.28 18:45:42 | 013,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xlivefnt.dll < > < End of report > [/CODE] |
|
16.09.2012, 11:11
| #34 |
| /// Malwareteam | GVU Trojaner mit Webcam Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.09.2012, 23:07
| #35 |
| | GVU Trojaner mit Webcam Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Hitless :: YEAH-PC [administrator] 16.09.2012 16:01:57 mbam-log-2012-09-16 (16-01-57).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 501651 Time elapsed: 1 hour(s), 40 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter C:\Qoobox\Quarantine\[4]-Submit_2012-09-11_12.04.54.zip a variant of Win64/Mediyes.B trojan
C:\Users\Hitless\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\7facff41-2849688d Java/Exploit.CVE-2012-1723.BR trojan
C:\Users\Hitless\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5edbb552-6cd0c912 Java/Exploit.CVE-2012-0507.CU trojan
C:\Users\Hitless\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7575c0e8-46364a56 multiple threats
G:\data\Bereinigung\D\Download\SoftonicDownloader_for_bendometer-playing-system.exe a variant of Win32/SoftonicDownloader.D application
|
|
17.09.2012, 21:41
| #36 |
| /// Malwareteam | GVU Trojaner mit Webcam Schritt 1: Java update Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2: VLC-Player update Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button ComboFix Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Temp File Cleaner ausführen Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ --> GVU Trojaner mit Webcam |
|
18.09.2012, 11:06
| #37 |
| | GVU Trojaner mit Webcam Danke für die großartige Hilfe! Zwei kurze Fragen: 1. In deinem letzten Post sagst du ich soll den Defogger starten und reanablen. Ich habe von diesem Programm nie gehört. Wie kriegt man es oder startet es? Was macht es? 2. Hast du auch nützliche Tipps für Google Chrome? |
|
18.09.2012, 13:46
| #38 | ||
| /// Malwareteam | GVU Trojaner mit WebcamZitat:
Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
18.09.2012, 18:29
| #39 | |
| | GVU Trojaner mit WebcamZitat:
 Na dann ist soweit alles klar. Ich bedanke mich nochmals dafür, dass du soviel Geduld und Mühe gesteckt hast um mir zu helfen. Ich wünsche dir alles Glück und alles Gute. |
|
18.09.2012, 22:17
| #40 |
| /// Malwareteam | GVU Trojaner mit Webcam Schön, dass wir helfen konnten!  Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu GVU Trojaner mit Webcam |
| 7-zip, adobe flash player, antivir, application/pdf:, autorun, avg, avira, battle.net, bho, blockiert, cpu-z, defender, desktop, explorer, firefox, flash player, format, google, grand theft auto, gvu trojaner windows 7 64, install.exe, jdownloader, lenovo, logfile, nvidia, nvidia update, nvpciflt.sys, object, opera, pando media booster, plug-in, prima, realtek, registry, required, scan, software, spotify web helper, trojaner, usb, usb 3.0, visual studio, windows |
Textbox.
Linear-Darstellung
