| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Entfernen von WebCake (und mehr?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
16.07.2013, 14:45
| #1 |
| |  Entfernen von WebCake (und mehr?) Hallo liebe Mitglieder von Trojaner-Board, ich habe mir WebCake eingefangen. Eben habe ich mal recherchiert und bin auf einen Thread eines anderen Nutzers mit ähnlichen Problemen gestoßen. Den habe ich mir dann durchgelesen und eine ungefähre Ahnung bekommen, was das eigentlich ist. Da in dem Thread darauf hingewiesen wurde, dass Formatierung und Neuinstallation oft schneller und in jedem Fall sicherer ist, ziehe ich das auch in Erwägung, aber jetzt füge ich erstmal die gemäß eurer Anleitung erstellten Logfiles an und hoffe, dass ihr mir weiterhelfen könnt. Liebe Grüße, Georg Code:
ATTFilter OTL logfile created on: 16.07.2013 14:25:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,45% Memory free 7,89 Gb Paging File | 5,47 Gb Available in Paging File | 69,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 603,30 Gb Free Space | 92,15% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,33 Gb Free Space | 90,81% Space Free | Partition Type: NTFS Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.16 14:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Downloads\OTL.exe PRC - [2013.07.12 20:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.06.11 21:53:20 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.06.07 22:55:30 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Georg\AppData\Roaming\WebCake\WebCakeDesktop.exe PRC - [2013.06.07 22:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.24 12:35:20 | 000,224,096 | ---- | M] () -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe PRC - [2012.07.04 11:55:30 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2011.01.28 06:03:26 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.14 20:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe PRC - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe PRC - [2010.01.19 12:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2007.01.19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 12:57:17 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c0253d1c6c01a370178b15c3489ebb3\IAStorUtil.ni.dll MOD - [2013.07.13 12:57:17 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll MOD - [2013.07.13 01:26:47 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll MOD - [2013.07.13 01:26:25 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.13 01:26:20 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.13 01:26:08 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.13 01:26:04 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.13 01:26:01 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.13 01:26:00 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.13 01:25:54 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.07.12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll MOD - [2013.07.12 20:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll MOD - [2013.07.12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll MOD - [2013.07.12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll MOD - [2013.07.12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll MOD - [2013.07.12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.07.04 11:55:29 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2012.07.04 03:04:27 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.07.04 03:04:17 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.24 12:35:20 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc) SRV - [2013.02.25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.01.28 14:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV - [2011.01.28 06:03:34 | 000,344,928 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.14 20:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.24 12:35:20 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2013.04.24 12:35:20 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2013.04.24 12:35:20 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2013.04.24 12:35:20 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2013.04.24 12:35:20 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM) DRV:64bit: - [2013.04.24 12:35:20 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2013.04.24 12:35:20 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad) DRV:64bit: - [2013.04.24 12:35:20 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2013.02.19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.07.24 04:55:06 | 000,204,888 | ---- | M] (Shanghai RuiChuang) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HaoZipVirtualCDBus.sys -- (HaozipVirtualCDBus) DRV:64bit: - [2012.07.04 12:05:16 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.07.04 12:05:14 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.07.04 12:02:32 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2012.07.04 12:02:32 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.14 02:55:24 | 000,409,664 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144) DRV:64bit: - [2012.02.14 02:55:24 | 000,050,240 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM) DRV:64bit: - [2012.02.14 02:55:24 | 000,031,296 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.29 05:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.29 05:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.10 11:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.01.25 05:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.12.15 05:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010.12.15 05:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.12.15 05:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.12.15 05:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.12.15 05:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.12.10 21:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.09.22 00:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt) DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2010.01.18 12:21:02 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.07.03 12:59:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: SiteAdvisor = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\ CHR - Extension: WebCake = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [haozipcd] C:\Programme\HaoZip\HaoZipCD.exe (瑞创网络) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Georg\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02966BC9-6720-4603-B055-54242DCD9702}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F251E65-8FAD-430E-8C96-49238BD57F05}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: NameServer = 10.74.210.210 10.74.210.211 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3fac5793-acc8-11e2-9c9c-c01885f49b7d}\Shell - "" = AutoRun O33 - MountPoints2\{3fac5793-acc8-11e2-9c9c-c01885f49b7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3fac57a8-acc8-11e2-9c9c-c01885f49b7d}\Shell - "" = AutoRun O33 - MountPoints2\{3fac57a8-acc8-11e2-9c9c-c01885f49b7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.15 21:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee ========== Files - Modified Within 30 Days ========== [2013.07.16 14:19:59 | 000,000,000 | ---- | M] () -- C:\Users\Georg\defogger_reenable [2013.07.16 14:11:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.16 12:18:02 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.16 12:07:55 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.07.16 12:07:55 | 000,654,844 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.07.16 12:07:55 | 000,616,686 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.07.16 12:07:55 | 000,130,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.07.16 12:07:55 | 000,106,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.07.16 12:04:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.15 21:17:12 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 21:17:12 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 21:14:06 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2013.07.15 21:10:00 | 000,439,819 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.07.15 21:09:05 | 449,666,790 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.07.15 21:09:03 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys [2013.07.13 02:13:10 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.13 01:20:22 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.06.20 18:05:47 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI [2013.06.20 18:05:47 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI ========== Files Created - No Company Name ========== [2013.07.16 14:19:59 | 000,000,000 | ---- | C] () -- C:\Users\Georg\defogger_reenable [2013.06.20 18:05:47 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI [2013.06.20 18:05:47 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI [2013.04.18 18:40:27 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\wmtog32.dat [2013.04.09 18:49:57 | 000,003,654 | ---- | C] () -- C:\windows\SysWow64\drivers\Sonyhcp.dll [2013.04.07 12:29:18 | 000,179,656 | ---- | C] () -- C:\windows\hpoins38.dat [2013.03.30 20:57:26 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.03.30 14:14:58 | 000,002,892 | ---- | C] () -- C:\windows\SysWow64\audcon.sys [2013.03.30 14:12:09 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg [2013.03.30 14:12:05 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe [2012.07.04 12:10:53 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2012.07.04 12:10:53 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2012.07.04 11:55:32 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2012.07.04 11:55:32 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2012.07.04 11:55:32 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2012.07.04 11:55:32 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2012.07.04 11:55:28 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2012.07.04 11:47:02 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini [2012.07.04 11:47:02 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini [2012.07.04 11:42:15 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2012.07.04 11:30:39 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.07.04 11:30:38 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.07.04 11:30:37 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.30 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Ableton [2013.04.19 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DVDVideoSoft [2013.06.13 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\GoforFiles [2013.07.15 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\HaoZip [2013.07.12 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SoftGrid Client [2013.06.18 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Spotify [2013.03.30 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Steinberg [2013.06.12 16:53:18 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Systweak [2013.04.24 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\T-Mobile [2013.03.30 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TP [2013.03.30 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\VST3 Presets [2013.06.13 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\WebCake ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.07.2013 14:25:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,45% Memory free
7,89 Gb Paging File | 5,47 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 603,30 Gb Free Space | 92,15% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,33 Gb Free Space | 90,81% Space Free | Partition Type: NTFS
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5C87F5-64E3-4ED6-B8CA-1F79857BE4A0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D58C5450-D478-45B7-B83E-96CB7ABDB213}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F44172-0543-452B-933A-A521DD7BE65D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{238F7849-D5B1-47A3-AAC9-854F58AC9A3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37E4D09C-A9CC-4CA5-96A7-8ADE59CE48C5}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{4836C107-3AFE-4DFA-AF25-40B298F1A107}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5DA7B6A6-5A4C-4C7F-BF95-1E2C06985075}" = protocol=6 | dir=in | app=f:\o2cd.exe |
"{857D8F80-6045-4A39-9B2B-37BF946DE903}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{957F576F-6894-4E15-92B5-4E6BB7E60973}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{9A19D4F4-CB3E-49D0-8979-E7627BD2B9E6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C3259164-3A11-4AE9-A449-0B8288F76BE4}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{C63A47F6-ED0D-4B66-B4E1-C65596C011C6}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{E434E095-CF1A-47B7-A0D9-2A19C87FAD42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FF32FFAF-C035-4E18-86CF-DEAC2FABE7F7}" = protocol=17 | dir=in | app=f:\o2cd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"HaoZip" = HaoZip
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"VLC media player" = VLC media player 2.0.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D6EC5D2-F890-4D95-BA22-3D3CE41C6821}_is1" = Vyzex MPK88-61
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3GP to MP3 Converter_is1" = 3GP to MP3 Converter
"CVPiano-Modeled" = CVPiano-Modeled
"eLicenser Control" = eLicenser Control
"Free Audio Converter_is1" = Free Audio Converter version 5.0.23.320
"Free Media Player_is1" = Free All-In-One Media Player
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Internet Manager" = Internet Manager
"Lenovo Games Console" = Lenovo Games Console
"Live 8.0.9" = Live 8.0.9
"MSC" = McAfee AntiVirus Plus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoforFiles" = GoforFiles
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.06.2013 17:47:42 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2013 04:49:06 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2013 06:21:50 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2013 17:08:48 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2013 11:35:25 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2013 08:03:32 | Computer Name = Georg-PC | Source = System Restore | ID = 8193
Description =
Error - 03.07.2013 07:01:33 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2013 16:27:28 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.07.2013 04:06:40 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.07.2013 15:33:19 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Gruppenrichtlinienclient" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" wurde
unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Server" wurde unerwartet beendet. Dies ist bereits 1 Mal
vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-16 15:09:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST750LM0 rev.2AR1 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Georg\AppData\Local\Temp\fgloqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800037b5000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800037b502f 16 bytes [00, E6, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\tschannel.dll [524] entry point in ".rsrc" section 000007fefc736894
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2592] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000770c6f80 5 bytes JMP 000000016b9cb440
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2592] C:\windows\system32\kernel32.dll!LoadLibraryA 00000000770c7070 5 bytes JMP 000000016b9cb320
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002dc95984 4 bytes [38, 9A, 2E, 93]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075691465 2 bytes [69, 75]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756914bb 2 bytes [69, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000774cf9c0 5 bytes JMP 0000000168145f49
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryObject 00000000774cf9d8 5 bytes JMP 0000000168146411
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenKey 00000000774cfa08 5 bytes JMP 000000016814016d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000774cfa20 5 bytes JMP 000000016813fbca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryKey 00000000774cfa70 5 bytes JMP 000000016813fa44
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000774cfa88 2 bytes JMP 000000016813fb52
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 00000000774cfa8b 2 bytes [C7, F0]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtCreateKey 00000000774cfb20 5 bytes JMP 0000000168140424
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000774cfc18 5 bytes JMP 0000000168144369
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000774cfd2c 5 bytes JMP 000000016813f9cc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000774cfd44 5 bytes JMP 0000000168144959
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000774cfd78 5 bytes JMP 00000001681439de
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774cfe24 5 bytes JMP 0000000168145fc4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000774cfe3c 5 bytes JMP 0000000168144adb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774d0094 5 bytes JMP 0000000168144791
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774d01a4 5 bytes JMP 000000016813fc42
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000774d09c4 5 bytes JMP 0000000168144584
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000774d09dc 5 bytes JMP 000000016813cc5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey 00000000774d0a24 5 bytes JMP 000000016813cd29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtFlushKey 00000000774d0b60 5 bytes JMP 000000016813ccc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000774d0f50 5 bytes JMP 000000016813fcba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774d0f68 5 bytes JMP 000000016813ff45
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000774d0ff8 5 bytes JMP 00000001681401fd
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000774d131c 5 bytes JMP 0000000168144b6b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 00000000774d145c 5 bytes JMP 000000016813fec9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 00000000774d1508 5 bytes JMP 0000000168146389
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtRenameKey 00000000774d16f8 1 byte JMP 000000016813d138
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtRenameKey + 2 00000000774d16fa 3 bytes {JMP 0xfffffffff0c6ba40}
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey 00000000774d1a38 5 bytes JMP 000000016813facc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000774d1b7c 5 bytes JMP 000000016814616c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessW 00000000754e103d 5 bytes JMP 00000001681193a9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessA 00000000754e1072 5 bytes JMP 00000001681194e7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007550c9b5 5 bytes JMP 000000016811971d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW 00000000755600c3 5 bytes JMP 0000000168119efe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA 000000007556016b 5 bytes JMP 000000016811a231
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!WinExec 0000000075562c91 5 bytes JMP 0000000168119aa0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!AllocConsole 0000000075586b3e 5 bytes JMP 0000000168147431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!AttachConsole 0000000075586c02 5 bytes JMP 0000000168147443
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074f72aa4 5 bytes JMP 000000016811a43c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075058a29 5 bytes JMP 0000000168147419
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\USER32.dll!CreateWindowExA 000000007505d22e 5 bytes JMP 0000000168147401
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\GDI32.dll!AddFontResourceW 0000000074fed2b2 5 bytes JMP 0000000168127617
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\GDI32.dll!AddFontResourceA 0000000074fed7bb 5 bytes JMP 00000001681275fb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 0000000076f61e3a 7 bytes JMP 000000016812a3b9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 0000000076f6b466 7 bytes JMP 000000016812b2da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 0000000076f878ff 7 bytes JMP 000000016812aa60
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 0000000076f879bb 7 bytes JMP 000000016812ac11
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 0000000076f8a3e2 7 bytes JMP 000000016812b3a0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076fa2538 5 bytes JMP 000000016811985f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000076fc1b94 7 bytes JMP 000000016812ab18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000076fc1c31 7 bytes JMP 000000016812acc9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000076fc2021 7 bytes JMP 000000016812b21c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 0000000076fc2104 7 bytes JMP 000000016812a470
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000076fc2221 5 bytes JMP 000000016812b15e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlService 0000000075674d5c 7 bytes JMP 000000016812a1fe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075674dc3 7 bytes JMP 000000016812a527
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000075674e4b 7 bytes JMP 000000016812a28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000075674eaf 7 bytes JMP 000000016812a31d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!StartServiceW 0000000075674f35 7 bytes JMP 000000016812a079
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!StartServiceA 000000007567508d 7 bytes JMP 000000016812a10f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000756750f4 7 bytes JMP 000000016812b02c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075675181 7 bytes JMP 000000016812b0c8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075675254 7 bytes JMP 000000016812a728
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756753d5 7 bytes JMP 000000016812a643
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756754c2 7 bytes JMP 000000016812a9ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756755e2 7 bytes JMP 000000016812a934
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007567567c 7 bytes JMP 0000000168129e5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007567589f 7 bytes JMP 0000000168129d85
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000075675a22 7 bytes JMP 000000016812a5b5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000075675a83 7 bytes JMP 000000016812ae5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000075675b29 7 bytes JMP 000000016812adc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlServiceExA 0000000075675ca0 7 bytes JMP 0000000168129535
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlServiceExW 0000000075675d8c 7 bytes JMP 00000001681294bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000756763ad 7 bytes JMP 0000000168129a83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000756764f0 7 bytes JMP 0000000168129b0f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000075676633 7 bytes JMP 000000016812af90
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007567680c 7 bytes JMP 000000016812aef4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenServiceW 000000007567714b 7 bytes JMP 0000000168129bf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenServiceA 0000000075677245 7 bytes JMP 0000000168129c84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid 0000000076dac56e 5 bytes JMP 00000001681311c4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076daea09 7 bytes JMP 0000000168131795
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleRun 0000000076db07de 5 bytes JMP 0000000168131650
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076db21e1 5 bytes JMP 00000001681322c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleUninitialize 0000000076dbeba1 6 bytes JMP 000000016813156f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleInitialize 0000000076dbefd7 5 bytes JMP 00000001681314ff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetPSClsid 0000000076dc26b9 5 bytes JMP 000000016813133c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetClassObject 0000000076dd54ad 5 bytes JMP 0000000168132853
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoInitializeEx 0000000076de09ad 5 bytes JMP 00000001681313af
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoUninitialize 0000000076de86d3 5 bytes JMP 0000000168131431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076de9d0b 5 bytes JMP 0000000168133b21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076de9d4e 5 bytes JMP 0000000168131c5c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076e0bb09 7 bytes JMP 00000001681316c0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076e2eacf 5 bytes JMP 0000000168130c21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076e6340b 5 bytes JMP 0000000168132d13
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076eacfd9 5 bytes JMP 00000001681315da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject 000000007546279e 5 bytes JMP 0000000168130eb4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject 0000000075463294 5 bytes JMP 0000000168130fd5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!GetActiveObject 0000000075478f40 5 bytes JMP 0000000168131048
---- Processes - GMER 2.1 ----
Library Q:\140066.deu\Office14\WINWORDC.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000002fc20000
Library Q:\140066.deu\Office14\wwlibc.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000066ea0000
Library Q:\140066.deu\Office14\gfx.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000066cf0000
Library Q:\140066.deu\Office14\oart.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005dc20000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005ff00000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000661e0000
Library Q:\140066.deu\Office14\1031\WWINTLC.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000068210000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\1031\MSOINTL.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005d910000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006be20000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005fdb0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSORES.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000593e0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\USP10.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000059340000
Library Q:\140066.deu\Office14\msproof7.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006d8c0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Csi.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000058bb0000
Library Q:\140066.deu\Office14\IEAWSDC.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006c3e0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000592b0000
Library Q:\140066.deu\OFFICE14\PROOF\MSSP7GE.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000059120000
Library Q:\140066.deu\OFFICE14\PROOF\1031\MSGR3GE.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000058a40000
Library Q:\140066.deu\Office14\mscss7ge.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006c030000
Library Q:\140066.deu\Office14\css7Data0007.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000589c0000
Library Q:\140066.deu\Office14\OffSpon.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [6744] 000000002d2d0000
Library Q:\140066.deu\Office14\msadctls.dll (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [6744] 00000000587e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@f8d0bd1156bb 0x5C 0xFD 0x3A 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@001f01ae97b7 0x48 0x69 0x44 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@6cd68a2ad3a3 0xC6 0x91 0x37 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@002608c75d23 0x54 0x95 0x0A 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@f8d0bd1156bb 0x5C 0xFD 0x3A 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@001f01ae97b7 0x48 0x69 0x44 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@6cd68a2ad3a3 0xC6 0x91 0x37 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@002608c75d23 0x54 0x95 0x0A 0x30 ...
---- EOF - GMER 2.1 ----
|
|
16.07.2013, 15:11
| #2 |
| /// Malwareteam   | Entfernen von WebCake (und mehr?) Mein Name ist Heiko. Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
17.07.2013, 07:54
| #3 |
| /// Malwareteam | Entfernen von WebCake (und mehr?)Mein Name ist Heiko, ich werde dir bei deinem Problem helfen. Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.  Bitte Lesen:Regeln für die Bereinigung Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Dann fangen wir mal mit Schritt 1 an: Deinstalliere bitte folgende Programme über Start, Systemsteuerung, Programme: Code:
ATTFilter Webcake 3.00
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.07.2013, 17:54
| #4 |
| | Entfernen von WebCake (und mehr?) Ist es normal, dass 3 FRST Logs erstellt werden? Code:
ATTFilter # AdwCleaner v2.305 - Datei am 18/07/2013 um 18:36:22 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Georg - GEORG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Georg\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1815 octets] - [18/07/2013 18:36:22]
########## EOF - C:\AdwCleaner[S1].txt - [1875 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Georg (administrator) on 18-07-2013 18:42:47
Running from C:\Users\Georg\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(hxxp://www.goforfiles.com/) C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-07-04] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-07-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-07-04] (Lenovo(beijing) Limited)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [haozipcd] - C:\Program Files\HaoZip\HaoZipCD.exe [413448 2012-07-25] (瑞创网络)
MountPoints2: {3fac5793-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
MountPoints2: {3fac57a8-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe" [138584 2010-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: [NameServer]10.74.210.210 10.74.210.211
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
==================== Services (Whitelisted) =================
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-04-24] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()
==================== Drivers (Whitelisted) ====================
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-04-24] (Bytemobile, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-04-24] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-14] (TASCAM)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U3 mfeavfk01; No ImagePath
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-07-18 18:37 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:44 - 2013-07-16 14:45 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:22 - 2013-07-16 14:23 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:21 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:19 - 2013-07-16 14:21 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-12 13:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 02:04 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 02:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 02:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 02:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 02:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 02:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 02:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:10 - 2013-06-19 18:15 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
==================== One Month Modified Files and Folders =======
2013-07-18 18:43 - 2012-07-04 11:51 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:40 - 2013-05-09 15:59 - 00000000 ____D C:\Users\Georg\AppData\Roaming\HaoZip
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:39 - 2012-07-04 12:02 - 00379535 _____ C:\windows\system32\fastboot.set
2013-07-18 18:39 - 2012-07-04 11:55 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-18 18:38 - 2013-03-30 13:47 - 00790404 _____ C:\FaceProv.log
2013-07-18 18:38 - 2012-07-04 12:01 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 18:38 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 18:38 - 2009-07-14 06:51 - 00071119 _____ C:\windows\setupact.log
2013-07-18 18:37 - 2013-07-18 18:36 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:37 - 2012-07-04 11:19 - 02032765 _____ C:\windows\WindowsUpdate.log
2013-07-18 18:36 - 2013-03-30 20:58 - 00000000 ____D C:\Users\Georg\AppData\Roaming\SoftGrid Client
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-18 18:11 - 2012-07-04 12:01 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 17:45 - 2012-07-04 03:06 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-07-18 17:45 - 2012-07-04 03:06 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-07-18 17:45 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-18 15:36 - 2013-04-22 11:54 - 00000000 ____D C:\Users\Georg\Documents\Youcam
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:45 - 2013-07-16 14:44 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:23 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:22 - 2013-07-16 14:21 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:21 - 2013-07-16 14:19 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:19 - 2013-03-30 13:47 - 00000000 ____D C:\Users\Georg
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-15 21:09 - 2013-04-04 00:03 - 00000000 ____D C:\windows\Minidump
2013-07-15 21:09 - 2013-04-04 00:02 - 449666790 _____ C:\windows\MEMORY.DMP
2013-07-13 02:13 - 2012-07-04 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 02:06 - 2012-07-04 12:01 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:06 - 2012-07-04 12:01 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 01:20 - 2009-07-14 06:45 - 00283104 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 19:59 - 2011-09-29 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 13:52 - 2013-04-07 20:30 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-07 03:31 - 2009-07-14 07:08 - 00032628 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 02:09 - 2013-04-20 11:11 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-03 12:59 - 2010-11-21 05:47 - 00011152 _____ C:\windows\PFRO.log
2013-07-02 01:50 - 2012-07-04 11:50 - 00000000 ____D C:\Program Files\mcafee
2013-06-23 23:48 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:15 - 2013-06-19 18:10 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
2013-06-18 22:00 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Spotify
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 14:49
==================== End Of Log ============================
--- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Georg (administrator) on 18-07-2013 18:45:11
Running from C:\Users\Georg\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(hxxp://www.goforfiles.com/) C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-07-04] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-07-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-07-04] (Lenovo(beijing) Limited)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [haozipcd] - C:\Program Files\HaoZip\HaoZipCD.exe [413448 2012-07-25] (瑞创网络)
MountPoints2: {3fac5793-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
MountPoints2: {3fac57a8-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe" [138584 2010-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: [NameServer]10.74.210.210 10.74.210.211
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
==================== Services (Whitelisted) =================
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-04-24] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()
==================== Drivers (Whitelisted) ====================
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-04-24] (Bytemobile, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-04-24] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-14] (TASCAM)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U3 mfeavfk01; No ImagePath
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-07-18 18:37 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:44 - 2013-07-16 14:45 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:22 - 2013-07-16 14:23 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:21 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:19 - 2013-07-16 14:21 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-12 13:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 02:04 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 02:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 02:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 02:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 02:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 02:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 02:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:10 - 2013-06-19 18:15 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
==================== One Month Modified Files and Folders =======
2013-07-18 18:45 - 2012-07-04 03:06 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-07-18 18:45 - 2012-07-04 03:06 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-07-18 18:45 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:43 - 2012-07-04 11:51 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:42 - 2012-07-04 11:19 - 02032765 _____ C:\windows\WindowsUpdate.log
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:40 - 2013-05-09 15:59 - 00000000 ____D C:\Users\Georg\AppData\Roaming\HaoZip
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:39 - 2012-07-04 12:02 - 00379535 _____ C:\windows\system32\fastboot.set
2013-07-18 18:39 - 2012-07-04 11:55 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-18 18:38 - 2013-03-30 13:47 - 00790404 _____ C:\FaceProv.log
2013-07-18 18:38 - 2012-07-04 12:01 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 18:38 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 18:38 - 2009-07-14 06:51 - 00071119 _____ C:\windows\setupact.log
2013-07-18 18:37 - 2013-07-18 18:36 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-03-30 20:58 - 00000000 ____D C:\Users\Georg\AppData\Roaming\SoftGrid Client
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-18 18:11 - 2012-07-04 12:01 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 15:36 - 2013-04-22 11:54 - 00000000 ____D C:\Users\Georg\Documents\Youcam
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:45 - 2013-07-16 14:44 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:23 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:22 - 2013-07-16 14:21 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:21 - 2013-07-16 14:19 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:19 - 2013-03-30 13:47 - 00000000 ____D C:\Users\Georg
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-15 21:09 - 2013-04-04 00:03 - 00000000 ____D C:\windows\Minidump
2013-07-15 21:09 - 2013-04-04 00:02 - 449666790 _____ C:\windows\MEMORY.DMP
2013-07-13 02:13 - 2012-07-04 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 02:06 - 2012-07-04 12:01 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:06 - 2012-07-04 12:01 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 01:20 - 2009-07-14 06:45 - 00283104 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 19:59 - 2011-09-29 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 13:52 - 2013-04-07 20:30 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-07 03:31 - 2009-07-14 07:08 - 00032628 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 02:09 - 2013-04-20 11:11 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-03 12:59 - 2010-11-21 05:47 - 00011152 _____ C:\windows\PFRO.log
2013-07-02 01:50 - 2012-07-04 11:50 - 00000000 ____D C:\Program Files\mcafee
2013-06-23 23:48 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:15 - 2013-06-19 18:10 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
2013-06-18 22:00 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Spotify
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 14:49
==================== End Of Log ============================
--- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Georg (administrator) on 18-07-2013 18:45:54
Running from C:\Users\Georg\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(hxxp://www.goforfiles.com/) C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-07-04] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-07-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-07-04] (Lenovo(beijing) Limited)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [haozipcd] - C:\Program Files\HaoZip\HaoZipCD.exe [413448 2012-07-25] (瑞创网络)
MountPoints2: {3fac5793-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
MountPoints2: {3fac57a8-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe" [138584 2010-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: [NameServer]10.74.210.210 10.74.210.211
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
==================== Services (Whitelisted) =================
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-04-24] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()
==================== Drivers (Whitelisted) ====================
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-04-24] (Bytemobile, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-04-24] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-14] (TASCAM)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U3 mfeavfk01; No ImagePath
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-07-18 18:37 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:44 - 2013-07-16 14:45 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:22 - 2013-07-16 14:23 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:21 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:19 - 2013-07-16 14:21 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-12 13:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 02:04 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 02:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 02:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 02:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 02:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 02:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 02:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:10 - 2013-06-19 18:15 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
==================== One Month Modified Files and Folders =======
2013-07-18 18:45 - 2012-07-04 03:06 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-07-18 18:45 - 2012-07-04 03:06 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-07-18 18:45 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-18 18:45 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 18:45 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:43 - 2012-07-04 11:51 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:42 - 2012-07-04 11:19 - 02032765 _____ C:\windows\WindowsUpdate.log
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:40 - 2013-05-09 15:59 - 00000000 ____D C:\Users\Georg\AppData\Roaming\HaoZip
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:39 - 2012-07-04 12:02 - 00379535 _____ C:\windows\system32\fastboot.set
2013-07-18 18:39 - 2012-07-04 11:55 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-18 18:38 - 2013-03-30 13:47 - 00790404 _____ C:\FaceProv.log
2013-07-18 18:38 - 2012-07-04 12:01 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 18:38 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 18:38 - 2009-07-14 06:51 - 00071119 _____ C:\windows\setupact.log
2013-07-18 18:37 - 2013-07-18 18:36 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-03-30 20:58 - 00000000 ____D C:\Users\Georg\AppData\Roaming\SoftGrid Client
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-18 18:11 - 2012-07-04 12:01 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 15:36 - 2013-04-22 11:54 - 00000000 ____D C:\Users\Georg\Documents\Youcam
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:45 - 2013-07-16 14:44 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:23 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:22 - 2013-07-16 14:21 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:21 - 2013-07-16 14:19 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:19 - 2013-03-30 13:47 - 00000000 ____D C:\Users\Georg
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-15 21:09 - 2013-04-04 00:03 - 00000000 ____D C:\windows\Minidump
2013-07-15 21:09 - 2013-04-04 00:02 - 449666790 _____ C:\windows\MEMORY.DMP
2013-07-13 02:13 - 2012-07-04 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 02:06 - 2012-07-04 12:01 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:06 - 2012-07-04 12:01 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 01:20 - 2009-07-14 06:45 - 00283104 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 19:59 - 2011-09-29 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 13:52 - 2013-04-07 20:30 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-07 03:31 - 2009-07-14 07:08 - 00032628 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 02:09 - 2013-04-20 11:11 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-03 12:59 - 2010-11-21 05:47 - 00011152 _____ C:\windows\PFRO.log
2013-07-02 01:50 - 2012-07-04 11:50 - 00000000 ____D C:\Program Files\mcafee
2013-06-23 23:48 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:15 - 2013-06-19 18:10 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
2013-06-18 22:00 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Spotify
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 14:49
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Georg at 2013-07-18 18:44:43
Running from C:\Users\Georg\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
3GP to MP3 Converter (x32)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Atheros Client Installation Program (x32 Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39)
B109a-m (x32 Version: 130.0.396.000)
Benutzerhandbuch (x32 Version: 1.0.0.6)
BufferChm (x32 Version: 130.0.331.000)
CVPiano-Modeled (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
eLicenser Control (x32)
Energy Management (x32 Version: 6.0.2.0)
exant HD Audio (Version: 8.54.4.51)
Free All-In-One Media Player (x32)
Free Audio Converter version 5.0.23.320 (x32 Version: 5.0.23.320)
GoforFiles (HKCU Version: 1.9.1)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
HaoZip (Version: v3.0)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HPPhotoGadget (x32 Version: 130.0.282.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001)
Internet Manager (x32 Version: 22.001.18.00.748)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400)
Lenovo EasyCamera (x32 Version: 1.10.1209.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo Games Console (x32 Version: 1.2.6.436)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo YouCam (x32 Version: 3.1.3728)
Live 8.0.9 (x32)
McAfee AntiVirus Plus (x32 Version: 11.6.511)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mobile Partner Manager (x32 Version: 1.0.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Power2Go (x32 Version: 5.6.0.7303)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10003)
Scan (x32 Version: 13.0.0.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Sony Picture Utility (x32 Version: 2.0.01.13310)
Sony USB Driver (x32 Version: 2.00)
Spotify (HKCU Version: 0.9.1.43.gca4c2c73)
Steinberg Cubase LE 5 (x32 Version: 5.1.2)
Steinberg HALionOne (x32 Version: 1.1.0.457)
Steinberg HALionOne Essential Set (x32 Version: 1.0.1.457)
Synaptics Pointing Device Driver (Version: 15.3.0.0)
Toolbox (x32 Version: 130.0.648.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
US-122 MKII / US-144 MKII
UserGuide (x32 Version: 1.0.0.6)
VeriFace (x32 Version: 4.0.0.1224)
VLC media player 2.0.6 (Version: 2.0.6)
Vyzex MPK88-61 (x32 Version: Vyzex MPK88-61 v1.00)
WarrantyExtension (x32 Version: 1.00.0000)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
==================== Restore Points =========================
06-06-2013 13:53:25 Geplanter Prüfpunkt
11-06-2013 22:34:07 Windows Update
16-06-2013 00:06:06 Windows Update
02-07-2013 12:07:31 Windows Modules Installer
02-07-2013 12:08:26 Windows Modules Installer
12-07-2013 11:44:01 Windows Modules Installer
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1646CE39-F1FD-496F-9626-27EC44731A68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {19A10F7A-E654-4E90-9454-41A1445FEB9A} - System32\Tasks\{E4BF12DD-0572-4B3D-9EEE-0C6A5A6294AF} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2013-07-12] (Google Inc.)
Task: {33F56A22-EE6E-4013-B979-E7682EB9B5D5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {6579993E-236F-4D05-8DCB-2B2B1B1D9CAE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A188C716-B642-4D55-AC4D-120356DA6034} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [2013-06-13] (hxxp://www.goforfiles.com/)
Task: {BA85E687-9DEF-4E14-89BF-C228495FE7CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {D9FEE44B-FFC6-4262-A12A-2FA653BC6E39} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2013 06:40:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2013 11:57:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/16/2013 08:21:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/15/2013 09:10:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/15/2013 08:30:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/15/2013 07:54:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2013 11:58:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2013 01:21:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2013 07:59:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrustedInstaller.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7989b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c40f2
ID des fehlerhaften Prozesses: 0x1b84
Startzeit der fehlerhaften Anwendung: 0xTrustedInstaller.exe0
Pfad der fehlerhaften Anwendung: TrustedInstaller.exe1
Pfad des fehlerhaften Moduls: TrustedInstaller.exe2
Berichtskennung: TrustedInstaller.exe3
Error: (07/12/2013 01:42:48 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
System errors:
=============
Error: (07/18/2013 06:38:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/18/2013 06:38:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (07/17/2013 11:55:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/17/2013 11:55:52 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (07/16/2013 08:19:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/16/2013 08:19:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (07/16/2013 04:07:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/16/2013 04:07:26 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (07/15/2013 09:09:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/15/2013 09:09:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Microsoft Office Sessions:
=========================
Error: (07/18/2013 06:40:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/17/2013 11:57:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/16/2013 08:21:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/15/2013 09:10:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/15/2013 08:30:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/15/2013 07:54:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2013 11:58:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2013 01:21:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2013 07:59:39 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f21b8401ce7e9dceef73c3C:\windows\servicing\TrustedInstaller.exeC:\windows\SYSTEM32\ntdll.dlld1b0d2aa-eb1c-11e2-ab00-c01885f49b7d
Error: (07/12/2013 01:42:48 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 4039.86 MB
Available physical RAM: 2103.46 MB
Total Pagefile: 8077.9 MB
Available Pagefile: 5935.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:654.69 GB) (Free:602.98 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.33 GB) NTFS (Disk=0 Partition=4)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 37CC3D33)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
==================== End Of Log ============================
|
|
19.07.2013, 10:20
| #5 |
| /// Malwareteam | Entfernen von WebCake (und mehr?) Hallo Georg_W Taucht Webcake noch irgendwo auf? Du hast da ein Programm mit Namen HaoZip auf dem Rechner das definitiv "Asiatisch" ist. Hast du das installiert? Schritt 1: Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2: ESET Online Scanner
|
|
22.07.2013, 07:57
| #6 |
| /// Malwareteam | Entfernen von WebCake (und mehr?)Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________ --> Entfernen von WebCake (und mehr?) |
|
| Themen zu Entfernen von WebCake (und mehr?) |
| adobe, adobe reader xi, antivirus, autorun, benachrichtigungsdienst, bho, converter, cubase, entfernen, error, explorer, firefox, google, home, homepage, iexplore.exe, install.exe, microsoft office starter 2010, mp3, neustart, ntdll.dll, ntopenkeyex, plug-in, programme, realtek, registry, richtlinie, rundll, scan, schannel.dll, siteadvisor, software, spotify web helper, systemereignisse, temp, usb, usp10.dll, windows |
Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support unterbrochen bis alles an Illegaler Software deinstalliert wurde.
Gruß Aneri 
Hybrid-Darstellung
