Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Entfernen von WebCake (und mehr?)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.07.2013, 14:45   #1
Georg_W
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Hallo liebe Mitglieder von Trojaner-Board,

ich habe mir WebCake eingefangen. Eben habe ich mal recherchiert und bin auf einen Thread eines anderen Nutzers mit ähnlichen Problemen gestoßen. Den habe ich mir dann durchgelesen und eine ungefähre Ahnung bekommen, was das eigentlich ist.
Da in dem Thread darauf hingewiesen wurde, dass Formatierung und Neuinstallation oft schneller und in jedem Fall sicherer ist, ziehe ich das auch in Erwägung, aber jetzt füge ich erstmal die gemäß eurer Anleitung erstellten Logfiles an und hoffe, dass ihr mir weiterhelfen könnt.

Liebe Grüße,
Georg

Code:
ATTFilter
OTL logfile created on: 16.07.2013 14:25:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,45% Memory free
7,89 Gb Paging File | 5,47 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 603,30 Gb Free Space | 92,15% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,33 Gb Free Space | 90,81% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.16 14:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Downloads\OTL.exe
PRC - [2013.07.12 20:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.06.11 21:53:20 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.06.07 22:55:30 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Georg\AppData\Roaming\WebCake\WebCakeDesktop.exe
PRC - [2013.06.07 22:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.24 12:35:20 | 000,224,096 | ---- | M] () -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
PRC - [2012.07.04 11:55:30 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.28 06:03:26 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.14 20:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
PRC - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
PRC - [2010.01.19 12:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2007.01.19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.13 12:57:17 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c0253d1c6c01a370178b15c3489ebb3\IAStorUtil.ni.dll
MOD - [2013.07.13 12:57:17 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll
MOD - [2013.07.13 01:26:47 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013.07.13 01:26:25 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.13 01:26:20 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.13 01:26:08 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013.07.13 01:26:04 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.13 01:26:01 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.13 01:26:00 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.13 01:25:54 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.07.12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013.07.12 20:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013.07.12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013.07.12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013.07.12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013.07.12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.07.04 11:55:29 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.07.04 03:04:27 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.07.04 03:04:17 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013.02.19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013.02.19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.24 12:35:20 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2013.02.25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.01.28 14:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2011.01.28 06:03:34 | 000,344,928 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.14 20:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.24 12:35:20 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2013.04.24 12:35:20 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2013.04.24 12:35:20 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2013.04.24 12:35:20 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2013.04.24 12:35:20 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2013.04.24 12:35:20 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2013.04.24 12:35:20 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2013.04.24 12:35:20 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2013.02.19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013.02.19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013.02.19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013.02.19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013.02.19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013.02.19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013.02.19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.07.24 04:55:06 | 000,204,888 | ---- | M] (Shanghai RuiChuang) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HaoZipVirtualCDBus.sys -- (HaozipVirtualCDBus)
DRV:64bit: - [2012.07.04 12:05:16 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.07.04 12:05:14 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.07.04 12:02:32 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.07.04 12:02:32 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 02:55:24 | 000,409,664 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV:64bit: - [2012.02.14 02:55:24 | 000,050,240 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV:64bit: - [2012.02.14 02:55:24 | 000,031,296 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 05:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 05:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.10 11:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.25 05:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.12.15 05:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010.12.15 05:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.12.15 05:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.12.15 05:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.12.15 05:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.12.10 21:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.09.22 00:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.01.18 12:21:02 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.07.03 12:59:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: WebCake = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [haozipcd] C:\Programme\HaoZip\HaoZipCD.exe (瑞创网络)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Georg\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02966BC9-6720-4603-B055-54242DCD9702}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F251E65-8FAD-430E-8C96-49238BD57F05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: NameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3fac5793-acc8-11e2-9c9c-c01885f49b7d}\Shell - "" = AutoRun
O33 - MountPoints2\{3fac5793-acc8-11e2-9c9c-c01885f49b7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3fac57a8-acc8-11e2-9c9c-c01885f49b7d}\Shell - "" = AutoRun
O33 - MountPoints2\{3fac57a8-acc8-11e2-9c9c-c01885f49b7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.15 21:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.16 14:19:59 | 000,000,000 | ---- | M] () -- C:\Users\Georg\defogger_reenable
[2013.07.16 14:11:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.16 12:18:02 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.16 12:07:55 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.07.16 12:07:55 | 000,654,844 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.07.16 12:07:55 | 000,616,686 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.07.16 12:07:55 | 000,130,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.07.16 12:07:55 | 000,106,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.07.16 12:04:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.15 21:17:12 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 21:17:12 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 21:14:06 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013.07.15 21:10:00 | 000,439,819 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.07.15 21:09:05 | 449,666,790 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.07.15 21:09:03 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.13 02:13:10 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.13 01:20:22 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.06.20 18:05:47 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI
[2013.06.20 18:05:47 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI
 
========== Files Created - No Company Name ==========
 
[2013.07.16 14:19:59 | 000,000,000 | ---- | C] () -- C:\Users\Georg\defogger_reenable
[2013.06.20 18:05:47 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2013.06.20 18:05:47 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2013.04.18 18:40:27 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\wmtog32.dat
[2013.04.09 18:49:57 | 000,003,654 | ---- | C] () -- C:\windows\SysWow64\drivers\Sonyhcp.dll
[2013.04.07 12:29:18 | 000,179,656 | ---- | C] () -- C:\windows\hpoins38.dat
[2013.03.30 20:57:26 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.03.30 14:14:58 | 000,002,892 | ---- | C] () -- C:\windows\SysWow64\audcon.sys
[2013.03.30 14:12:09 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg
[2013.03.30 14:12:05 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe
[2012.07.04 12:10:53 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.07.04 12:10:53 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.07.04 11:55:32 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.07.04 11:55:32 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.07.04 11:55:32 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.07.04 11:55:32 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.07.04 11:55:28 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.07.04 11:47:02 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2012.07.04 11:47:02 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2012.07.04 11:42:15 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.07.04 11:30:39 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.07.04 11:30:38 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.07.04 11:30:37 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.30 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Ableton
[2013.04.19 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DVDVideoSoft
[2013.06.13 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\GoforFiles
[2013.07.15 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\HaoZip
[2013.07.12 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SoftGrid Client
[2013.06.18 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Spotify
[2013.03.30 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Steinberg
[2013.06.12 16:53:18 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Systweak
[2013.04.24 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\T-Mobile
[2013.03.30 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TP
[2013.03.30 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\VST3 Presets
[2013.06.13 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\WebCake
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 16.07.2013 14:25:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georg\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,45% Memory free
7,89 Gb Paging File | 5,47 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 603,30 Gb Free Space | 92,15% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,33 Gb Free Space | 90,81% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5C87F5-64E3-4ED6-B8CA-1F79857BE4A0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D58C5450-D478-45B7-B83E-96CB7ABDB213}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F44172-0543-452B-933A-A521DD7BE65D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{238F7849-D5B1-47A3-AAC9-854F58AC9A3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{37E4D09C-A9CC-4CA5-96A7-8ADE59CE48C5}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 
"{4836C107-3AFE-4DFA-AF25-40B298F1A107}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5DA7B6A6-5A4C-4C7F-BF95-1E2C06985075}" = protocol=6 | dir=in | app=f:\o2cd.exe | 
"{857D8F80-6045-4A39-9B2B-37BF946DE903}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{957F576F-6894-4E15-92B5-4E6BB7E60973}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 
"{9A19D4F4-CB3E-49D0-8979-E7627BD2B9E6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C3259164-3A11-4AE9-A449-0B8288F76BE4}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 
"{C63A47F6-ED0D-4B66-B4E1-C65596C011C6}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 
"{E434E095-CF1A-47B7-A0D9-2A19C87FAD42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FF32FFAF-C035-4E18-86CF-DEAC2FABE7F7}" = protocol=17 | dir=in | app=f:\o2cd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"HaoZip" = HaoZip
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"VLC media player" = VLC media player 2.0.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D6EC5D2-F890-4D95-BA22-3D3CE41C6821}_is1" = Vyzex MPK88-61
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3GP to MP3 Converter_is1" = 3GP to MP3 Converter
"CVPiano-Modeled" = CVPiano-Modeled
"eLicenser Control" = eLicenser Control
"Free Audio Converter_is1" = Free Audio Converter version 5.0.23.320
"Free Media Player_is1" = Free All-In-One Media Player
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Internet Manager" = Internet Manager
"Lenovo Games Console" = Lenovo Games Console
"Live 8.0.9" = Live 8.0.9
"MSC" = McAfee AntiVirus Plus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoforFiles" = GoforFiles
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2013 17:47:42 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2013 04:49:06 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2013 06:21:50 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2013 17:08:48 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2013 11:35:25 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2013 08:03:32 | Computer Name = Georg-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 03.07.2013 07:01:33 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.07.2013 16:27:28 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.07.2013 04:06:40 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.07.2013 15:33:19 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Gruppenrichtlinienclient" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" wurde
 unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Server" wurde unerwartet beendet. Dies ist bereits 1 Mal
 vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-16 15:09:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST750LM0 rev.2AR1 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Georg\AppData\Local\Temp\fgloqpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                                                                                    fffff800037b5000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                                                                                                    fffff800037b502f 16 bytes [00, E6, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

?         C:\Windows\system32\tschannel.dll [524] entry point in ".rsrc" section                                                                                                                                                                000007fefc736894
.text     C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2592] C:\windows\system32\kernel32.dll!LoadLibraryW                                                                                                                       00000000770c6f80 5 bytes JMP 000000016b9cb440
.text     C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2592] C:\windows\system32\kernel32.dll!LoadLibraryA                                                                                                                       00000000770c7070 5 bytes JMP 000000016b9cb320
.text     C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960  000000002dc95984 4 bytes [38, 9A, 2E, 93]
.text     C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                     0000000075691465 2 bytes [69, 75]
.text     C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    00000000756914bb 2 bytes [69, 75]
.text     ...                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtClose                                                                                                00000000774cf9c0 5 bytes JMP 0000000168145f49
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                          00000000774cf9d8 5 bytes JMP 0000000168146411
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                              00000000774cfa08 5 bytes JMP 000000016814016d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                    00000000774cfa20 5 bytes JMP 000000016813fbca
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                             00000000774cfa70 5 bytes JMP 000000016813fa44
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                        00000000774cfa88 2 bytes JMP 000000016813fb52
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3                                                                                    00000000774cfa8b 2 bytes [C7, F0]
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                            00000000774cfb20 5 bytes JMP 0000000168140424
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                   00000000774cfc18 5 bytes JMP 0000000168144369
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                         00000000774cfd2c 5 bytes JMP 000000016813f9cc
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                             00000000774cfd44 5 bytes JMP 0000000168144959
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                   00000000774cfd78 5 bytes JMP 00000001681439de
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                      00000000774cfe24 5 bytes JMP 0000000168145fc4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                  00000000774cfe3c 5 bytes JMP 0000000168144adb
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                           00000000774d0094 5 bytes JMP 0000000168144791
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                          00000000774d01a4 5 bytes JMP 000000016813fc42
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                           00000000774d09c4 5 bytes JMP 0000000168144584
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                            00000000774d09dc 5 bytes JMP 000000016813cc5b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                       00000000774d0a24 5 bytes JMP 000000016813cd29
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                             00000000774d0b60 5 bytes JMP 000000016813ccc2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                      00000000774d0f50 5 bytes JMP 000000016813fcba
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                             00000000774d0f68 5 bytes JMP 000000016813ff45
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                            00000000774d0ff8 5 bytes JMP 00000001681401fd
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                              00000000774d131c 5 bytes JMP 0000000168144b6b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                00000000774d145c 5 bytes JMP 000000016813fec9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                  00000000774d1508 5 bytes JMP 0000000168146389
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                            00000000774d16f8 1 byte JMP 000000016813d138
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtRenameKey + 2                                                                                        00000000774d16fa 3 bytes {JMP 0xfffffffff0c6ba40}
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                    00000000774d1a38 5 bytes JMP 000000016813facc
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                    00000000774d1b7c 5 bytes JMP 000000016814616c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                                                      00000000754e103d 5 bytes JMP 00000001681193a9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                                                      00000000754e1072 5 bytes JMP 00000001681194e7
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                000000007550c9b5 5 bytes JMP 000000016811971d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW                                                                                    00000000755600c3 5 bytes JMP 0000000168119efe
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA                                                                                    000000007556016b 5 bytes JMP 000000016811a231
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!WinExec                                                                                             0000000075562c91 5 bytes JMP 0000000168119aa0
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!AllocConsole                                                                                        0000000075586b3e 5 bytes JMP 0000000168147431
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!AttachConsole                                                                                       0000000075586c02 5 bytes JMP 0000000168147443
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    0000000074f72aa4 5 bytes JMP 000000016811a43c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                                       0000000075058a29 5 bytes JMP 0000000168147419
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                                                       000000007505d22e 5 bytes JMP 0000000168147401
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\GDI32.dll!AddFontResourceW                                                                                       0000000074fed2b2 5 bytes JMP 0000000168127617
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\GDI32.dll!AddFontResourceA                                                                                       0000000074fed7bb 5 bytes JMP 00000001681275fb
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW                                                                              0000000076f61e3a 7 bytes JMP 000000016812a3b9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW                                                                               0000000076f6b466 7 bytes JMP 000000016812b2da
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW                                                                                  0000000076f878ff 7 bytes JMP 000000016812aa60
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW                                                                              0000000076f879bb 7 bytes JMP 000000016812ac11
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA                                                                               0000000076f8a3e2 7 bytes JMP 000000016812b3a0
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                0000000076fa2538 5 bytes JMP 000000016811985f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA                                                                                  0000000076fc1b94 7 bytes JMP 000000016812ab18
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA                                                                              0000000076fc1c31 7 bytes JMP 000000016812acc9
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA                                                                                 0000000076fc2021 7 bytes JMP 000000016812b21c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA                                                                              0000000076fc2104 7 bytes JMP 000000016812a470
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW                                                                                 0000000076fc2221 5 bytes JMP 000000016812b15e
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlService                                                                                       0000000075674d5c 7 bytes JMP 000000016812a1fe
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle                                                                                   0000000075674dc3 7 bytes JMP 000000016812a527
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus                                                                                   0000000075674e4b 7 bytes JMP 000000016812a28a
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx                                                                                 0000000075674eaf 7 bytes JMP 000000016812a31d
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!StartServiceW                                                                                        0000000075674f35 7 bytes JMP 000000016812a079
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!StartServiceA                                                                                        000000007567508d 7 bytes JMP 000000016812a10f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity                                                                           00000000756750f4 7 bytes JMP 000000016812b02c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                             0000000075675181 7 bytes JMP 000000016812b0c8
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                 0000000075675254 7 bytes JMP 000000016812a728
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                 00000000756753d5 7 bytes JMP 000000016812a643
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                                00000000756754c2 7 bytes JMP 000000016812a9ca
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                                00000000756755e2 7 bytes JMP 000000016812a934
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                                                                       000000007567567c 7 bytes JMP 0000000168129e5b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                                                                       000000007567589f 7 bytes JMP 0000000168129d85
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!DeleteService                                                                                        0000000075675a22 7 bytes JMP 000000016812a5b5
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA                                                                                  0000000075675a83 7 bytes JMP 000000016812ae5b
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW                                                                                  0000000075675b29 7 bytes JMP 000000016812adc2
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlServiceExA                                                                                    0000000075675ca0 7 bytes JMP 0000000168129535
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlServiceExW                                                                                    0000000075675d8c 7 bytes JMP 00000001681294bc
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW                                                                                       00000000756763ad 7 bytes JMP 0000000168129a83
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA                                                                                       00000000756764f0 7 bytes JMP 0000000168129b0f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A                                                                                 0000000075676633 7 bytes JMP 000000016812af90
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W                                                                                 000000007567680c 7 bytes JMP 000000016812aef4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenServiceW                                                                                         000000007567714b 7 bytes JMP 0000000168129bf8
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenServiceA                                                                                         0000000075677245 7 bytes JMP 0000000168129c84
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid                                                                                      0000000076dac56e 5 bytes JMP 00000001681311c4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                               0000000076daea09 7 bytes JMP 0000000168131795
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleRun                                                                                                 0000000076db07de 5 bytes JMP 0000000168131650
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                  0000000076db21e1 5 bytes JMP 00000001681322c5
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleUninitialize                                                                                        0000000076dbeba1 6 bytes JMP 000000016813156f
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleInitialize                                                                                          0000000076dbefd7 5 bytes JMP 00000001681314ff
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetPSClsid                                                                                           0000000076dc26b9 5 bytes JMP 000000016813133c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetClassObject                                                                                       0000000076dd54ad 5 bytes JMP 0000000168132853
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoInitializeEx                                                                                         0000000076de09ad 5 bytes JMP 00000001681313af
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoUninitialize                                                                                         0000000076de86d3 5 bytes JMP 0000000168131431
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                                                       0000000076de9d0b 5 bytes JMP 0000000168133b21
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                     0000000076de9d4e 5 bytes JMP 0000000168131c5c
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                              0000000076e0bb09 7 bytes JMP 00000001681316c0
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                    0000000076e2eacf 5 bytes JMP 0000000168130c21
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                  0000000076e6340b 5 bytes JMP 0000000168132d13
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                    0000000076eacfd9 5 bytes JMP 00000001681315da
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject                                                                                000000007546279e 5 bytes JMP 0000000168130eb4
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject                                                                                  0000000075463294 5 bytes JMP 0000000168130fd5
.text     C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!GetActiveObject                                                                                     0000000075478f40 5 bytes JMP 0000000168131048
---- Processes - GMER 2.1 ----

Library   Q:\140066.deu\Office14\WINWORDC.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                                 000000002fc20000
Library   Q:\140066.deu\Office14\wwlibc.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                                   0000000066ea0000
Library   Q:\140066.deu\Office14\gfx.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                                      0000000066cf0000
Library   Q:\140066.deu\Office14\oart.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                                     000000005dc20000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                      000000005ff00000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                          00000000661e0000
Library   Q:\140066.deu\Office14\1031\WWINTLC.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                             0000000068210000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\1031\MSOINTL.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                             000000005d910000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                   000000006be20000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                 000000005fdb0000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSORES.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                   00000000593e0000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\USP10.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                    0000000059340000
Library   Q:\140066.deu\Office14\msproof7.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                                 000000006d8c0000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Csi.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                      0000000058bb0000
Library   Q:\140066.deu\Office14\IEAWSDC.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                                  000000006c3e0000
Library   Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                       00000000592b0000
Library   Q:\140066.deu\OFFICE14\PROOF\MSSP7GE.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                            0000000059120000
Library   Q:\140066.deu\OFFICE14\PROOF\1031\MSGR3GE.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                       0000000058a40000
Library   Q:\140066.deu\Office14\mscss7ge.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                                 000000006c030000
Library   Q:\140066.deu\Office14\css7Data0007.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660]                                                                                                                             00000000589c0000
Library   Q:\140066.deu\Office14\OffSpon.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [6744]                                                                                                                                   000000002d2d0000
Library   Q:\140066.deu\Office14\msadctls.dll (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [6744]                                                                                                                                  00000000587e0000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                                                                                                                                                           
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d                                                                                                                                                           
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@f8d0bd1156bb                                                                                                                                              0x5C 0xFD 0x3A 0x97 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@001f01ae97b7                                                                                                                                              0x48 0x69 0x44 0xE5 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@6cd68a2ad3a3                                                                                                                                              0xC6 0x91 0x37 0xB0 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@002608c75d23                                                                                                                                              0x54 0x95 0x0A 0x30 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)                                                                                                                                       
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d (not active ControlSet)                                                                                                                                       
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@f8d0bd1156bb                                                                                                                                                  0x5C 0xFD 0x3A 0x97 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@001f01ae97b7                                                                                                                                                  0x48 0x69 0x44 0xE5 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@6cd68a2ad3a3                                                                                                                                                  0xC6 0x91 0x37 0xB0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@002608c75d23                                                                                                                                                  0x54 0x95 0x0A 0x30 ...

---- EOF - GMER 2.1 ----
         

Alt 16.07.2013, 15:11   #2
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)





Mein Name ist Heiko.

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 17.07.2013, 07:54   #3
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)





Mein Name ist Heiko, ich werde dir bei deinem Problem helfen.
Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.

Bitte Lesen:
Regeln für die Bereinigung

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden.
Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.
  • Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support unterbrochen bis alles an Illegaler Software deinstalliert wurde.
  • Falls es sich bei dem Rechner um einen Firmenrechner handelt teile es mir bitte mit.

  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt die angeforderte Rückmeldung (Logfile oder Antwort)
    und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
  • Bitte führe nur Scanns durch zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu von mir oder einem anderen Teammitglied aufgefordert.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss (erleichtert uns die Arbeit).
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.


Dann fangen wir mal mit Schritt 1 an:

Deinstalliere bitte folgende Programme über Start, Systemsteuerung, Programme:

Code:
ATTFilter
Webcake 3.00
         
Schritt 2:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
__________________

Alt 18.07.2013, 17:54   #4
Georg_W
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Ist es normal, dass 3 FRST Logs erstellt werden?

Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 18/07/2013 um 18:36:22 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Georg - GEORG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Georg\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1815 octets] - [18/07/2013 18:36:22]

########## EOF - C:\AdwCleaner[S1].txt - [1875 octets] ##########
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Georg (administrator) on 18-07-2013 18:42:47
Running from C:\Users\Georg\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(hxxp://www.goforfiles.com/) C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-07-04] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-07-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-07-04] (Lenovo(beijing) Limited)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [haozipcd] - C:\Program Files\HaoZip\HaoZipCD.exe [413448 2012-07-25] (瑞创网络)
MountPoints2: {3fac5793-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
MountPoints2: {3fac57a8-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe" [138584 2010-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: [NameServer]10.74.210.210 10.74.210.211

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0

==================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-04-24] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()

==================== Drivers (Whitelisted) ====================

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-04-24] (Bytemobile, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-04-24] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-14] (TASCAM)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U3 mfeavfk01; No ImagePath
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-07-18 18:37 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:44 - 2013-07-16 14:45 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:22 - 2013-07-16 14:23 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:21 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:19 - 2013-07-16 14:21 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-12 13:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 02:04 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 02:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 02:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 02:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 02:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 02:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 02:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:10 - 2013-06-19 18:15 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp

==================== One Month Modified Files and Folders =======

2013-07-18 18:43 - 2012-07-04 11:51 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:40 - 2013-05-09 15:59 - 00000000 ____D C:\Users\Georg\AppData\Roaming\HaoZip
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:39 - 2012-07-04 12:02 - 00379535 _____ C:\windows\system32\fastboot.set
2013-07-18 18:39 - 2012-07-04 11:55 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-18 18:38 - 2013-03-30 13:47 - 00790404 _____ C:\FaceProv.log
2013-07-18 18:38 - 2012-07-04 12:01 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 18:38 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 18:38 - 2009-07-14 06:51 - 00071119 _____ C:\windows\setupact.log
2013-07-18 18:37 - 2013-07-18 18:36 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:37 - 2012-07-04 11:19 - 02032765 _____ C:\windows\WindowsUpdate.log
2013-07-18 18:36 - 2013-03-30 20:58 - 00000000 ____D C:\Users\Georg\AppData\Roaming\SoftGrid Client
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-18 18:11 - 2012-07-04 12:01 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 17:45 - 2012-07-04 03:06 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-07-18 17:45 - 2012-07-04 03:06 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-07-18 17:45 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-18 15:36 - 2013-04-22 11:54 - 00000000 ____D C:\Users\Georg\Documents\Youcam
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:45 - 2013-07-16 14:44 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:23 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:22 - 2013-07-16 14:21 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:21 - 2013-07-16 14:19 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:19 - 2013-03-30 13:47 - 00000000 ____D C:\Users\Georg
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-15 21:09 - 2013-04-04 00:03 - 00000000 ____D C:\windows\Minidump
2013-07-15 21:09 - 2013-04-04 00:02 - 449666790 _____ C:\windows\MEMORY.DMP
2013-07-13 02:13 - 2012-07-04 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 02:06 - 2012-07-04 12:01 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:06 - 2012-07-04 12:01 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 01:20 - 2009-07-14 06:45 - 00283104 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 19:59 - 2011-09-29 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 13:52 - 2013-04-07 20:30 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-07 03:31 - 2009-07-14 07:08 - 00032628 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 02:09 - 2013-04-20 11:11 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-03 12:59 - 2010-11-21 05:47 - 00011152 _____ C:\windows\PFRO.log
2013-07-02 01:50 - 2012-07-04 11:50 - 00000000 ____D C:\Program Files\mcafee
2013-06-23 23:48 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:15 - 2013-06-19 18:10 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
2013-06-18 22:00 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Spotify

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 14:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Georg (administrator) on 18-07-2013 18:45:11
Running from C:\Users\Georg\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(hxxp://www.goforfiles.com/) C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-07-04] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-07-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-07-04] (Lenovo(beijing) Limited)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [haozipcd] - C:\Program Files\HaoZip\HaoZipCD.exe [413448 2012-07-25] (瑞创网络)
MountPoints2: {3fac5793-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
MountPoints2: {3fac57a8-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe" [138584 2010-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: [NameServer]10.74.210.210 10.74.210.211

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0

==================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-04-24] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()

==================== Drivers (Whitelisted) ====================

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-04-24] (Bytemobile, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-04-24] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-14] (TASCAM)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U3 mfeavfk01; No ImagePath
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-07-18 18:37 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:44 - 2013-07-16 14:45 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:22 - 2013-07-16 14:23 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:21 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:19 - 2013-07-16 14:21 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-12 13:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 02:04 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 02:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 02:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 02:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 02:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 02:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 02:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:10 - 2013-06-19 18:15 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp

==================== One Month Modified Files and Folders =======

2013-07-18 18:45 - 2012-07-04 03:06 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-07-18 18:45 - 2012-07-04 03:06 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-07-18 18:45 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:43 - 2012-07-04 11:51 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:42 - 2012-07-04 11:19 - 02032765 _____ C:\windows\WindowsUpdate.log
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:40 - 2013-05-09 15:59 - 00000000 ____D C:\Users\Georg\AppData\Roaming\HaoZip
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:39 - 2012-07-04 12:02 - 00379535 _____ C:\windows\system32\fastboot.set
2013-07-18 18:39 - 2012-07-04 11:55 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-18 18:38 - 2013-03-30 13:47 - 00790404 _____ C:\FaceProv.log
2013-07-18 18:38 - 2012-07-04 12:01 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 18:38 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 18:38 - 2009-07-14 06:51 - 00071119 _____ C:\windows\setupact.log
2013-07-18 18:37 - 2013-07-18 18:36 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-03-30 20:58 - 00000000 ____D C:\Users\Georg\AppData\Roaming\SoftGrid Client
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-18 18:11 - 2012-07-04 12:01 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 15:36 - 2013-04-22 11:54 - 00000000 ____D C:\Users\Georg\Documents\Youcam
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 12:03 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:45 - 2013-07-16 14:44 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:23 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:22 - 2013-07-16 14:21 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:21 - 2013-07-16 14:19 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:19 - 2013-03-30 13:47 - 00000000 ____D C:\Users\Georg
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-15 21:09 - 2013-04-04 00:03 - 00000000 ____D C:\windows\Minidump
2013-07-15 21:09 - 2013-04-04 00:02 - 449666790 _____ C:\windows\MEMORY.DMP
2013-07-13 02:13 - 2012-07-04 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 02:06 - 2012-07-04 12:01 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:06 - 2012-07-04 12:01 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 01:20 - 2009-07-14 06:45 - 00283104 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 19:59 - 2011-09-29 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 13:52 - 2013-04-07 20:30 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-07 03:31 - 2009-07-14 07:08 - 00032628 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 02:09 - 2013-04-20 11:11 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-03 12:59 - 2010-11-21 05:47 - 00011152 _____ C:\windows\PFRO.log
2013-07-02 01:50 - 2012-07-04 11:50 - 00000000 ____D C:\Program Files\mcafee
2013-06-23 23:48 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:15 - 2013-06-19 18:10 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
2013-06-18 22:00 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Spotify

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 14:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Georg (administrator) on 18-07-2013 18:45:54
Running from C:\Users\Georg\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(hxxp://www.goforfiles.com/) C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-07-04] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-07-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-07-04] (Lenovo(beijing) Limited)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-11] (Spotify Ltd)
HKCU\...\Run: [haozipcd] - C:\Program Files\HaoZip\HaoZipCD.exe [413448 2012-07-25] (瑞创网络)
MountPoints2: {3fac5793-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
MountPoints2: {3fac57a8-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe" [138584 2010-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: [NameServer]10.74.210.210 10.74.210.211

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0

==================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-04-24] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()

==================== Drivers (Whitelisted) ====================

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-04-24] (Bytemobile, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-04-24] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-14] (TASCAM)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U3 mfeavfk01; No ImagePath
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-07-18 18:37 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:44 - 2013-07-16 14:45 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:22 - 2013-07-16 14:23 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:21 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:19 - 2013-07-16 14:21 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-12 13:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 02:04 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 02:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 02:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 02:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 02:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 02:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 02:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:10 - 2013-06-19 18:15 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp

==================== One Month Modified Files and Folders =======

2013-07-18 18:45 - 2012-07-04 03:06 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-07-18 18:45 - 2012-07-04 03:06 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-07-18 18:45 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-18 18:45 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 18:45 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 18:44 - 2013-07-18 18:44 - 00016219 _____ C:\Users\Georg\Downloads\Addition.txt
2013-07-18 18:43 - 2012-07-04 11:51 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:42 - 2012-07-04 11:19 - 02032765 _____ C:\windows\WindowsUpdate.log
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:40 - 2013-05-09 15:59 - 00000000 ____D C:\Users\Georg\AppData\Roaming\HaoZip
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:39 - 2012-07-04 12:02 - 00379535 _____ C:\windows\system32\fastboot.set
2013-07-18 18:39 - 2012-07-04 11:55 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-18 18:38 - 2013-03-30 13:47 - 00790404 _____ C:\FaceProv.log
2013-07-18 18:38 - 2012-07-04 12:01 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 18:38 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 18:38 - 2009-07-14 06:51 - 00071119 _____ C:\windows\setupact.log
2013-07-18 18:37 - 2013-07-18 18:36 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-03-30 20:58 - 00000000 ____D C:\Users\Georg\AppData\Roaming\SoftGrid Client
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-18 18:11 - 2012-07-04 12:01 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 15:36 - 2013-04-22 11:54 - 00000000 ____D C:\Users\Georg\Documents\Youcam
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:45 - 2013-07-16 14:44 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:23 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:22 - 2013-07-16 14:21 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:21 - 2013-07-16 14:19 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:19 - 2013-03-30 13:47 - 00000000 ____D C:\Users\Georg
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-15 21:09 - 2013-04-04 00:03 - 00000000 ____D C:\windows\Minidump
2013-07-15 21:09 - 2013-04-04 00:02 - 449666790 _____ C:\windows\MEMORY.DMP
2013-07-13 02:13 - 2012-07-04 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 02:06 - 2012-07-04 12:01 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:06 - 2012-07-04 12:01 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 01:20 - 2009-07-14 06:45 - 00283104 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 19:59 - 2011-09-29 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 13:52 - 2013-04-07 20:30 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-07 03:31 - 2009-07-14 07:08 - 00032628 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 02:09 - 2013-04-20 11:11 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ____D C:\ProgramData\Skype
2013-07-03 12:59 - 2010-11-21 05:47 - 00011152 _____ C:\windows\PFRO.log
2013-07-02 01:50 - 2012-07-04 11:50 - 00000000 ____D C:\Program Files\mcafee
2013-06-23 23:48 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-06-20 18:05 - 2013-06-20 18:05 - 00000425 _____ C:\windows\BRWMARK.INI
2013-06-20 18:05 - 2013-06-20 18:05 - 00000027 _____ C:\windows\BRPP2KA.INI
2013-06-19 18:15 - 2013-06-19 18:10 - 54068622 _____ C:\Users\Georg\Downloads\BR #75 Machinedrum.m4a
2013-06-19 15:37 - 2013-06-19 15:37 - 00090104 _____ C:\Users\Georg\Downloads\Plakat_Flyer_checkIn2013.jpeg
2013-06-18 22:04 - 2013-06-18 22:04 - 00262144 _____ C:\windows\Minidump\061813-29827-01.dmp
2013-06-18 22:00 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Spotify

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 14:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Georg at 2013-07-18 18:44:43
Running from C:\Users\Georg\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
3GP to MP3 Converter (x32)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Atheros Client Installation Program (x32 Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39)
B109a-m (x32 Version: 130.0.396.000)
Benutzerhandbuch (x32 Version: 1.0.0.6)
BufferChm (x32 Version: 130.0.331.000)
CVPiano-Modeled (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
eLicenser Control (x32)
Energy Management (x32 Version: 6.0.2.0)
exant HD Audio (Version: 8.54.4.51)
Free All-In-One Media Player (x32)
Free Audio Converter version 5.0.23.320 (x32 Version: 5.0.23.320)
GoforFiles (HKCU Version: 1.9.1)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
HaoZip (Version: v3.0)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HPPhotoGadget (x32 Version: 130.0.282.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001)
Internet Manager (x32 Version: 22.001.18.00.748)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400)
Lenovo EasyCamera (x32 Version: 1.10.1209.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo Games Console (x32 Version: 1.2.6.436)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo YouCam (x32 Version: 3.1.3728)
Live 8.0.9 (x32)
McAfee AntiVirus Plus (x32 Version: 11.6.511)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mobile Partner Manager (x32 Version: 1.0.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Power2Go (x32 Version: 5.6.0.7303)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10003)
Scan (x32 Version: 13.0.0.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Sony Picture Utility (x32 Version: 2.0.01.13310)
Sony USB Driver (x32 Version: 2.00)
Spotify (HKCU Version: 0.9.1.43.gca4c2c73)
Steinberg Cubase LE 5 (x32 Version: 5.1.2)
Steinberg HALionOne (x32 Version: 1.1.0.457)
Steinberg HALionOne Essential Set (x32 Version: 1.0.1.457)
Synaptics Pointing Device Driver (Version: 15.3.0.0)
Toolbox (x32 Version: 130.0.648.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
US-122 MKII / US-144 MKII
UserGuide (x32 Version: 1.0.0.6)
VeriFace (x32 Version: 4.0.0.1224)
VLC media player 2.0.6 (Version: 2.0.6)
Vyzex MPK88-61 (x32 Version: Vyzex MPK88-61 v1.00)
WarrantyExtension (x32 Version: 1.00.0000)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)

==================== Restore Points  =========================

06-06-2013 13:53:25 Geplanter Prüfpunkt
11-06-2013 22:34:07 Windows Update
16-06-2013 00:06:06 Windows Update
02-07-2013 12:07:31 Windows Modules Installer
02-07-2013 12:08:26 Windows Modules Installer
12-07-2013 11:44:01 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1646CE39-F1FD-496F-9626-27EC44731A68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {19A10F7A-E654-4E90-9454-41A1445FEB9A} - System32\Tasks\{E4BF12DD-0572-4B3D-9EEE-0C6A5A6294AF} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2013-07-12] (Google Inc.)
Task: {33F56A22-EE6E-4013-B979-E7682EB9B5D5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {6579993E-236F-4D05-8DCB-2B2B1B1D9CAE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A188C716-B642-4D55-AC4D-120356DA6034} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [2013-06-13] (hxxp://www.goforfiles.com/)
Task: {BA85E687-9DEF-4E14-89BF-C228495FE7CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {D9FEE44B-FFC6-4262-A12A-2FA653BC6E39} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2013 06:40:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:57:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2013 08:21:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 09:10:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 08:30:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 07:54:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 11:58:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 01:21:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 07:59:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrustedInstaller.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7989b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c40f2
ID des fehlerhaften Prozesses: 0x1b84
Startzeit der fehlerhaften Anwendung: 0xTrustedInstaller.exe0
Pfad der fehlerhaften Anwendung: TrustedInstaller.exe1
Pfad des fehlerhaften Moduls: TrustedInstaller.exe2
Berichtskennung: TrustedInstaller.exe3

Error: (07/12/2013 01:42:48 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).


System errors:
=============
Error: (07/18/2013 06:38:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/18/2013 06:38:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (07/17/2013 11:55:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/17/2013 11:55:52 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (07/16/2013 08:19:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/16/2013 08:19:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (07/16/2013 04:07:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/16/2013 04:07:26 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (07/15/2013 09:09:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/15/2013 09:09:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.


Microsoft Office Sessions:
=========================
Error: (07/18/2013 06:40:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2013 11:57:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2013 08:21:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 09:10:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 08:30:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 07:54:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 11:58:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2013 01:21:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2013 07:59:39 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f21b8401ce7e9dceef73c3C:\windows\servicing\TrustedInstaller.exeC:\windows\SYSTEM32\ntdll.dlld1b0d2aa-eb1c-11e2-ab00-c01885f49b7d

Error: (07/12/2013 01:42:48 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 4039.86 MB
Available physical RAM: 2103.46 MB
Total Pagefile: 8077.9 MB
Available Pagefile: 5935.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:602.98 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.33 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 37CC3D33)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 19.07.2013, 10:20   #5
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Hallo Georg_W

Taucht Webcake noch irgendwo auf?
Du hast da ein Programm mit Namen HaoZip auf dem Rechner das definitiv "Asiatisch" ist.
Hast du das installiert?

Schritt 1:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 2:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 22.07.2013, 07:57   #6
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)




Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________
--> Entfernen von WebCake (und mehr?)

Alt 23.07.2013, 13:42   #7
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 23.07.2013, 23:06   #8
Georg_W
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Tut mir Leid, ich bin in den letzten Tagen nicht dazu gekommen.
HaoZip habe ich mal (von Chip, wenn ich mich richtig erinnere) als kostenlose WinZip-Alternative installiert.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Georg :: GEORG-PC [Administrator]

Schutz: Aktiviert

23.07.2013 19:36:55
mbam-log-2013-07-23 (19-36-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213823
Laufzeit: 3 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=33475602297b934985d0e6e40496ddd5
# engine=14506
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 06:38:10
# local_time=2013-07-23 08:38:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 16 23 4742 33046100 0 0
# compatibility_mode=5893 16776573 100 94 952722 126234540 0 0
# scanned=126533
# found=1
# cleaned=0
# scan_time=3021
sh=67D181F0D9FEC6690C0AE4C606DEA14A5C0E6CDD ft=1 fh=3b21a895403b5dee vn="multiple threats" ac=I fn="C:\Users\Georg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19JEPNHL\WebCakesetup[1].exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=33475602297b934985d0e6e40496ddd5
# engine=14506
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 09:47:16
# local_time=2013-07-23 11:47:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 16 23 16088 33057446 0 0
# compatibility_mode=5893 16776573 100 94 0 126245886 0 0
# scanned=126691
# found=1
# cleaned=0
# scan_time=10884
sh=67D181F0D9FEC6690C0AE4C606DEA14A5C0E6CDD ft=1 fh=3b21a895403b5dee vn="multiple threats" ac=I fn="C:\Users\Georg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19JEPNHL\WebCakesetup[1].exe"
         

Alt 24.07.2013, 23:01   #9
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Hallo Georg_W

Schritt 1:

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Schritt 2:

Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 27.07.2013, 19:16   #10
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)




Hi,

ich hab nun zum zweiten mal länger keine Antwort mehr von dir erhalten.
Brauchst du weiterhin noch Hilfe?

Du bindest Ressourcen die ich für andere User benötige!

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 28.07.2013, 11:06   #11
Georg_W
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Mach mich gerade dran.

Hat 2 ausgespuckt:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013 04
Ran by Georg (administrator) on 28-07-2013 12:02:52
Running from C:\Users\Georg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFJDJEBN
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(瑞创网络) C:\Program Files\HaoZip\HaoZipCD.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-07-04] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-07-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-07-04] (Lenovo(beijing) Limited)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-19] (Spotify Ltd)
HKCU\...\Run: [haozipcd] - C:\Program Files\HaoZip\HaoZipCD.exe [413448 2012-07-25] (瑞创网络)
MountPoints2: {3fac5793-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
MountPoints2: {3fac57a8-acc8-11e2-9c9c-c01885f49b7d} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe [138584 2010-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: [NameServer]10.74.210.210 10.74.210.211

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2013-04-24] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-24] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-24] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-04-24] (Bytemobile, Inc.)
R3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-04-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-14] (TASCAM)
S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-14] (TASCAM)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2013-04-24] (Bytemobile, Inc.)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-28 12:00 - 2013-07-28 12:00 - 01780815 _____ (Farbar) C:\Users\Georg\Downloads\FRST64 (1).exe
2013-07-28 11:53 - 2013-07-28 11:53 - 00448512 _____ (OldTimer Tools) C:\Users\Georg\Desktop\TFC.exe
2013-07-24 13:08 - 2013-07-28 11:08 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-24 13:08 - 2013-07-24 13:08 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-24 13:08 - 2013-07-24 13:08 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-24 13:08 - 2013-07-24 13:08 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-24 13:08 - 2013-07-24 13:08 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 13:08 - 2013-07-24 13:08 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 13:08 - 2013-07-24 13:08 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-24 13:08 - 2013-07-24 13:08 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 13:08 - 2013-07-24 13:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 13:08 - 2013-07-24 13:08 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-24 13:08 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-07-24 13:08 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-07-24 13:08 - 2013-05-09 10:59 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-07-24 13:08 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-07-24 13:08 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-07-24 13:08 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-07-24 13:08 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-07-24 13:07 - 2013-07-24 13:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 13:06 - 2013-07-24 13:06 - 117478104 _____ C:\Users\Georg\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-23 20:45 - 2013-07-23 20:45 - 02347384 _____ (ESET) C:\Users\Georg\Downloads\esetsmartinstaller_enu (1).exe
2013-07-23 19:43 - 2013-07-23 19:43 - 02347384 _____ (ESET) C:\Users\Georg\Downloads\esetsmartinstaller_enu.exe
2013-07-23 19:34 - 2013-07-23 19:34 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-23 19:34 - 2013-07-23 19:34 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Malwarebytes
2013-07-23 19:34 - 2013-07-23 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 19:34 - 2013-07-23 19:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 19:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-23 19:33 - 2013-07-23 19:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Georg\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-22 22:13 - 2013-07-22 22:13 - 00000000 ____D C:\ProgramData\Energy Management
2013-07-19 02:18 - 2013-07-19 02:21 - 00000000 ____D C:\windows\system32\MRT
2013-07-18 18:49 - 2013-07-18 18:49 - 00028570 _____ C:\Users\Georg\Desktop\FRST_2.txt
2013-07-18 18:49 - 2013-07-18 18:49 - 00028504 _____ C:\Users\Georg\Desktop\FRST_3.txt
2013-07-18 18:49 - 2013-07-18 18:49 - 00016219 _____ C:\Users\Georg\Desktop\Addition.txt
2013-07-18 18:48 - 2013-07-18 18:48 - 00028320 _____ C:\Users\Georg\Desktop\FRST.txt
2013-07-18 18:46 - 2013-07-18 18:46 - 00028504 _____ C:\Users\Georg\Downloads\FRST.txt
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:36 - 2013-07-18 18:37 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:44 - 2013-07-16 14:45 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:22 - 2013-07-16 14:23 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:21 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:19 - 2013-07-16 14:21 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-12 13:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 02:04 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 02:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 02:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 02:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 02:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 02:02 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 02:02 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-07-28 12:02 - 2013-04-03 05:00 - 00000000 ____D C:\Users\Komische unnütze Ordner
2013-07-28 12:00 - 2013-07-28 12:00 - 01780815 _____ (Farbar) C:\Users\Georg\Downloads\FRST64 (1).exe
2013-07-28 11:53 - 2013-07-28 11:53 - 00448512 _____ (OldTimer Tools) C:\Users\Georg\Desktop\TFC.exe
2013-07-28 11:53 - 2013-05-09 15:59 - 00000000 ____D C:\Users\Georg\AppData\Roaming\HaoZip
2013-07-28 11:43 - 2012-07-04 03:06 - 00654844 _____ C:\windows\system32\perfh007.dat
2013-07-28 11:43 - 2012-07-04 03:06 - 00130426 _____ C:\windows\system32\perfc007.dat
2013-07-28 11:43 - 2009-07-14 07:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-28 11:41 - 2013-03-30 13:47 - 00838813 _____ C:\FaceProv.log
2013-07-28 11:41 - 2012-07-04 11:55 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-28 11:16 - 2012-07-04 11:19 - 01153534 _____ C:\windows\WindowsUpdate.log
2013-07-28 11:16 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 11:16 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 11:11 - 2012-07-04 12:01 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 11:08 - 2013-07-24 13:08 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-28 11:08 - 2012-07-04 12:02 - 00350975 _____ C:\windows\system32\fastboot.set
2013-07-28 11:07 - 2012-07-04 12:01 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 11:07 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-28 11:07 - 2009-07-14 06:51 - 00071735 _____ C:\windows\setupact.log
2013-07-27 19:08 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Spotify
2013-07-25 16:46 - 2013-03-30 20:58 - 00000000 ____D C:\Users\Georg\AppData\Roaming\SoftGrid Client
2013-07-24 13:08 - 2013-07-24 13:08 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-24 13:08 - 2013-07-24 13:08 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-24 13:08 - 2013-07-24 13:08 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-24 13:08 - 2013-07-24 13:08 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-24 13:08 - 2013-07-24 13:08 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-24 13:08 - 2013-07-24 13:08 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-24 13:08 - 2013-07-24 13:08 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-24 13:08 - 2013-07-24 13:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-24 13:08 - 2013-07-24 13:08 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-24 13:08 - 2013-07-24 13:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-24 13:06 - 2013-07-24 13:06 - 117478104 _____ C:\Users\Georg\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-24 01:05 - 2012-07-04 11:50 - 00000000 ____D C:\ProgramData\McAfee
2013-07-24 01:05 - 2012-07-04 11:50 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-24 01:05 - 2010-11-21 05:47 - 00012810 _____ C:\windows\PFRO.log
2013-07-23 20:45 - 2013-07-23 20:45 - 02347384 _____ (ESET) C:\Users\Georg\Downloads\esetsmartinstaller_enu (1).exe
2013-07-23 19:43 - 2013-07-23 19:43 - 02347384 _____ (ESET) C:\Users\Georg\Downloads\esetsmartinstaller_enu.exe
2013-07-23 19:34 - 2013-07-23 19:34 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-23 19:34 - 2013-07-23 19:34 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Malwarebytes
2013-07-23 19:34 - 2013-07-23 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 19:34 - 2013-07-23 19:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 19:33 - 2013-07-23 19:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Georg\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-22 22:13 - 2013-07-22 22:13 - 00000000 ____D C:\ProgramData\Energy Management
2013-07-20 10:31 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-19 02:21 - 2013-07-19 02:18 - 00000000 ____D C:\windows\system32\MRT
2013-07-19 00:37 - 2013-04-25 23:49 - 00000000 ____D C:\Users\Georg\AppData\Local\Spotify
2013-07-18 18:49 - 2013-07-18 18:49 - 00028570 _____ C:\Users\Georg\Desktop\FRST_2.txt
2013-07-18 18:49 - 2013-07-18 18:49 - 00028504 _____ C:\Users\Georg\Desktop\FRST_3.txt
2013-07-18 18:49 - 2013-07-18 18:49 - 00016219 _____ C:\Users\Georg\Desktop\Addition.txt
2013-07-18 18:48 - 2013-07-18 18:48 - 00028320 _____ C:\Users\Georg\Desktop\FRST.txt
2013-07-18 18:46 - 2013-07-18 18:46 - 00028504 _____ C:\Users\Georg\Downloads\FRST.txt
2013-07-18 18:42 - 2013-07-18 18:42 - 00000000 ____D C:\FRST
2013-07-18 18:41 - 2013-07-18 18:41 - 01778209 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2013-07-18 18:39 - 2013-07-18 18:39 - 00001942 _____ C:\Users\Georg\Desktop\AdwCleaner[S1].txt
2013-07-18 18:37 - 2013-07-18 18:36 - 00001942 _____ C:\AdwCleaner[S1].txt
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Downloads\adwcleaner (1).exe
2013-07-18 18:34 - 2013-07-18 18:34 - 00662345 _____ C:\Users\Georg\Desktop\adwcleaner.exe
2013-07-18 15:36 - 2013-04-22 11:54 - 00000000 ____D C:\Users\Georg\Documents\Youcam
2013-07-16 15:09 - 2013-07-16 15:09 - 00039861 _____ C:\Users\Georg\Desktop\gmer.log
2013-07-16 14:45 - 2013-07-16 14:44 - 00377856 _____ C:\Users\Georg\Downloads\gmer_2.1.19163.exe
2013-07-16 14:43 - 2013-07-16 14:43 - 00097142 _____ C:\Users\Georg\Desktop\OTL.Txt
2013-07-16 14:42 - 2013-07-16 14:42 - 00043902 _____ C:\Users\Georg\Desktop\Extras.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00097142 _____ C:\Users\Georg\Downloads\OTL.Txt
2013-07-16 14:38 - 2013-07-16 14:38 - 00043902 _____ C:\Users\Georg\Downloads\Extras.Txt
2013-07-16 14:23 - 2013-07-16 14:22 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL (1).exe
2013-07-16 14:22 - 2013-07-16 14:21 - 00602112 _____ (OldTimer Tools) C:\Users\Georg\Downloads\OTL.exe
2013-07-16 14:21 - 2013-07-16 14:19 - 00000472 _____ C:\Users\Georg\Desktop\defogger_disable.log
2013-07-16 14:19 - 2013-07-16 14:19 - 00000000 _____ C:\Users\Georg\defogger_reenable
2013-07-16 14:19 - 2013-03-30 13:47 - 00000000 ____D C:\Users\Georg
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger.exe
2013-07-16 14:16 - 2013-07-16 14:16 - 00050477 _____ C:\Users\Georg\Downloads\Defogger (1).exe
2013-07-15 21:09 - 2013-07-15 21:09 - 00262144 _____ C:\windows\Minidump\071513-25350-01.dmp
2013-07-15 21:09 - 2013-04-04 00:03 - 00000000 ____D C:\windows\Minidump
2013-07-15 21:09 - 2013-04-04 00:02 - 449666790 _____ C:\windows\MEMORY.DMP
2013-07-13 02:13 - 2012-07-04 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 02:06 - 2012-07-04 12:01 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 02:06 - 2012-07-04 12:01 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 01:20 - 2009-07-14 06:45 - 00283104 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:19 - 2013-04-05 17:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 19:59 - 2011-09-29 05:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-07 03:31 - 2009-07-14 07:08 - 00032628 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-05 02:09 - 2013-04-20 11:11 - 00000000 ____D C:\Users\Georg\AppData\Roaming\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-04 23:53 - 2013-04-20 11:10 - 00000000 ____D C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 21:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2013 04
Ran by Georg at 2013-07-28 12:03:29
Running from C:\Users\Georg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFJDJEBN
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
3GP to MP3 Converter (x32)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Atheros Client Installation Program (x32 Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
B109a-m (x32 Version: 130.0.396.000)
Benutzerhandbuch (x32 Version: 1.0.0.6)
BufferChm (x32 Version: 130.0.331.000)
CVPiano-Modeled (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
eLicenser Control (x32)
Energy Management (x32 Version: 6.0.2.0)
exant HD Audio (Version: 8.54.4.51)
Free All-In-One Media Player (x32)
Free Audio Converter version 5.0.23.320 (x32 Version: 5.0.23.320)
GoforFiles (HKCU Version: 1.9.1)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
HaoZip (Version: v3.0)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HPPhotoGadget (x32 Version: 130.0.282.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001)
Internet Manager (x32 Version: 22.001.18.00.748)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400)
Lenovo EasyCamera (x32 Version: 1.10.1209.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo Games Console (x32 Version: 1.2.6.436)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo YouCam (x32 Version: 3.1.3728)
Live 8.0.9 (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mobile Partner Manager (x32 Version: 1.0.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Power2Go (x32 Version: 5.6.0.7303)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10003)
Scan (x32 Version: 13.0.0.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Sony Picture Utility (x32 Version: 2.0.01.13310)
Sony USB Driver (x32 Version: 2.00)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Steinberg Cubase LE 5 (x32 Version: 5.1.2)
Steinberg HALionOne (x32 Version: 1.1.0.457)
Steinberg HALionOne Essential Set (x32 Version: 1.0.1.457)
Synaptics Pointing Device Driver (Version: 15.3.0.0)
Toolbox (x32 Version: 130.0.648.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
US-122 MKII / US-144 MKII
UserGuide (x32 Version: 1.0.0.6)
VeriFace (x32 Version: 4.0.0.1224)
VLC media player 2.0.6 (Version: 2.0.6)
Vyzex MPK88-61 (x32 Version: Vyzex MPK88-61 v1.00)
WarrantyExtension (x32 Version: 1.00.0000)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)

==================== Restore Points  =========================

12-07-2013 11:44:01 Windows Modules Installer
19-07-2013 00:17:56 Windows Update
23-07-2013 17:47:41 Windows Update
24-07-2013 11:07:57 avast! Free Antivirus Setup
27-07-2013 17:15:03 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1646CE39-F1FD-496F-9626-27EC44731A68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {19A10F7A-E654-4E90-9454-41A1445FEB9A} - System32\Tasks\{E4BF12DD-0572-4B3D-9EEE-0C6A5A6294AF} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2013-07-12] (Google Inc.)
Task: {33F56A22-EE6E-4013-B979-E7682EB9B5D5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {6579993E-236F-4D05-8DCB-2B2B1B1D9CAE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A188C716-B642-4D55-AC4D-120356DA6034} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [2013-06-13] (hxxp://www.goforfiles.com/)
Task: {BA85E687-9DEF-4E14-89BF-C228495FE7CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {D06B53BF-6647-4870-966A-62A0162C4778} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {D3FBF4A5-A245-46C8-8817-CBAC1BB6EB3F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {D9FEE44B-FFC6-4262-A12A-2FA653BC6E39} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2013 11:53:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/28/2013 11:09:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 10:12:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 00:49:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 06:14:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 00:10:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:13:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c40f2
ID des fehlerhaften Prozesses: 0xbd8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (07/24/2013 00:21:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 01:07:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 00:01:11 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/28/2013 11:08:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/28/2013 11:08:59 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (07/28/2013 11:08:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/28/2013 11:08:16 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (07/28/2013 10:11:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/28/2013 10:11:25 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (07/28/2013 00:48:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/28/2013 00:48:13 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (07/25/2013 07:15:47 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2BOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{02966BC9-6720-4603-B055-54242DCD9702}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/25/2013 06:13:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053


Microsoft Office Sessions:
=========================
Error: (07/28/2013 11:53:36 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Georg\Downloads\esetsmartinstaller_enu (1).exe

Error: (07/28/2013 11:09:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 10:12:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 00:49:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 06:14:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2013 00:10:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 11:13:50 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f2bd801ce88575255c6f8C:\windows\system32\svchost.exeC:\windows\SYSTEM32\ntdll.dllef06df50-f4a5-11e2-a550-c01885f49b7d

Error: (07/24/2013 00:21:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 01:07:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2013 00:01:11 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4039.86 MB
Available physical RAM: 2158.98 MB
Total Pagefile: 8077.9 MB
Available Pagefile: 5993.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:604.49 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.33 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 37CC3D33)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 28.07.2013, 22:31   #12
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Macht dein System noch Probleme? Bitte versuche diesmal schneller zu Antworten...

Schritt 1:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Schritt 2:



Wunderbar dein System ist soweit ich das sehen kann sauber.

Hier noch ein paar Tipps zur Absicherung deines Systems.


Die folgenden Schritt sind keine Pflicht sondern Empfehlungen die bei bedarf umgesetzt werden können.

Benutzerkonto Einstellungen:


Wir sehen immer wieder User mit Administratorrechten. Hier kann jeder Nutzer eines Windowsrechners schon die erste Türe schließen. Arbeite mit einem eingeschränkten Benutzerkonto anstelle eines Kontos mit Administratorrechten. Diese sind für das tägliche Arbeiten nicht nötig, und solltest du einmal Software installieren wollen wirst du im normalfall nach deinem Passwort gefragt.

Solltest du Hilfe bei der Erstellung eines "eingeschränkten Kontos" benötigen helfe ich dir gern weiter.


Systemupdates:


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Besonders Java erfährt zur Zeit regelmäßig sicherheitsrelevante Updates


Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 17 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck


Antivirensoftware


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen

  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


alternatives Browsen


Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe



Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.




Wenn du möchtest, kannst du das Trojaner Board Forum mit einer kleinen Spende unterstützen.
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Alt 30.07.2013, 16:12   #13
Georg_W
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Hallo Heiko,
mein System macht keine Probleme mehr. Ich habe die letzten Schritte durchgeführt und werde eure Sicherheitstipps beachten. VIELEN DANK FÜR ALLES!
Ich wünsch dir und euch allen das Beste,
Georg

Alt 03.08.2013, 13:32   #14
Aneri
/// Malwareteam
 
Entfernen von WebCake (und mehr?) - Standard

Entfernen von WebCake (und mehr?)



Froh das wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Gruß Aneri
Mitglied von UNITE

Lob oder Kritik? hier wirst du es los

Antwort

Themen zu Entfernen von WebCake (und mehr?)
adobe, adobe reader xi, antivirus, autorun, benachrichtigungsdienst, bho, converter, cubase, entfernen, error, explorer, firefox, google, home, homepage, iexplore.exe, install.exe, microsoft office starter 2010, mp3, neustart, ntdll.dll, ntopenkeyex, plug-in, programme, realtek, registry, richtlinie, rundll, scan, schannel.dll, siteadvisor, software, spotify web helper, systemereignisse, temp, usb, usp10.dll, windows




Ähnliche Themen: Entfernen von WebCake (und mehr?)


  1. Topic Torch by WebCake (adware)
    Plagegeister aller Art und deren Bekämpfung - 25.12.2013 (1)
  2. WebCake POP-UP entfernen
    Anleitungen, FAQs & Links - 29.10.2013 (2)
  3. Windows 7: Webcake 3.0
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (9)
  4. WebCake 3.00 erntfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (1)
  5. Probleme durch Webcake
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (11)
  6. Entfernen von WebCake
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (5)
  7. WebCake Deals and WebCake Ads entfernen
    Anleitungen, FAQs & Links - 12.08.2013 (2)
  8. Windows 7 - Problem mit WebCake 3.00
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (5)
  9. Webcake und Monstermarketplace Befall
    Log-Analyse und Auswertung - 04.08.2013 (9)
  10. PUP.Webcake / Adware BProtector entdeckt
    Log-Analyse und Auswertung - 30.07.2013 (9)
  11. Virus Webcake
    Log-Analyse und Auswertung - 30.07.2013 (5)
  12. WebCake und Complitly per Spybot entdeckt
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (2)
  13. WebCake Malware
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (16)
  14. WebCake 3.00 - komische PC aktivitäten
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (3)
  15. Entfernen von WebCake - Wichtig
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (9)
  16. WebCake.BHO hat die Startseite vom IE geändert
    Log-Analyse und Auswertung - 23.06.2013 (15)
  17. Adware V9 und WebCake löschen
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (5)

Zum Thema Entfernen von WebCake (und mehr?) - Hallo liebe Mitglieder von Trojaner-Board, ich habe mir WebCake eingefangen. Eben habe ich mal recherchiert und bin auf einen Thread eines anderen Nutzers mit ähnlichen Problemen gestoßen. Den habe ich - Entfernen von WebCake (und mehr?)...
Archiv
Du betrachtest: Entfernen von WebCake (und mehr?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.