| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Entfernen von WebCake (und mehr?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.07.2013, 14:45
| #1 |
| |  Entfernen von WebCake (und mehr?) Hallo liebe Mitglieder von Trojaner-Board, ich habe mir WebCake eingefangen. Eben habe ich mal recherchiert und bin auf einen Thread eines anderen Nutzers mit ähnlichen Problemen gestoßen. Den habe ich mir dann durchgelesen und eine ungefähre Ahnung bekommen, was das eigentlich ist. Da in dem Thread darauf hingewiesen wurde, dass Formatierung und Neuinstallation oft schneller und in jedem Fall sicherer ist, ziehe ich das auch in Erwägung, aber jetzt füge ich erstmal die gemäß eurer Anleitung erstellten Logfiles an und hoffe, dass ihr mir weiterhelfen könnt. Liebe Grüße, Georg Code:
ATTFilter OTL logfile created on: 16.07.2013 14:25:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,45% Memory free 7,89 Gb Paging File | 5,47 Gb Available in Paging File | 69,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 603,30 Gb Free Space | 92,15% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,33 Gb Free Space | 90,81% Space Free | Partition Type: NTFS Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.16 14:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Downloads\OTL.exe PRC - [2013.07.12 20:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.06.11 21:53:20 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.06.07 22:55:30 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Georg\AppData\Roaming\WebCake\WebCakeDesktop.exe PRC - [2013.06.07 22:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.24 12:35:20 | 000,224,096 | ---- | M] () -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe PRC - [2012.07.04 11:55:30 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2011.01.28 06:03:26 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.14 20:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe PRC - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe PRC - [2010.01.19 12:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2007.01.19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 12:57:17 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c0253d1c6c01a370178b15c3489ebb3\IAStorUtil.ni.dll MOD - [2013.07.13 12:57:17 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll MOD - [2013.07.13 01:26:47 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll MOD - [2013.07.13 01:26:25 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.13 01:26:20 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.13 01:26:08 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.13 01:26:04 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.13 01:26:01 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.13 01:26:00 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.13 01:25:54 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.07.12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll MOD - [2013.07.12 20:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll MOD - [2013.07.12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll MOD - [2013.07.12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll MOD - [2013.07.12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll MOD - [2013.07.12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.07.04 11:55:29 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2012.07.04 03:04:27 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.07.04 03:04:17 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.24 12:35:20 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc) SRV - [2013.02.25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.01.28 14:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV - [2011.01.28 06:03:34 | 000,344,928 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.14 20:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.24 12:35:20 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2013.04.24 12:35:20 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2013.04.24 12:35:20 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2013.04.24 12:35:20 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2013.04.24 12:35:20 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM) DRV:64bit: - [2013.04.24 12:35:20 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2013.04.24 12:35:20 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad) DRV:64bit: - [2013.04.24 12:35:20 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2013.02.19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.07.24 04:55:06 | 000,204,888 | ---- | M] (Shanghai RuiChuang) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HaoZipVirtualCDBus.sys -- (HaozipVirtualCDBus) DRV:64bit: - [2012.07.04 12:05:16 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.07.04 12:05:14 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.07.04 12:02:32 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2012.07.04 12:02:32 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.14 02:55:24 | 000,409,664 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144) DRV:64bit: - [2012.02.14 02:55:24 | 000,050,240 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM) DRV:64bit: - [2012.02.14 02:55:24 | 000,031,296 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.29 05:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.29 05:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.10 11:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.01.25 05:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.12.15 05:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010.12.15 05:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.12.15 05:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.12.15 05:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.12.15 05:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.12.10 21:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.09.22 00:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt) DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010.01.18 12:21:02 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2010.01.18 12:21:02 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.07.03 12:59:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: SiteAdvisor = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\ CHR - Extension: WebCake = C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [haozipcd] C:\Programme\HaoZip\HaoZipCD.exe (瑞创网络) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Georg\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02966BC9-6720-4603-B055-54242DCD9702}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F251E65-8FAD-430E-8C96-49238BD57F05}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA6D178-2CF8-4439-A115-CD2A79C2B152}: NameServer = 10.74.210.210 10.74.210.211 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3fac5793-acc8-11e2-9c9c-c01885f49b7d}\Shell - "" = AutoRun O33 - MountPoints2\{3fac5793-acc8-11e2-9c9c-c01885f49b7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3fac57a8-acc8-11e2-9c9c-c01885f49b7d}\Shell - "" = AutoRun O33 - MountPoints2\{3fac57a8-acc8-11e2-9c9c-c01885f49b7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.15 21:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee ========== Files - Modified Within 30 Days ========== [2013.07.16 14:19:59 | 000,000,000 | ---- | M] () -- C:\Users\Georg\defogger_reenable [2013.07.16 14:11:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.16 12:18:02 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.16 12:07:55 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.07.16 12:07:55 | 000,654,844 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.07.16 12:07:55 | 000,616,686 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.07.16 12:07:55 | 000,130,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.07.16 12:07:55 | 000,106,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.07.16 12:04:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.15 21:17:12 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 21:17:12 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 21:14:06 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2013.07.15 21:10:00 | 000,439,819 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.07.15 21:09:05 | 449,666,790 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.07.15 21:09:03 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys [2013.07.13 02:13:10 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.13 01:20:22 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.06.20 18:05:47 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI [2013.06.20 18:05:47 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI ========== Files Created - No Company Name ========== [2013.07.16 14:19:59 | 000,000,000 | ---- | C] () -- C:\Users\Georg\defogger_reenable [2013.06.20 18:05:47 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI [2013.06.20 18:05:47 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI [2013.04.18 18:40:27 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\wmtog32.dat [2013.04.09 18:49:57 | 000,003,654 | ---- | C] () -- C:\windows\SysWow64\drivers\Sonyhcp.dll [2013.04.07 12:29:18 | 000,179,656 | ---- | C] () -- C:\windows\hpoins38.dat [2013.03.30 20:57:26 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.03.30 14:14:58 | 000,002,892 | ---- | C] () -- C:\windows\SysWow64\audcon.sys [2013.03.30 14:12:09 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg [2013.03.30 14:12:05 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe [2012.07.04 12:10:53 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2012.07.04 12:10:53 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2012.07.04 11:55:32 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2012.07.04 11:55:32 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2012.07.04 11:55:32 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2012.07.04 11:55:32 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2012.07.04 11:55:28 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2012.07.04 11:47:02 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini [2012.07.04 11:47:02 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini [2012.07.04 11:42:15 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2012.07.04 11:30:39 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.07.04 11:30:38 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.07.04 11:30:37 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.30 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Ableton [2013.04.19 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DVDVideoSoft [2013.06.13 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\GoforFiles [2013.07.15 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\HaoZip [2013.07.12 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SoftGrid Client [2013.06.18 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Spotify [2013.03.30 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Steinberg [2013.06.12 16:53:18 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Systweak [2013.04.24 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\T-Mobile [2013.03.30 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\TP [2013.03.30 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\VST3 Presets [2013.06.13 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\WebCake ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.07.2013 14:25:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,45% Memory free
7,89 Gb Paging File | 5,47 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 603,30 Gb Free Space | 92,15% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,33 Gb Free Space | 90,81% Space Free | Partition Type: NTFS
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5C87F5-64E3-4ED6-B8CA-1F79857BE4A0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D58C5450-D478-45B7-B83E-96CB7ABDB213}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F44172-0543-452B-933A-A521DD7BE65D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{238F7849-D5B1-47A3-AAC9-854F58AC9A3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37E4D09C-A9CC-4CA5-96A7-8ADE59CE48C5}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{4836C107-3AFE-4DFA-AF25-40B298F1A107}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5DA7B6A6-5A4C-4C7F-BF95-1E2C06985075}" = protocol=6 | dir=in | app=f:\o2cd.exe |
"{857D8F80-6045-4A39-9B2B-37BF946DE903}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{957F576F-6894-4E15-92B5-4E6BB7E60973}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{9A19D4F4-CB3E-49D0-8979-E7627BD2B9E6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C3259164-3A11-4AE9-A449-0B8288F76BE4}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{C63A47F6-ED0D-4B66-B4E1-C65596C011C6}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{E434E095-CF1A-47B7-A0D9-2A19C87FAD42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FF32FFAF-C035-4E18-86CF-DEAC2FABE7F7}" = protocol=17 | dir=in | app=f:\o2cd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"HaoZip" = HaoZip
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"VLC media player" = VLC media player 2.0.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D6EC5D2-F890-4D95-BA22-3D3CE41C6821}_is1" = Vyzex MPK88-61
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3GP to MP3 Converter_is1" = 3GP to MP3 Converter
"CVPiano-Modeled" = CVPiano-Modeled
"eLicenser Control" = eLicenser Control
"Free Audio Converter_is1" = Free Audio Converter version 5.0.23.320
"Free Media Player_is1" = Free All-In-One Media Player
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Internet Manager" = Internet Manager
"Lenovo Games Console" = Lenovo Games Console
"Live 8.0.9" = Live 8.0.9
"MSC" = McAfee AntiVirus Plus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoforFiles" = GoforFiles
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.06.2013 17:47:42 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2013 04:49:06 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2013 06:21:50 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2013 17:08:48 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2013 11:35:25 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2013 08:03:32 | Computer Name = Georg-PC | Source = System Restore | ID = 8193
Description =
Error - 03.07.2013 07:01:33 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2013 16:27:28 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.07.2013 04:06:40 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.07.2013 15:33:19 | Computer Name = Georg-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Gruppenrichtlinienclient" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" wurde
unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Server" wurde unerwartet beendet. Dies ist bereits 1 Mal
vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.07.2013 21:31:19 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-16 15:09:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST750LM0 rev.2AR1 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Georg\AppData\Local\Temp\fgloqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800037b5000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800037b502f 16 bytes [00, E6, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\tschannel.dll [524] entry point in ".rsrc" section 000007fefc736894
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2592] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000770c6f80 5 bytes JMP 000000016b9cb440
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2592] C:\windows\system32\kernel32.dll!LoadLibraryA 00000000770c7070 5 bytes JMP 000000016b9cb320
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002dc95984 4 bytes [38, 9A, 2E, 93]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075691465 2 bytes [69, 75]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[8024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756914bb 2 bytes [69, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000774cf9c0 5 bytes JMP 0000000168145f49
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryObject 00000000774cf9d8 5 bytes JMP 0000000168146411
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenKey 00000000774cfa08 5 bytes JMP 000000016814016d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000774cfa20 5 bytes JMP 000000016813fbca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryKey 00000000774cfa70 5 bytes JMP 000000016813fa44
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000774cfa88 2 bytes JMP 000000016813fb52
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey + 3 00000000774cfa8b 2 bytes [C7, F0]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtCreateKey 00000000774cfb20 5 bytes JMP 0000000168140424
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000774cfc18 5 bytes JMP 0000000168144369
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000774cfd2c 5 bytes JMP 000000016813f9cc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000774cfd44 5 bytes JMP 0000000168144959
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000774cfd78 5 bytes JMP 00000001681439de
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774cfe24 5 bytes JMP 0000000168145fc4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000774cfe3c 5 bytes JMP 0000000168144adb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774d0094 5 bytes JMP 0000000168144791
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774d01a4 5 bytes JMP 000000016813fc42
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000774d09c4 5 bytes JMP 0000000168144584
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000774d09dc 5 bytes JMP 000000016813cc5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey 00000000774d0a24 5 bytes JMP 000000016813cd29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtFlushKey 00000000774d0b60 5 bytes JMP 000000016813ccc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000774d0f50 5 bytes JMP 000000016813fcba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774d0f68 5 bytes JMP 000000016813ff45
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000774d0ff8 5 bytes JMP 00000001681401fd
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000774d131c 5 bytes JMP 0000000168144b6b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 00000000774d145c 5 bytes JMP 000000016813fec9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 00000000774d1508 5 bytes JMP 0000000168146389
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtRenameKey 00000000774d16f8 1 byte JMP 000000016813d138
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtRenameKey + 2 00000000774d16fa 3 bytes {JMP 0xfffffffff0c6ba40}
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey 00000000774d1a38 5 bytes JMP 000000016813facc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000774d1b7c 5 bytes JMP 000000016814616c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessW 00000000754e103d 5 bytes JMP 00000001681193a9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessA 00000000754e1072 5 bytes JMP 00000001681194e7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007550c9b5 5 bytes JMP 000000016811971d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW 00000000755600c3 5 bytes JMP 0000000168119efe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA 000000007556016b 5 bytes JMP 000000016811a231
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!WinExec 0000000075562c91 5 bytes JMP 0000000168119aa0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!AllocConsole 0000000075586b3e 5 bytes JMP 0000000168147431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\kernel32.dll!AttachConsole 0000000075586c02 5 bytes JMP 0000000168147443
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074f72aa4 5 bytes JMP 000000016811a43c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075058a29 5 bytes JMP 0000000168147419
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\USER32.dll!CreateWindowExA 000000007505d22e 5 bytes JMP 0000000168147401
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\GDI32.dll!AddFontResourceW 0000000074fed2b2 5 bytes JMP 0000000168127617
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\GDI32.dll!AddFontResourceA 0000000074fed7bb 5 bytes JMP 00000001681275fb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 0000000076f61e3a 7 bytes JMP 000000016812a3b9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 0000000076f6b466 7 bytes JMP 000000016812b2da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 0000000076f878ff 7 bytes JMP 000000016812aa60
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 0000000076f879bb 7 bytes JMP 000000016812ac11
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 0000000076f8a3e2 7 bytes JMP 000000016812b3a0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076fa2538 5 bytes JMP 000000016811985f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000076fc1b94 7 bytes JMP 000000016812ab18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000076fc1c31 7 bytes JMP 000000016812acc9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000076fc2021 7 bytes JMP 000000016812b21c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 0000000076fc2104 7 bytes JMP 000000016812a470
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000076fc2221 5 bytes JMP 000000016812b15e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlService 0000000075674d5c 7 bytes JMP 000000016812a1fe
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075674dc3 7 bytes JMP 000000016812a527
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus 0000000075674e4b 7 bytes JMP 000000016812a28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx 0000000075674eaf 7 bytes JMP 000000016812a31d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!StartServiceW 0000000075674f35 7 bytes JMP 000000016812a079
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!StartServiceA 000000007567508d 7 bytes JMP 000000016812a10f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000756750f4 7 bytes JMP 000000016812b02c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075675181 7 bytes JMP 000000016812b0c8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075675254 7 bytes JMP 000000016812a728
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756753d5 7 bytes JMP 000000016812a643
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756754c2 7 bytes JMP 000000016812a9ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756755e2 7 bytes JMP 000000016812a934
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CreateServiceA 000000007567567c 7 bytes JMP 0000000168129e5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!CreateServiceW 000000007567589f 7 bytes JMP 0000000168129d85
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!DeleteService 0000000075675a22 7 bytes JMP 000000016812a5b5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA 0000000075675a83 7 bytes JMP 000000016812ae5b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW 0000000075675b29 7 bytes JMP 000000016812adc2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlServiceExA 0000000075675ca0 7 bytes JMP 0000000168129535
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!ControlServiceExW 0000000075675d8c 7 bytes JMP 00000001681294bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000756763ad 7 bytes JMP 0000000168129a83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000756764f0 7 bytes JMP 0000000168129b0f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A 0000000075676633 7 bytes JMP 000000016812af90
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W 000000007567680c 7 bytes JMP 000000016812aef4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenServiceW 000000007567714b 7 bytes JMP 0000000168129bf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\SysWOW64\sechost.dll!OpenServiceA 0000000075677245 7 bytes JMP 0000000168129c84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid 0000000076dac56e 5 bytes JMP 00000001681311c4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076daea09 7 bytes JMP 0000000168131795
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleRun 0000000076db07de 5 bytes JMP 0000000168131650
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076db21e1 5 bytes JMP 00000001681322c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleUninitialize 0000000076dbeba1 6 bytes JMP 000000016813156f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleInitialize 0000000076dbefd7 5 bytes JMP 00000001681314ff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetPSClsid 0000000076dc26b9 5 bytes JMP 000000016813133c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetClassObject 0000000076dd54ad 5 bytes JMP 0000000168132853
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoInitializeEx 0000000076de09ad 5 bytes JMP 00000001681313af
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoUninitialize 0000000076de86d3 5 bytes JMP 0000000168131431
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076de9d0b 5 bytes JMP 0000000168133b21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076de9d4e 5 bytes JMP 0000000168131c5c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076e0bb09 7 bytes JMP 00000001681316c0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076e2eacf 5 bytes JMP 0000000168130c21
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076e6340b 5 bytes JMP 0000000168132d13
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076eacfd9 5 bytes JMP 00000001681315da
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject 000000007546279e 5 bytes JMP 0000000168130eb4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject 0000000075463294 5 bytes JMP 0000000168130fd5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3264] C:\windows\syswow64\oleaut32.dll!GetActiveObject 0000000075478f40 5 bytes JMP 0000000168131048
---- Processes - GMER 2.1 ----
Library Q:\140066.deu\Office14\WINWORDC.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000002fc20000
Library Q:\140066.deu\Office14\wwlibc.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000066ea0000
Library Q:\140066.deu\Office14\gfx.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000066cf0000
Library Q:\140066.deu\Office14\oart.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005dc20000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005ff00000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000661e0000
Library Q:\140066.deu\Office14\1031\WWINTLC.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000068210000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\1031\MSOINTL.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005d910000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006be20000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000005fdb0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSORES.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000593e0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\USP10.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000059340000
Library Q:\140066.deu\Office14\msproof7.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006d8c0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Csi.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000058bb0000
Library Q:\140066.deu\Office14\IEAWSDC.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006c3e0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000592b0000
Library Q:\140066.deu\OFFICE14\PROOF\MSSP7GE.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000059120000
Library Q:\140066.deu\OFFICE14\PROOF\1031\MSGR3GE.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 0000000058a40000
Library Q:\140066.deu\Office14\mscss7ge.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 000000006c030000
Library Q:\140066.deu\Office14\css7Data0007.dll (*** suspicious ***) @ Q:\140066.deu\Office14\WINWORDC.EXE [7660] 00000000589c0000
Library Q:\140066.deu\Office14\OffSpon.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [6744] 000000002d2d0000
Library Q:\140066.deu\Office14\msadctls.dll (*** suspicious ***) @ Q:\140066.deu\Office14\OffSpon.EXE [6744] 00000000587e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@f8d0bd1156bb 0x5C 0xFD 0x3A 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@001f01ae97b7 0x48 0x69 0x44 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@6cd68a2ad3a3 0xC6 0x91 0x37 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f49b7d@002608c75d23 0x54 0x95 0x0A 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@f8d0bd1156bb 0x5C 0xFD 0x3A 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@001f01ae97b7 0x48 0x69 0x44 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@6cd68a2ad3a3 0xC6 0x91 0x37 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f49b7d@002608c75d23 0x54 0x95 0x0A 0x30 ...
---- EOF - GMER 2.1 ----
|
| Themen zu Entfernen von WebCake (und mehr?) |
| adobe, adobe reader xi, antivirus, autorun, benachrichtigungsdienst, bho, converter, cubase, entfernen, error, explorer, firefox, google, home, homepage, iexplore.exe, install.exe, microsoft office starter 2010, mp3, neustart, ntdll.dll, ntopenkeyex, plug-in, programme, realtek, registry, richtlinie, rundll, scan, schannel.dll, siteadvisor, software, spotify web helper, systemereignisse, temp, usb, usp10.dll, windows |
Baum-Darstellung