| |
| |||||||
Log-Analyse und Auswertung: keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des EisbergsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.11.2013, 12:15
| #1 |
| |  keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Hallo Experten, seit einiger Zeit wird mein Rechner verdächtig langsam, schaltet Anti Virensoftware ab verzägert eingaben bei google. Ich vermutete, dass das am instalierten "Ask Toolkit" lag und wollte dies installieren. Da erhielt ich die folgende Meldung: "Sie verfügen nicht über ausreichend berechtigung, um Ask Toolbar updater zu deinstalieren..." Daraufhin wurden diverse Scans wie empfohlen durchgeführt, hier das ergebnis: 1. defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:38 on 06/11/2013 (XXXUSER) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- 2. First: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 06-11-2013 11:40:28 Running from C:\Users\USER_THIS_COMPUTER\Downloads Windows 7 Professional (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe () C:\Windows\Dell\PanelMgr\SSMMgr.exe () C:\Windows\Dell\PanelMgr\caller64.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc) HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc) HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd) HKCU\...\Run: [Neuer Wert #1] - [x] HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 MountPoints2: E - E:\LaunchU3.exe -a MountPoints2: {5ffc578e-d812-11e2-82ad-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence MountPoints2: {5ffc5797-d812-11e2-82ad-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence MountPoints2: {74e61dd7-865b-11e2-82fa-e839df859bb5} - E:\LaunchU3.exe -a MountPoints2: {8fc838f8-faf4-11e2-9a46-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone) HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] () AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL c:\progra~2\musict~1\datamngr\x64\mgrldr.dll [8704 2013-09-22] () AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL c:\progra~2\musict~1\datamngr\mgrldr.dll [18432 2013-10-13] () IMEO\bitguard.exe: [Debugger] tasklist.exe IMEO\bprotect.exe: [Debugger] tasklist.exe IMEO\browsemngr.exe: [Debugger] tasklist.exe IMEO\browserdefender.exe: [Debugger] tasklist.exe IMEO\browsermngr.exe: [Debugger] tasklist.exe IMEO\browserprotect.exe: [Debugger] tasklist.exe IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IMEO\cltmngsvc.exe: [Debugger] tasklist.exe IMEO\delta babylon.exe: [Debugger] tasklist.exe IMEO\delta tb.exe: [Debugger] tasklist.exe IMEO\delta2.exe: [Debugger] tasklist.exe IMEO\deltainstaller.exe: [Debugger] tasklist.exe IMEO\deltasetup.exe: [Debugger] tasklist.exe IMEO\deltatb.exe: [Debugger] tasklist.exe IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IMEO\iminentsetup.exe: [Debugger] tasklist.exe IMEO\rjatydimofu.exe: [Debugger] tasklist.exe IMEO\sweetimsetup.exe: [Debugger] tasklist.exe IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [485376 2013-10-13] () <===== ATTENTION HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [657920 2013-10-13] () <===== ATTENTION BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/102?appid=100 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ts.fujitsu.com/index2 SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKCU - DefaultScope {DD2F7462-4D17-4CEB-A83D-A787C2076C88} URL = hxxp://www.bing.com/search?q={searchTerms}&r=100 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=56EA4A0F6E742F73 SearchScopes: HKCU - {726D6F83-8A31-4436-99AB-864BC23EEBDB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=AACB7B16-65BE-4BD0-98C3-E788386DBD3E&apn_sauid=6D88DA0B-A73F-48DE-A33D-33630C6D8979 SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKCU - {DD2F7462-4D17-4CEB-A83D-A787C2076C88} URL = hxxp://www.bing.com/search?q={searchTerms}&r=100 SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178 Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44 Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28 Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.28 88.82.13.28 FireFox: ======== FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default FF user.js: detected! => C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\user.js FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://www.search.ask.com/?o=APN10646A&gct=hp&d=102-100&v=a9659-142&t=4 FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=102&v=a9659-142&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=4104496122144376&o=APN10646&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll () FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\Ask.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\SearchResults.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Bandoo for Firefox - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\ffox@bandoo.com FF Extension: Delta Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\ffxtlbr@delta.com FF Extension: gTranslator - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\jyboy.yy@gmail.com FF Extension: New tab - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{5FE1FEC3-D2C0-BDA1-4982-F9508D4E6709} FF Extension: Search-Results Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} FF Extension: Searchqu Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} FF Extension: webbooster - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\webbooster@iminent.com.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com ==================== Services (Whitelisted) ================= R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation) R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation) R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3422720 2013-10-13] (Bandoo Media Inc.) S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG) S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG) S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation) S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation) R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation) S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation) R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation) S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D) R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] () S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x] S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x] S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x] S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x] S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x] S2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x] ==================== Drivers (Whitelisted) ==================== R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-06] (Symantec Corporation) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.002\ENG64.SYS [126040 2013-11-06] (Symantec Corporation) R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.002\EX64.SYS [2099288 2013-11-06] (Symantec Corporation) R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-10-04] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation) R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation) S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation) R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation) R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation) R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] U0 dmboot; S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST 2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe 2013-11-06 11:38 - 2013-11-06 11:38 - 00000474 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log 2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable 2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe 2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls 2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module 2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip 2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls 2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls 2013-10-30 20:35 - 2013-10-30 23:23 - 00000000 ____D C:\Program Files (x86)\a2zLyrics-16 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-21 22:59 - 2013-11-06 11:34 - 00000000 ____D C:\ProgramData\Datamngr 2013-10-21 22:59 - 2013-10-21 22:59 - 00000000 ____D C:\Program Files (x86)\Music Toolbar 2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd 2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd 2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls 2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten 2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe 2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe 2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1) 2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL 2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind ==================== One Month Modified Files and Folders ======= 2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST 2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe 2013-11-06 11:38 - 2013-11-06 11:38 - 00000474 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log 2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable 2013-11-06 11:38 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER 2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe 2013-11-06 11:34 - 2013-10-21 22:59 - 00000000 ____D C:\ProgramData\Datamngr 2013-11-06 11:23 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-06 11:23 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-06 11:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-06 11:18 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype 2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype 2013-11-06 11:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2013-11-06 11:14 - 2013-10-06 08:46 - 00000840 _____ C:\Windows\setupact.log 2013-11-06 11:14 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-11-06 11:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-06 11:04 - 2011-01-19 18:07 - 01504004 _____ C:\Windows\WindowsUpdate.log 2013-11-06 10:35 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify 2013-11-06 09:54 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl 2013-11-06 00:31 - 2013-10-01 01:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls 2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify 2013-11-05 17:50 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log 2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module 2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip 2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls 2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls 2013-11-05 06:48 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att 2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe 2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj 2013-11-01 15:36 - 2013-03-08 16:41 - 00010588 _____ C:\Windows\PFRO.log 2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-11-01 11:02 - 2010-04-26 14:06 - 00766754 _____ C:\Windows\system32\perfh007.dat 2013-11-01 11:02 - 2010-04-26 14:06 - 00174946 _____ C:\Windows\system32\perfc007.dat 2013-11-01 11:02 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-01 10:55 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-30 23:23 - 2013-10-30 20:35 - 00000000 ____D C:\Program Files (x86)\a2zLyrics-16 2013-10-30 20:50 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP 2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-21 23:00 - 2013-05-23 17:59 - 00000000 ____D C:\ProgramData\Wincert 2013-10-21 22:59 - 2013-10-21 22:59 - 00000000 ____D C:\Program Files (x86)\Music Toolbar 2013-10-21 22:59 - 2013-05-23 17:58 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar 2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd 2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls 2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind 2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten 2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe 2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe 2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1) 2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL 2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind Files to move or delete: ==================== C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll Some content of TEMP: ==================== C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\BEB3.tmp.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Delta.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\DeltaTB.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\mconduitinstaller.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\MybabylonTB.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\propsys.dll C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\WSSetup.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is4BF1.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is8E9B.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is9EA2.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-04 03:30 ==================== End Of Log ============================ 3. Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013 Ran by USER_THIS_COMPUTER at 2013-11-06 11:41:25 Running from C:\Users\USER_THIS_COMPUTER\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} ==================== Installed Programs ====================== 39703 x64 (x32 Version: 1.00.0000) 64 Bit HP CIO Components Installer (Version: 7.2.5) 7-Zip 4.42 (x32) Adobe AIR (x32 Version: 3.3.0.3650) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader X (10.1.3) - Deutsch (x32 Version: 10.1.3) Allzeit Atomzeit 2.00 (x32 Version: 2.00) Anviz Zeiter fassungs system (x32) Ask Toolbar Updater (HKCU Version: 1.2.4.36191) B1315AppGuid (x32 Version: 1.0.0) Bluetooth Feature Pack 5.0 (Version: 5.0.14) CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9) Canon MOV Decoder (x32 Version: 1.8.0.7) Canon MOV Encoder (x32 Version: 1.6.0.1) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4) Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0) Canon Utilities EOS Sample Music (x32 Version: 1.0.0.204) Canon Utilities EOS Utility (x32 Version: 2.10.2.0) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10) Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0) Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9) CCleaner (Version: 3.27) Common Desktop Agent (Version: 1.62.0) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6514.5001) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001) Crystal Reports Runtime XI (x32 Version: 1.0.9) CyberLink YouCam (x32 Version: 3.0.1908.7636) DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0) DATEV Installation V.3.0 (x32) Dell 2355dn Laser MFP Software-Deinstallation (x32) Dell Driver Download Manager (HKCU Version: 3.0.0.0) DeskUpdate 4.11 (x32 Version: 4.11.0074) DFL2010 ConfigDB (x32 Version: 4.16.3241.0) DFL2010 Microkernel (x32 Version: 4.16.3241.0) Evernote v. 4.5.6 (x32 Version: 4.5.6.6884) FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2) FreePDF (Remove only) (x32) Fujitsu Display Manager (Version: 7.01.00.210) Fujitsu Display Manager (x32 Version: ) Fujitsu Hotkey Utility (x32 Version: 3.60.1.0) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000) Fujitsu MobilityCenter Extension Utility (x32 Version: ) Fujitsu System Extension Utility (Version: 3.1.1.0) Fujitsu System Extension Utility (x32) GeoGebra 4 (HKCU) GoToMeeting 5.0.0.802 (HKCU Version: 5.0.0.802) GPL Ghostscript 9.00 (x32) Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Java Auto Updater (x32 Version: 2.0.7.2) Java(TM) 6 Update 37 (x32 Version: 6.0.370) Junk Mail filter update (x32 Version: 14.0.8117.416) jZip (HKCU Version: 2.0.0.132700) LifeBook Application Panel (Version: 8.1.0.0) LifeBook Application Panel (x32) LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.92) Market Samurai (x32 Version: 0.88.74) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft MapPoint Europa 2006 (x32 Version: 13.00.18.1200) Microsoft Office Outlook 2003 (x32 Version: 11.0.8173.0) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.5614.0) Microsoft Office Project Professional 2003 (x32 Version: 11.0.5614.0) Microsoft Office Visio Professional 2003 (x32 Version: 11.0.3216.5614) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server 2008 R2 (64-bit) Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0) Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0) Microsoft SQL Server Browser (x32 Version: 10.51.2500.0) Microsoft SQL Server Native Client (Version: 9.00.5000.00) Microsoft SQL Server VSS Writer (Version: 10.51.2500.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft XML Parser (x32 Version: 8.70.1104.04) Mobile Connection Manager (x32) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Optimizer Pro v3.1 (x32 Version: 3.1) Phase 5 HTML-Editor (x32 Version: 5.6.2.3) phonostar-Player Version 3.02.0 (x32) Power Saving Utility (Version: 31.01.11.013) Power Saving Utility (x32) Rapport (x32 Version: 3.5.1302.61) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087) RedMon - Redirection Port Monitor Samsung Kies (x32 Version: 2.0.0.11011_16) Samsung OCR Software (x32 Version: 1.00.05 (10.07.2012)) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.1800.0) Scan Manager (x32 Version: 0.00.0013) Screen Sharing Plug-in (x32 Version: 2.0.4) Search-Results Toolbar (x32 Version: 1.2.0.0) Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 6.9 (x32 Version: 6.9.106) Spotify (HKCU Version: 0.9.4.169.gc0399df6) Spybot - Search & Destroy (x32 Version: 2.0.12) SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0) Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1) SQLXML4 (Version: 9.00.5000.00) Symantec Endpoint Protection-Client (Version: 12.0.1001.95) Synaptics Pointing Device Driver (Version: 14.0.10.0) SystemDiagnostics (x32 Version: 3.02.0010) TeamViewer 8 (x32 Version: 8.0.20202) Trusteer Endpunkt-Sicherheit (x32 Version: 3.5.1302.61) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) VLC media player 2.0.8 (x32 Version: 2.0.8) Vodafone Mobile Broadband (x32 Version: 10.3.209.40724) WebEx (x32) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8117.0416) Windows Live Communications Platform (x32 Version: 14.0.8117.416) Windows Live Essentials (x32 Version: 14.0.8117.0416) Windows Live Essentials (x32 Version: 14.0.8117.416) Windows Live Fotogalerie (x32 Version: 14.0.8117.416) Windows Live Mail (x32 Version: 14.0.8117.0416) Windows Live Messenger (x32 Version: 14.0.8117.0416) Windows Live Movie Maker (x32 Version: 14.0.8117.0416) Windows Live Sync (x32 Version: 14.0.8117.416) Windows Live Writer (x32 Version: 14.0.8117.0416) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) Windows-Treiberpaket - Prolific (Ser2pl) Ports (02/12/2007 3.0.1.0) (Version: 02/12/2007 3.0.1.0) WinZip 17.0 (x32 Version: 17.0.10283) Wireless Selector (Version: 4.01.00.101) Wireless Selector (x32 Version: ) XMind 2012 (v3.3.1) (x32 Version: 3.3.1.201212250029) ZTE USB Driver (Version: 1.0.1.25_TME) ==================== Restore Points ========================= 18-09-2013 16:37:10 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:37:42 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:39:59 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:40:05 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:41:26 Installiert Scan Manager 04-10-2013 09:15:56 Installed Rapport 04-10-2013 09:19:27 Entfernt Symantec Endpoint Protection-Client. 11-10-2013 13:59:07 Geplanter Prüfpunkt 24-10-2013 08:18:57 Geplanter Prüfpunkt 28-10-2013 22:33:02 Windows Defender Checkpoint 30-10-2013 19:54:20 Windows Defender Checkpoint 01-11-2013 10:04:36 Windows Defender Checkpoint ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-10-28 10:15 - 00004933 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {2745DF4E-5ACE-4374-93C7-2FB2A028E5A5} - System32\Tasks\{A5B6A56F-0432-4E8D-8BB9-D1B2EA954A3A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.) Task: {52572393-265E-48C3-8012-ADA9F405F1E0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {634FC067-13FB-4E2C-9AC3-4D32416D6CF1} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation) Task: {8028141C-C89F-4EF3-B6B0-029C55F72207} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe Task: {9B114685-E0B2-4743-A00D-186B3B5DAAB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd) Task: {9E4AD570-3783-4778-9831-B6C06C0DF9FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-21 22:59 - 2013-10-13 09:51 - 00657920 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-10-21 22:59 - 2013-10-13 09:50 - 00018432 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll 2013-10-21 22:59 - 2013-10-13 09:51 - 00485376 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll 2013-03-05 20:51 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-03-05 20:51 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-03-05 20:51 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-03-05 20:51 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-03-05 20:51 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl 2012-03-16 14:42 - 2012-03-16 14:42 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2012-03-16 14:42 - 2012-03-16 14:42 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2013-10-04 10:17 - 2013-10-04 10:17 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll 2013-03-05 20:51 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl 2012-07-31 12:11 - 2012-07-31 12:11 - 00396800 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll 2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2013-10-01 01:14 - 2013-10-01 01:14 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-11-12 17:00 - 2012-11-12 17:00 - 00466944 ____R () C:\Program Files (x86)\WinZip\adxloader.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\USER_THIS_COMPUTER\Desktop\Präsentation bulthaup.pptx:AFP_AfpInfo ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus) (User: ) Description: Sicherheitsrisiko gefunden!Trojan.Zbot in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\FB16.tmp.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus) (User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gpcoder.E in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe\epgox.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:35 AM) (Source: Symantec AntiVirus) (User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe von: Auto-Protect-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 09:53:14 AM) (Source: RasClient) (User: ) Description: CoID={8C7361D4-70ED-463F-919E-1D6FF6F38A82}: Der Benutzer "PACA\USER_THIS_COMPUTER" hat eine Verbindung mit dem Namen "PACA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0. Error: (11/06/2013 09:53:14 AM) (Source: RasClient) (User: ) Description: CoID={8C7361D4-70ED-463F-919E-1D6FF6F38A82}: Der Benutzer "PACA\USER_THIS_COMPUTER" hat eine Verbindung mit dem Namen "PACA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 800. Error: (11/06/2013 07:23:40 AM) (Source: SescLU) (User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. Error: (11/06/2013 06:31:26 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error: (11/06/2013 06:31:24 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error: (11/06/2013 06:31:24 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error: (11/06/2013 05:24:06 AM) (Source: SescLU) (User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. System errors: ============= Error: (11/06/2013 11:17:11 AM) (Source: TermService) (User: ) Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden. . Error: (11/06/2013 11:15:10 AM) (Source: Microsoft-Windows-GroupPolicy) (User: PACA) Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error: (11/06/2013 11:14:21 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/06/2013 11:14:20 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT) Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error: (11/06/2013 11:14:16 AM) (Source: NETLOGON) (User: ) Description: Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne PACA aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error: (11/06/2013 11:12:12 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus)(User: ) Description: Sicherheitsrisiko gefunden!Trojan.Zbot in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\FB16.tmp.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus)(User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gpcoder.E in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe\epgox.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:35 AM) (Source: Symantec AntiVirus)(User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe von: Auto-Protect-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 09:53:14 AM) (Source: RasClient)(User: ) Description: {8C7361D4-70ED-463F-919E-1D6FF6F38A82}PACA\USER_THIS_COMPUTERPACA0 Error: (11/06/2013 09:53:14 AM) (Source: RasClient)(User: ) Description: {8C7361D4-70ED-463F-919E-1D6FF6F38A82}PACA\USER_THIS_COMPUTERPACA800 Error: (11/06/2013 07:23:40 AM) (Source: SescLU)(User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. Error: (11/06/2013 06:31:26 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe Error: (11/06/2013 06:31:24 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe Error: (11/06/2013 06:31:24 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe Error: (11/06/2013 05:24:06 AM) (Source: SescLU)(User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 3892.55 MB Available physical RAM: 1796.64 MB Total Pagefile: 7783.25 MB Available Pagefile: 5519.45 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:296.08 GB) (Free:220.53 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive u: (Offline) (Network) (Total:296.08 GB) (Free:220.53 GB) CSC-CACHE ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8E760A6D) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=296 GB) - (Type=07 NTFS) ==================== End Of Log ============================ 4. Gmer GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-11-06 12:00:57 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0001 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\awrorpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077740028 5 bytes JMP 000000010131ab00 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076521d26 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000762f6737 5 bytes JMP 0000000171a50022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076307133 5 bytes JMP 0000000171ae0022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077740028 5 bytes JMP 00000001002bbad0 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076521d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000762f6737 5 bytes JMP 0000000171a20022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076307133 5 bytes JMP 0000000171a60022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006c8511a8 2 bytes [85, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006c85127d 2 bytes CALL 76ee14dd C:\Windows\syswow64\kernel32.dll .text ... * 6 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006c8513a8 2 bytes [85, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006c851422 2 bytes [85, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006c851498 2 bytes [85, 6C] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3740:3044] 000007fef6049688 Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:3156] 00000000664a86e5 Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:4180] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:5768] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:2024] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:1504] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:3012] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:6128] 00000000656e689f ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9d386c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9d386c@3c8bfe454904 0x41 0x57 0xF7 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5@3c8bfe454904 0xE9 0x22 0xF0 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5@cc051b837cfc 0x03 0xA3 0xB9 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098@3c8bfe454904 0x74 0xBC 0x5E 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098@f0e77ee16218 0x20 0x85 0x08 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9d386c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9d386c@3c8bfe454904 0x41 0x57 0xF7 0x9F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5@3c8bfe454904 0xE9 0x22 0xF0 0x0B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5@cc051b837cfc 0x03 0xA3 0xB9 0x54 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098@3c8bfe454904 0x74 0xBC 0x5E 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098@f0e77ee16218 0x20 0x85 0x08 0x4B ... ---- EOF - GMER 2.1 ---- als Laie kapituliere ich vor soviel meldung, hoffe das geht einigermaßen zu reparieren und warte (Verzweifelt) auf Hilfe Gruß Claus |
| Themen zu keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs |
| bandoo, device driver, farbar, farbar recovery scan tool, flash player, hijack.startpage, homepage, ntdll.dll, plug-in, pup.fakeflash.domaiq, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bandoo.a, pup.optional.browserprotect.a, pup.optional.datamngr.a, pup.optional.datamngrcoordinator.a, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.musicboxtoolbar.a, pup.optional.searchqu, pup.optional.wajam.a, registry, richtlinie, services.exe, spotify web helper, svchost.exe, win32/injector.aonn, win32/spy.zbot.aau |
Baum-Darstellung