| |
| |||||||
Log-Analyse und Auswertung: keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des EisbergsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.11.2013, 12:15
| #1 |
| |  keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Hallo Experten, seit einiger Zeit wird mein Rechner verdächtig langsam, schaltet Anti Virensoftware ab verzägert eingaben bei google. Ich vermutete, dass das am instalierten "Ask Toolkit" lag und wollte dies installieren. Da erhielt ich die folgende Meldung: "Sie verfügen nicht über ausreichend berechtigung, um Ask Toolbar updater zu deinstalieren..." Daraufhin wurden diverse Scans wie empfohlen durchgeführt, hier das ergebnis: 1. defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:38 on 06/11/2013 (XXXUSER) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- 2. First: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 06-11-2013 11:40:28 Running from C:\Users\USER_THIS_COMPUTER\Downloads Windows 7 Professional (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe () C:\Windows\Dell\PanelMgr\SSMMgr.exe () C:\Windows\Dell\PanelMgr\caller64.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc) HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc) HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd) HKCU\...\Run: [Neuer Wert #1] - [x] HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 MountPoints2: E - E:\LaunchU3.exe -a MountPoints2: {5ffc578e-d812-11e2-82ad-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence MountPoints2: {5ffc5797-d812-11e2-82ad-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence MountPoints2: {74e61dd7-865b-11e2-82fa-e839df859bb5} - E:\LaunchU3.exe -a MountPoints2: {8fc838f8-faf4-11e2-9a46-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone) HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] () AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL c:\progra~2\musict~1\datamngr\x64\mgrldr.dll [8704 2013-09-22] () AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL c:\progra~2\musict~1\datamngr\mgrldr.dll [18432 2013-10-13] () IMEO\bitguard.exe: [Debugger] tasklist.exe IMEO\bprotect.exe: [Debugger] tasklist.exe IMEO\browsemngr.exe: [Debugger] tasklist.exe IMEO\browserdefender.exe: [Debugger] tasklist.exe IMEO\browsermngr.exe: [Debugger] tasklist.exe IMEO\browserprotect.exe: [Debugger] tasklist.exe IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IMEO\cltmngsvc.exe: [Debugger] tasklist.exe IMEO\delta babylon.exe: [Debugger] tasklist.exe IMEO\delta tb.exe: [Debugger] tasklist.exe IMEO\delta2.exe: [Debugger] tasklist.exe IMEO\deltainstaller.exe: [Debugger] tasklist.exe IMEO\deltasetup.exe: [Debugger] tasklist.exe IMEO\deltatb.exe: [Debugger] tasklist.exe IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IMEO\iminentsetup.exe: [Debugger] tasklist.exe IMEO\rjatydimofu.exe: [Debugger] tasklist.exe IMEO\sweetimsetup.exe: [Debugger] tasklist.exe IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [485376 2013-10-13] () <===== ATTENTION HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [657920 2013-10-13] () <===== ATTENTION BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/102?appid=100 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ts.fujitsu.com/index2 SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKCU - DefaultScope {DD2F7462-4D17-4CEB-A83D-A787C2076C88} URL = hxxp://www.bing.com/search?q={searchTerms}&r=100 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=56EA4A0F6E742F73 SearchScopes: HKCU - {726D6F83-8A31-4436-99AB-864BC23EEBDB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=AACB7B16-65BE-4BD0-98C3-E788386DBD3E&apn_sauid=6D88DA0B-A73F-48DE-A33D-33630C6D8979 SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} SearchScopes: HKCU - {DD2F7462-4D17-4CEB-A83D-A787C2076C88} URL = hxxp://www.bing.com/search?q={searchTerms}&r=100 SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178 Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44 Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28 Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.28 88.82.13.28 FireFox: ======== FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default FF user.js: detected! => C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\user.js FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://www.search.ask.com/?o=APN10646A&gct=hp&d=102-100&v=a9659-142&t=4 FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=102&v=a9659-142&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=4104496122144376&o=APN10646&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll () FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\Ask.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\SearchResults.xml FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Bandoo for Firefox - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\ffox@bandoo.com FF Extension: Delta Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\ffxtlbr@delta.com FF Extension: gTranslator - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\jyboy.yy@gmail.com FF Extension: New tab - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{5FE1FEC3-D2C0-BDA1-4982-F9508D4E6709} FF Extension: Search-Results Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} FF Extension: Searchqu Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} FF Extension: webbooster - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\webbooster@iminent.com.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com ==================== Services (Whitelisted) ================= R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation) R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation) R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3422720 2013-10-13] (Bandoo Media Inc.) S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG) S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG) S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation) S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation) R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation) S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation) R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation) S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D) R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] () S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x] S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x] S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x] S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x] S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x] S2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x] ==================== Drivers (Whitelisted) ==================== R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-06] (Symantec Corporation) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.002\ENG64.SYS [126040 2013-11-06] (Symantec Corporation) R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.002\EX64.SYS [2099288 2013-11-06] (Symantec Corporation) R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-10-04] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation) R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation) S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation) R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation) R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation) R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] U0 dmboot; S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST 2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe 2013-11-06 11:38 - 2013-11-06 11:38 - 00000474 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log 2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable 2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe 2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls 2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module 2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip 2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls 2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls 2013-10-30 20:35 - 2013-10-30 23:23 - 00000000 ____D C:\Program Files (x86)\a2zLyrics-16 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-21 22:59 - 2013-11-06 11:34 - 00000000 ____D C:\ProgramData\Datamngr 2013-10-21 22:59 - 2013-10-21 22:59 - 00000000 ____D C:\Program Files (x86)\Music Toolbar 2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd 2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd 2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls 2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten 2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe 2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe 2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1) 2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL 2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind ==================== One Month Modified Files and Folders ======= 2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST 2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe 2013-11-06 11:38 - 2013-11-06 11:38 - 00000474 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log 2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable 2013-11-06 11:38 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER 2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe 2013-11-06 11:34 - 2013-10-21 22:59 - 00000000 ____D C:\ProgramData\Datamngr 2013-11-06 11:23 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-06 11:23 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-06 11:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-06 11:18 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype 2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype 2013-11-06 11:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2013-11-06 11:14 - 2013-10-06 08:46 - 00000840 _____ C:\Windows\setupact.log 2013-11-06 11:14 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-11-06 11:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-06 11:04 - 2011-01-19 18:07 - 01504004 _____ C:\Windows\WindowsUpdate.log 2013-11-06 10:35 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify 2013-11-06 09:54 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl 2013-11-06 00:31 - 2013-10-01 01:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls 2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify 2013-11-05 17:50 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log 2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module 2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip 2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls 2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls 2013-11-05 06:48 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att 2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe 2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj 2013-11-01 15:36 - 2013-03-08 16:41 - 00010588 _____ C:\Windows\PFRO.log 2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-11-01 11:02 - 2010-04-26 14:06 - 00766754 _____ C:\Windows\system32\perfh007.dat 2013-11-01 11:02 - 2010-04-26 14:06 - 00174946 _____ C:\Windows\system32\perfc007.dat 2013-11-01 11:02 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-01 10:55 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-30 23:23 - 2013-10-30 20:35 - 00000000 ____D C:\Program Files (x86)\a2zLyrics-16 2013-10-30 20:50 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP 2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BrowserProtect 2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-21 23:00 - 2013-05-23 17:59 - 00000000 ____D C:\ProgramData\Wincert 2013-10-21 22:59 - 2013-10-21 22:59 - 00000000 ____D C:\Program Files (x86)\Music Toolbar 2013-10-21 22:59 - 2013-05-23 17:58 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar 2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd 2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls 2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind 2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten 2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe 2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe 2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1) 2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL 2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind Files to move or delete: ==================== C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll Some content of TEMP: ==================== C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\BEB3.tmp.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Delta.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\DeltaTB.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\mconduitinstaller.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\MybabylonTB.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\propsys.dll C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\WSSetup.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is4BF1.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is8E9B.exe C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is9EA2.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-04 03:30 ==================== End Of Log ============================ 3. Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013 Ran by USER_THIS_COMPUTER at 2013-11-06 11:41:25 Running from C:\Users\USER_THIS_COMPUTER\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} ==================== Installed Programs ====================== 39703 x64 (x32 Version: 1.00.0000) 64 Bit HP CIO Components Installer (Version: 7.2.5) 7-Zip 4.42 (x32) Adobe AIR (x32 Version: 3.3.0.3650) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader X (10.1.3) - Deutsch (x32 Version: 10.1.3) Allzeit Atomzeit 2.00 (x32 Version: 2.00) Anviz Zeiter fassungs system (x32) Ask Toolbar Updater (HKCU Version: 1.2.4.36191) B1315AppGuid (x32 Version: 1.0.0) Bluetooth Feature Pack 5.0 (Version: 5.0.14) CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9) Canon MOV Decoder (x32 Version: 1.8.0.7) Canon MOV Encoder (x32 Version: 1.6.0.1) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4) Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0) Canon Utilities EOS Sample Music (x32 Version: 1.0.0.204) Canon Utilities EOS Utility (x32 Version: 2.10.2.0) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10) Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0) Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9) CCleaner (Version: 3.27) Common Desktop Agent (Version: 1.62.0) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6514.5001) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001) Crystal Reports Runtime XI (x32 Version: 1.0.9) CyberLink YouCam (x32 Version: 3.0.1908.7636) DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0) DATEV Installation V.3.0 (x32) Dell 2355dn Laser MFP Software-Deinstallation (x32) Dell Driver Download Manager (HKCU Version: 3.0.0.0) DeskUpdate 4.11 (x32 Version: 4.11.0074) DFL2010 ConfigDB (x32 Version: 4.16.3241.0) DFL2010 Microkernel (x32 Version: 4.16.3241.0) Evernote v. 4.5.6 (x32 Version: 4.5.6.6884) FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2) FreePDF (Remove only) (x32) Fujitsu Display Manager (Version: 7.01.00.210) Fujitsu Display Manager (x32 Version: ) Fujitsu Hotkey Utility (x32 Version: 3.60.1.0) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000) Fujitsu MobilityCenter Extension Utility (x32 Version: ) Fujitsu System Extension Utility (Version: 3.1.1.0) Fujitsu System Extension Utility (x32) GeoGebra 4 (HKCU) GoToMeeting 5.0.0.802 (HKCU Version: 5.0.0.802) GPL Ghostscript 9.00 (x32) Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Java Auto Updater (x32 Version: 2.0.7.2) Java(TM) 6 Update 37 (x32 Version: 6.0.370) Junk Mail filter update (x32 Version: 14.0.8117.416) jZip (HKCU Version: 2.0.0.132700) LifeBook Application Panel (Version: 8.1.0.0) LifeBook Application Panel (x32) LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.92) Market Samurai (x32 Version: 0.88.74) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft MapPoint Europa 2006 (x32 Version: 13.00.18.1200) Microsoft Office Outlook 2003 (x32 Version: 11.0.8173.0) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.5614.0) Microsoft Office Project Professional 2003 (x32 Version: 11.0.5614.0) Microsoft Office Visio Professional 2003 (x32 Version: 11.0.3216.5614) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server 2008 R2 (64-bit) Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0) Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0) Microsoft SQL Server Browser (x32 Version: 10.51.2500.0) Microsoft SQL Server Native Client (Version: 9.00.5000.00) Microsoft SQL Server VSS Writer (Version: 10.51.2500.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft XML Parser (x32 Version: 8.70.1104.04) Mobile Connection Manager (x32) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Optimizer Pro v3.1 (x32 Version: 3.1) Phase 5 HTML-Editor (x32 Version: 5.6.2.3) phonostar-Player Version 3.02.0 (x32) Power Saving Utility (Version: 31.01.11.013) Power Saving Utility (x32) Rapport (x32 Version: 3.5.1302.61) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087) RedMon - Redirection Port Monitor Samsung Kies (x32 Version: 2.0.0.11011_16) Samsung OCR Software (x32 Version: 1.00.05 (10.07.2012)) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.1800.0) Scan Manager (x32 Version: 0.00.0013) Screen Sharing Plug-in (x32 Version: 2.0.4) Search-Results Toolbar (x32 Version: 1.2.0.0) Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 6.9 (x32 Version: 6.9.106) Spotify (HKCU Version: 0.9.4.169.gc0399df6) Spybot - Search & Destroy (x32 Version: 2.0.12) SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0) Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1) SQLXML4 (Version: 9.00.5000.00) Symantec Endpoint Protection-Client (Version: 12.0.1001.95) Synaptics Pointing Device Driver (Version: 14.0.10.0) SystemDiagnostics (x32 Version: 3.02.0010) TeamViewer 8 (x32 Version: 8.0.20202) Trusteer Endpunkt-Sicherheit (x32 Version: 3.5.1302.61) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) VLC media player 2.0.8 (x32 Version: 2.0.8) Vodafone Mobile Broadband (x32 Version: 10.3.209.40724) WebEx (x32) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8117.0416) Windows Live Communications Platform (x32 Version: 14.0.8117.416) Windows Live Essentials (x32 Version: 14.0.8117.0416) Windows Live Essentials (x32 Version: 14.0.8117.416) Windows Live Fotogalerie (x32 Version: 14.0.8117.416) Windows Live Mail (x32 Version: 14.0.8117.0416) Windows Live Messenger (x32 Version: 14.0.8117.0416) Windows Live Movie Maker (x32 Version: 14.0.8117.0416) Windows Live Sync (x32 Version: 14.0.8117.416) Windows Live Writer (x32 Version: 14.0.8117.0416) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) Windows-Treiberpaket - Prolific (Ser2pl) Ports (02/12/2007 3.0.1.0) (Version: 02/12/2007 3.0.1.0) WinZip 17.0 (x32 Version: 17.0.10283) Wireless Selector (Version: 4.01.00.101) Wireless Selector (x32 Version: ) XMind 2012 (v3.3.1) (x32 Version: 3.3.1.201212250029) ZTE USB Driver (Version: 1.0.1.25_TME) ==================== Restore Points ========================= 18-09-2013 16:37:10 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:37:42 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:39:59 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:40:05 Installiert InstallShield Wiederherstellungspunkt 18-09-2013 16:41:26 Installiert Scan Manager 04-10-2013 09:15:56 Installed Rapport 04-10-2013 09:19:27 Entfernt Symantec Endpoint Protection-Client. 11-10-2013 13:59:07 Geplanter Prüfpunkt 24-10-2013 08:18:57 Geplanter Prüfpunkt 28-10-2013 22:33:02 Windows Defender Checkpoint 30-10-2013 19:54:20 Windows Defender Checkpoint 01-11-2013 10:04:36 Windows Defender Checkpoint ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-10-28 10:15 - 00004933 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {2745DF4E-5ACE-4374-93C7-2FB2A028E5A5} - System32\Tasks\{A5B6A56F-0432-4E8D-8BB9-D1B2EA954A3A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.) Task: {52572393-265E-48C3-8012-ADA9F405F1E0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {634FC067-13FB-4E2C-9AC3-4D32416D6CF1} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation) Task: {8028141C-C89F-4EF3-B6B0-029C55F72207} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe Task: {9B114685-E0B2-4743-A00D-186B3B5DAAB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd) Task: {9E4AD570-3783-4778-9831-B6C06C0DF9FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-21 22:59 - 2013-10-13 09:51 - 00657920 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-10-21 22:59 - 2013-10-13 09:50 - 00018432 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll 2013-10-21 22:59 - 2013-10-13 09:51 - 00485376 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll 2013-03-05 20:51 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-03-05 20:51 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-03-05 20:51 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-03-05 20:51 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-03-05 20:51 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl 2012-03-16 14:42 - 2012-03-16 14:42 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2012-03-16 14:42 - 2012-03-16 14:42 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2013-10-04 10:17 - 2013-10-04 10:17 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll 2013-03-05 20:51 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl 2012-07-31 12:11 - 2012-07-31 12:11 - 00396800 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll 2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2013-10-01 01:14 - 2013-10-01 01:14 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-11-12 17:00 - 2012-11-12 17:00 - 00466944 ____R () C:\Program Files (x86)\WinZip\adxloader.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\USER_THIS_COMPUTER\Desktop\Präsentation bulthaup.pptx:AFP_AfpInfo ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus) (User: ) Description: Sicherheitsrisiko gefunden!Trojan.Zbot in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\FB16.tmp.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus) (User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gpcoder.E in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe\epgox.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:35 AM) (Source: Symantec AntiVirus) (User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe von: Auto-Protect-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 09:53:14 AM) (Source: RasClient) (User: ) Description: CoID={8C7361D4-70ED-463F-919E-1D6FF6F38A82}: Der Benutzer "PACA\USER_THIS_COMPUTER" hat eine Verbindung mit dem Namen "PACA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0. Error: (11/06/2013 09:53:14 AM) (Source: RasClient) (User: ) Description: CoID={8C7361D4-70ED-463F-919E-1D6FF6F38A82}: Der Benutzer "PACA\USER_THIS_COMPUTER" hat eine Verbindung mit dem Namen "PACA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 800. Error: (11/06/2013 07:23:40 AM) (Source: SescLU) (User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. Error: (11/06/2013 06:31:26 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error: (11/06/2013 06:31:24 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error: (11/06/2013 06:31:24 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error: (11/06/2013 05:24:06 AM) (Source: SescLU) (User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. System errors: ============= Error: (11/06/2013 11:17:11 AM) (Source: TermService) (User: ) Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden. . Error: (11/06/2013 11:15:10 AM) (Source: Microsoft-Windows-GroupPolicy) (User: PACA) Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error: (11/06/2013 11:14:21 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/06/2013 11:14:20 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT) Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error: (11/06/2013 11:14:16 AM) (Source: NETLOGON) (User: ) Description: Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne PACA aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error: (11/06/2013 11:12:12 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus)(User: ) Description: Sicherheitsrisiko gefunden!Trojan.Zbot in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\FB16.tmp.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus)(User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gpcoder.E in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe\epgox.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 11:07:35 AM) (Source: Symantec AntiVirus)(User: ) Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe von: Auto-Protect-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion: Error: (11/06/2013 09:53:14 AM) (Source: RasClient)(User: ) Description: {8C7361D4-70ED-463F-919E-1D6FF6F38A82}PACA\USER_THIS_COMPUTERPACA0 Error: (11/06/2013 09:53:14 AM) (Source: RasClient)(User: ) Description: {8C7361D4-70ED-463F-919E-1D6FF6F38A82}PACA\USER_THIS_COMPUTERPACA800 Error: (11/06/2013 07:23:40 AM) (Source: SescLU)(User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. Error: (11/06/2013 06:31:26 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe Error: (11/06/2013 06:31:24 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe Error: (11/06/2013 06:31:24 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe Error: (11/06/2013 05:24:06 AM) (Source: SescLU)(User: ) Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install. ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 3892.55 MB Available physical RAM: 1796.64 MB Total Pagefile: 7783.25 MB Available Pagefile: 5519.45 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:296.08 GB) (Free:220.53 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive u: (Offline) (Network) (Total:296.08 GB) (Free:220.53 GB) CSC-CACHE ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8E760A6D) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=296 GB) - (Type=07 NTFS) ==================== End Of Log ============================ 4. Gmer GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-11-06 12:00:57 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0001 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\awrorpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077740028 5 bytes JMP 000000010131ab00 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076521d26 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000762f6737 5 bytes JMP 0000000171a50022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076307133 5 bytes JMP 0000000171ae0022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077740028 5 bytes JMP 00000001002bbad0 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076521d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000762f6737 5 bytes JMP 0000000171a20022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076307133 5 bytes JMP 0000000171a60022 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006c8511a8 2 bytes [85, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006c85127d 2 bytes CALL 76ee14dd C:\Windows\syswow64\kernel32.dll .text ... * 6 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006c8513a8 2 bytes [85, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006c851422 2 bytes [85, 6C] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006c851498 2 bytes [85, 6C] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3740:3044] 000007fef6049688 Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:3156] 00000000664a86e5 Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:4180] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:5768] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:2024] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:1504] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:3012] 00000000656e689f Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:6128] 00000000656e689f ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9d386c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9d386c@3c8bfe454904 0x41 0x57 0xF7 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5@3c8bfe454904 0xE9 0x22 0xF0 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5@cc051b837cfc 0x03 0xA3 0xB9 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098@3c8bfe454904 0x74 0xBC 0x5E 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098@f0e77ee16218 0x20 0x85 0x08 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9d386c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9d386c@3c8bfe454904 0x41 0x57 0xF7 0x9F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5@3c8bfe454904 0xE9 0x22 0xF0 0x0B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5@cc051b837cfc 0x03 0xA3 0xB9 0x54 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098@3c8bfe454904 0x74 0xBC 0x5E 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098@f0e77ee16218 0x20 0x85 0x08 0x4B ... ---- EOF - GMER 2.1 ---- als Laie kapituliere ich vor soviel meldung, hoffe das geht einigermaßen zu reparieren und warte (Verzweifelt) auf Hilfe Gruß Claus |
|
06.11.2013, 12:44
| #2 |
| /// the machine /// TB-Ausbilder    | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ |
|
06.11.2013, 14:44
| #3 |
| | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs voila!
__________________alles per Anweisung durchgeführt... keine Zickerei beim Neustart... Code:
ATTFilter ComboFix 13-11-04.01 - User_This_Computer 06.11.2013 13:14:26.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3893.1419 [GMT 1:00]
ausgeführt von:: c:\users\User_This_Computer\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\a2zLyrics-16
c:\program files (x86)\Search Results Toolbar\Datamngr
c:\program files (x86)\Search Results Toolbar\Datamngr\del_DM_DLL_nsiBCA2.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\del_DM_EXE_nsiBCA2.exe
c:\program files (x86)\Search Results Toolbar\Datamngr\del_DM_LL_nsiBCA2.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\del_mg_nsiBCA2.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultsDx.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultstb.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\as_guid.dat
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\custom.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\about.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\custom.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\external.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsspreview.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\datastore.jsm
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\neterror.xhtml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\preferences.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\template.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.htm
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmncode.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmnrsswin.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\engines.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\search.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\weather\icons.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib\en.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\locale.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\de.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\en.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\es.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\fr.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\it.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\blip.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluelite.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluesky.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn_settings.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\custom.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\dailymotion.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\divider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\ebay.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\facebook.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\find-videos.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\grey.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\icon_games.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\images.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\alexabutton.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\aol.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\blank.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\checkmark.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\chevron.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\collapse.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx-test.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\expand.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\found.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\gmail.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\hotmail.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\imap.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\launchers.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lock.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\mailcom.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\minus.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\modify.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\move.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\movetarget.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\ie-only.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\ie7-only.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-close-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-close.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\footer-short-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\footer-short-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\footer-short-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\titlebar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\titlebar-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\titlebar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html.bak
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js.bak
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ajax-loader.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\apps-hover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-down-white.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-add-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-grey-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-left22-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-left22.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-middle22.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-right22-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-right22.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-install.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-launch-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-launch.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\footer-short-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\footer-short-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\footer-short-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-box-next.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-info-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-info.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-pref-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-pref.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-user-monitor.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\left-menu-hover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchbox.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchboxlite.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchboxlite_end.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\shadow-leftmenu.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\sprite-dropdown.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_blank.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\titlebar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\titlebar-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\titlebar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\topbar-inside-gradient.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-bottom-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-left-bottomglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-left-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-left-topglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-right-bottomglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-right-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-right-topglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-top-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\default.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.uniform.min.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.url.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\plus.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\pop.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\radio.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\reload.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\remove.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rename.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rss.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search-go.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\separator.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\throbber.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html.bak
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\yahoo.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lichen.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-about.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-separator.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\metacafe.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify-save.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modifyhot.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\namespacetoolbar.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-main.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\orange.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search_icon.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\setting_stb_16x.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x_over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluelite.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluesky.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-lichen.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-orange.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-yellow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\sv.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\throbber.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\TRUSTe_about.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\tv.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\twitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\veoh.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\video.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vimeo.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vmn.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\web.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\websearch.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\yellow.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\youtube.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\components\windowmediator.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\install.ico
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\manifest.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\uninstall.exe
c:\program files (x86)\Search Results Toolbar\Datamngr\x64\del_DM_LL_nsiBCA2.dll
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\User_This_Computer\AppData\Local\assembly\tmp
c:\users\User_This_Computer\AppData\Local\Temp\IntResource.dll
c:\users\User_This_Computer\AppData\Roaming\Afazo
c:\users\User_This_Computer\AppData\Roaming\Afazo\exajyv.exe
c:\users\User_This_Computer\AppData\Roaming\Bamuv
c:\users\User_This_Computer\AppData\Roaming\Bamuv\adsyup.exe
c:\users\User_This_Computer\AppData\Roaming\Egaqan
c:\users\User_This_Computer\AppData\Roaming\Egaqan\kiexo.exe
c:\users\User_This_Computer\AppData\Roaming\Lowues
c:\users\User_This_Computer\AppData\Roaming\Lowues\vupeut.exe
c:\users\User_This_Computer\AppData\Roaming\Witem
c:\users\User_This_Computer\AppData\Roaming\Witem\yjot.exe
c:\users\User_This_Computer\AppData\Roaming\Zuviy
c:\users\User_This_Computer\AppData\Roaming\Zuviy\kaac.exe
c:\users\user\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-06 bis 2013-11-06 ))))))))))))))))))))))))))))))
.
.
2013-11-06 10:40 . 2013-11-06 10:40 -------- d-----w- C:\FRST
2013-11-01 14:52 . 2013-11-06 10:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2D6C8F8-BB51-4B78-907B-589BFB5E87AD}\offreg.dll
2013-10-21 22:46 . 2013-10-21 22:46 -------- d-----w- c:\programdata\BrowserProtect
2013-10-21 22:46 . 2013-10-21 22:46 -------- d-----w- c:\programdata\BitGuard
2013-10-21 21:59 . 2013-10-21 21:59 -------- d-----w- c:\program files (x86)\Music Toolbar
2013-10-21 21:59 . 2013-11-06 12:39 -------- d-----w- c:\programdata\Datamngr
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 10:19 . 2012-06-07 18:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 10:19 . 2012-06-07 18:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-10 21:18 . 2013-10-04 09:17 295696 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"Spotify Web Helper"="c:\users\User_This_Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-08 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-01-24 115560]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-07-31 69632]
"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2011-04-15 692224]
.
c:\users\User_This_Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2012-6-13 22624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;DATEV Schnittstellensystem pro V0300;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
R4 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [x]
R4 Datev.Database.Conserve;DATEV Connection Service;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R4 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R4 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R4 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [x]
R4 MSSQL$DATEV_DBENGINE;SQL Server (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [x]
R4 MSSQLFDLauncher$DATEV_DBENGINE;SQL Full-text Filter Daemon Launcher (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$DATEV_DBENGINE;SQL Server Agent (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 16:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
"CSRBIP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe" [2009-12-24 419752]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/102?appid=100
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: NameServer = 62.6.40.178
TCP: Interfaces\{4DF21D34-FBE7-4122-AB66-3576694E31B1}: NameServer = 192.168.11.11
TCP: Interfaces\{7C28AF9D-50FF-4C7A-9EBA-D637A9FFB26B}\2427F6E6A75645967656272474: DhcpNameServer = 192.168.0.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: NameServer = 88.82.13.44 88.82.13.44
TCP: Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: NameServer = 88.82.13.28 88.82.13.28
TCP: Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: NameServer = 88.82.13.28 88.82.13.28
FF - ProfilePath - c:\users\User_This_Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.search.ask.com/?o=APN10646A&gct=hp&d=102-100&v=a9659-142&t=4
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=102&v=a9659-142&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=4104496122144376&o=APN10646&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{7abe12ca-e995-4ab4-9a4e-ef8820a20182} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Toolbar-Locked - (no file)
Toolbar-{7abe12ca-e995-4ab4-9a4e-ef8820a20182} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Neuer Wert #1 - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-BthSyncServ - c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe
AddRemove-jziptoolbargaw - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
AddRemove-GeoGebra 4 - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-450697736-2229791768-3296062214-1169\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,dc,1a,
bd,e1,23,c0,06,be,88,d0,a6,8b,ee,5d,0e
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,3b,1b,b5,45,b8,
d8,1d,df,f8,06,9e,23,f8,a8,5c,40,51,9c
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,21,3a,
54,8f,33,12,0d,8f,f8,a2,84,07,74,35,6e
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,82,9f,
81,1c,1e,b5,03,86,da,83,d9,69,a9,31,a7
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,3b,1b,a6,d6,ed,
85,0e,75,1f,0b,8b,e7,52,74,70,92,c8,da
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-06 13:46:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-11-06 12:46
.
Vor Suchlauf: 18 Verzeichnis(se), 239.505.862.656 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 238.781.882.368 Bytes frei
.
- - End Of File - - FDBF3AEDC5F4B9BE4A31CEB16581B6B4
Gruß Claus |
|
06.11.2013, 17:29
| #4 |
| /// the machine /// TB-Ausbilder | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.11.2013, 20:27
| #5 |
| | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Malware durchgeführt, Ergebnis siehe unten: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.06.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 USER_THIS_Computer :: PACANB010 [Administrator] 06.11.2013 17:54:37 mbam-log-2013-11-06 (17-54-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291016 Laufzeit: 59 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 3 C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (PUP.Optional.Bandoo.A) -> 1996 -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (PUP.Optional.Bandoo.A) -> 2104 -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (PUP.Optional.Bandoo.A) -> 432 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 14 HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\DATAMNGR (PUP.Optional.MusicBoxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Datamngr|uninstallstring (PUP.Optional.MusicBoxToolBar.A) -> Daten: C:\Program Files (x86)\Music Toolbar\Datamngr\uninstall.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Daten: hxxp://www.delta-search.com/?affID=120519&tt=gc_&babsrc=NT_ss&mntrId=56EA4A0F6E742F73 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator|ImagePath (PUP.Optional.DatamngrCoordinator.A) -> Daten: C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.searchnu.com/102?appid=100) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 10 C:\ProgramData\Datamngr (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Music Toolbar\Datamngr (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\x64 (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. Infizierte Dateien: 29 C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (PUP.Optional.Bandoo.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (PUP.Optional.Bandoo.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> Löschen bei Neustart. C:\Users\USER_THIS_Computer\Downloads\Babylon10_setup(1).exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\USER_THIS_Computer\Downloads\Babylon10_setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\USER_THIS_Computer\Downloads\FlashPlayer_V.161252661b.exe (PUP.FakeFlash.Domaiq) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Datamngr\coordinator.cfg (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Datamngr\general.cfg (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Datamngr\S-1-5-21-450697736-2229791768-3296062214-1169.cfg (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\Datamngr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\Helper.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\Internet Explorer Settings.exe (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\Uninstall.exe (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\x64\Datamngr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\x64\Internet Explorer Settings.exe (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart. (Ende) Code:
ATTFilter # AdwCleaner v3.011 - Bericht erstellt am 06/11/2013 um 19:38:08
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzername : USER_THIS_COMPUTER - PACANB010
# Gestartet von : C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\Ask
[!] Ordner Gelöscht : C:\ProgramData\Bandoo
[!] Ordner Gelöscht : C:\ProgramData\BitGuard
[!] Ordner Gelöscht : C:\ProgramData\boost_interprocess
[!] Ordner Gelöscht : C:\ProgramData\Browser Manager
[!] Ordner Gelöscht : C:\ProgramData\BrowserProtect
[!] Ordner Gelöscht : C:\ProgramData\eSafe
[!] Ordner Gelöscht : C:\ProgramData\Partner
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
[!] Ordner Gelöscht : C:\Program Files (x86)\Bandoo
[!] Ordner Gelöscht : C:\Program Files (x86)\Ilivid
[!] Ordner Gelöscht : C:\Program Files (x86)\jZip
[!] Ordner Gelöscht : C:\Program Files (x86)\Music Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Search Results Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar
[!] Ordner Gelöscht : C:\Users\user\AppData\Local\PackageAware
[!] Ordner Gelöscht : C:\Users\user\AppData\LocalLow\AskToolbar
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Iminent
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\Qtrax
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Local\Ilivid Player
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Local\jZip
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Local\PackageAware
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\LocalLow\jziptoolbargaw
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\LocalLow\Searchqutoolbar
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Bandoo
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\DSite
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1etsrt3d.default\jziptoolbargaw
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1etsrt3d.default\Searchqutoolbar
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\jziptoolbargaw
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Searchqutoolbar
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1etsrt3d.default\Extensions\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by USER_THIS_COMPUTER on 06.11.2013 at 20:08:02,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-enabler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-enabler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-updater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-updater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-enabler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-enabler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-updater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-updater_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{726D6F83-8A31-4436-99AB-864BC23EEBDB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD2F7462-4D17-4CEB-A83D-A787C2076C88}
~~~ Files
~~~ Folders
~~~ FireFox
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\user.js
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\invalidprefs.js
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\ask.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\searchresults.xml
Successfully deleted the following from C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\prefs.js
user_pref("iminent.LayoutId", "1");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.registerToolbarEvent102", "1383763533079");
user_pref("iminent.registerToolbarEvent140", "1383696411634");
user_pref("iminent.version", "7.43.4.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.41.2.1\",\"InstallEventCTime\":1382392843535,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1383765194942}");
user_pref("iminent.webbooster.scripts.minibar.FavLinkSplitTestingClass", "v1");
user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1375441696317");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1374930217500");
user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1375349857612");
Emptied folder: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\minidumps [313 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2013 at 20:19:03,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 06-11-2013 20:24:34
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
() C:\Windows\Dell\PanelMgr\SSMMgr.exe
() C:\Windows\Dell\PanelMgr\caller64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] ()
HKU\user\...\Run: [phonostarTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [39936 2010-11-23] ()
HKU\user\...\Run: [phonostar-Player] - C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe [110592 2010-11-23] ()
HKU\user\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL =
SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL =
SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178
Tcpip\..\Interfaces\{4DF21D34-FBE7-4122-AB66-3576694E31B1}: [NameServer]192.168.11.11
Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44
Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28
Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.28 88.82.13.28
FireFox:
========
FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: gTranslator - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\jyboy.yy@gmail.com
FF Extension: New tab - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{5FE1FEC3-D2C0-BDA1-4982-F9508D4E6709}
FF Extension: webbooster - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
==================== Services (Whitelisted) =================
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation)
S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]
==================== Drivers (Whitelisted) ====================
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-06] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.025\ENG64.SYS [126040 2013-11-06] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.025\EX64.SYS [2099288 2013-11-06] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-06] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U0 dmboot;
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-06 20:19 - 2013-11-06 20:19 - 00006466 _____ C:\Users\USER_THIS_COMPUTER\Desktop\JRT.txt
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:32 - 2013-11-06 19:33 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:50 - 2013-11-06 17:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-06 13:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-06 13:09 - 2013-11-06 13:48 - 00000000 ____D C:\ComboFix
2013-11-06 12:55 - 2013-11-06 13:47 - 00000000 ____D C:\Qoobox
2013-11-06 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\nircmd.exe
2013-11-06 12:50 - 2013-11-06 13:43 - 00000000 ____D C:\Windows\erdnt
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:43 - 2013-11-06 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:59 - 2013-11-06 12:04 - 00045914 _____ C:\Users\USER_THIS_COMPUTER\Desktop\gmer.txt
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:41 - 2013-11-06 12:03 - 00027815 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Addition.txt
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 12:02 - 00000478 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind
==================== One Month Modified Files and Folders =======
2013-11-06 20:19 - 2013-11-06 20:19 - 00006466 _____ C:\Users\USER_THIS_COMPUTER\Desktop\JRT.txt
2013-11-06 20:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 20:07 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype
2013-11-06 20:06 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-06 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:55 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-06 19:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 19:54 - 2013-10-06 08:46 - 00001008 _____ C:\Windows\setupact.log
2013-11-06 19:54 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER
2013-11-06 19:53 - 2011-01-19 18:07 - 01539927 _____ C:\Windows\WindowsUpdate.log
2013-11-06 19:33 - 2013-11-06 19:32 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 19:26 - 2013-03-08 16:41 - 00017834 _____ C:\Windows\PFRO.log
2013-11-06 19:26 - 2012-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:51 - 2013-11-06 17:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 17:44 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att
2013-11-06 16:22 - 2011-02-01 19:19 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Apps\2.0
2013-11-06 16:06 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-06 14:22 - 2013-11-06 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 13:48 - 2013-11-06 13:09 - 00000000 ____D C:\ComboFix
2013-11-06 13:47 - 2013-11-06 12:55 - 00000000 ____D C:\Qoobox
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\TxR
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\systemprofile
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\RegBack
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\Journal
2013-11-06 13:47 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:43 - 2013-11-06 12:50 - 00000000 ____D C:\Windows\erdnt
2013-11-06 13:39 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-06 13:32 - 2013-03-05 20:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-06 13:32 - 2009-07-14 03:34 - 95944704 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 06553600 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-06 13:31 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:04 - 2013-11-06 11:59 - 00045914 _____ C:\Users\USER_THIS_COMPUTER\Desktop\gmer.txt
2013-11-06 12:03 - 2013-11-06 11:41 - 00027815 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Addition.txt
2013-11-06 12:02 - 2013-11-06 11:38 - 00000478 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 10:35 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify
2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe
2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj
2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-01 11:02 - 2010-04-26 14:06 - 00766754 _____ C:\Windows\system32\perfh007.dat
2013-11-01 11:02 - 2010-04-26 14:06 - 00174946 _____ C:\Windows\system32\perfc007.dat
2013-11-01 11:02 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 10:55 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 20:50 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP
2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-17 15:05 - 2013-10-04 10:17 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind
2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind
Some content of TEMP:
====================
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-04 03:30
==================== End Of Log ============================
--- --- --- --- --- --- Hausaufgaben erledigt, warte gepsannt, wies weiter geht.... Gruß Claus |
|
07.11.2013, 12:28
| #6 |
| /// the machine /// TB-Ausbilder | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des EisbergsESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs |
|
07.11.2013, 18:49
| #7 |
| | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Ergebnisse Smartinstaller: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d12ef347b5ba4545a2633d0b42fdc55c
# engine=15793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-07 04:56:44
# local_time=2013-11-07 05:56:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776637 100 94 9348 135473254 0 0
# scanned=165824
# found=6
# cleaned=0
# scan_time=9137
sh=9EB3F26FCA53F48D89C4DB4AD8E932572B51751E ft=1 fh=feb261162876a139 vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Afazo\exajyv.exe.vir"
sh=73FEDB598D7B42AD30343E3CF016E42C886D4E54 ft=1 fh=599dcf419ba3b29b vn="a variant of Win32/Injector.AONN trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Bamuv\adsyup.exe.vir"
sh=D2C72FA39C2274434C519A84270FD5B5111590FF ft=1 fh=3e57d3dd48e4ccff vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Egaqan\kiexo.exe.vir"
sh=346AAA17CC52F6EE3117D1A0325C4ACDB696E0FC ft=1 fh=903ac8b69ba3b29b vn="a variant of Win32/Injector.AONN trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Lowues\vupeut.exe.vir"
sh=2133C05D0A19377BCDCC2793A956AAC91F8E51FA ft=1 fh=2fe26782e59740cc vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Witem\yjot.exe.vir"
sh=88F371DF13326A45062A40A753DB7AA510C79A86 ft=1 fh=7a00eafdd1a2e769 vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Zuviy\kaac.exe.vir"
"Fehler beim Anwenden von Sicherheitsinformationen auf: c:\program files(x86 )\... smartinstaller.exe Zugriff verweigert" ...und der Security scan sagt: "UNSUPPORTED OPERATING SYSTEM! ABORTED!" ... und hier die neueste Frst Log datei: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 07-11-2013 18:45:00
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Dell\PanelMgr\SSMMgr.exe
() C:\Windows\Dell\PanelMgr\caller64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(phonostar) C:\Program Files (x86)\phonostar-Player\phonostar.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\mstsc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\zipsendservice.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
() C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\Dell\Dell 2355dn Laser MFP\Dell-Scan-Manager\ScanMgr2.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] ()
HKU\user\...\Run: [phonostarTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [39936 2010-11-23] ()
HKU\user\...\Run: [phonostar-Player] - C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe [110592 2010-11-23] ()
HKU\user\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL =
SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL =
SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.11.11
Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178
Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44
Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28
Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.60 88.82.13.60
FireFox:
========
FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: gTranslator - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\jyboy.yy@gmail.com
FF Extension: New tab - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{5FE1FEC3-D2C0-BDA1-4982-F9508D4E6709}
FF Extension: webbooster - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
==================== Services (Whitelisted) =================
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation)
S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]
U2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]
==================== Drivers (Whitelisted) ====================
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-06] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131106.025\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131106.025\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-06] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-04] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U0 dmboot;
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 15:21 - 2013-11-07 15:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:32 - 2013-11-06 19:33 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:50 - 2013-11-06 17:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-06 13:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-06 13:09 - 2013-11-06 13:48 - 00000000 ____D C:\ComboFix
2013-11-06 12:55 - 2013-11-06 13:47 - 00000000 ____D C:\Qoobox
2013-11-06 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\nircmd.exe
2013-11-06 12:50 - 2013-11-06 13:43 - 00000000 ____D C:\Windows\erdnt
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:43 - 2013-11-07 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-05 19:50 - 2013-11-07 17:20 - 00024576 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
==================== One Month Modified Files and Folders =======
2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 18:39 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype
2013-11-07 18:38 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-07 18:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 18:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 17:20 - 2013-11-05 19:50 - 00024576 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-07 15:21 - 2013-11-07 15:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-07 15:20 - 2011-01-19 18:07 - 01583813 _____ C:\Windows\WindowsUpdate.log
2013-11-07 11:35 - 2013-11-06 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:55 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-06 19:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 19:54 - 2013-10-06 08:46 - 00001008 _____ C:\Windows\setupact.log
2013-11-06 19:54 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER
2013-11-06 19:33 - 2013-11-06 19:32 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 19:26 - 2013-03-08 16:41 - 00017834 _____ C:\Windows\PFRO.log
2013-11-06 19:26 - 2012-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:51 - 2013-11-06 17:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 17:44 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att
2013-11-06 16:22 - 2011-02-01 19:19 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Apps\2.0
2013-11-06 16:06 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-06 13:48 - 2013-11-06 13:09 - 00000000 ____D C:\ComboFix
2013-11-06 13:47 - 2013-11-06 12:55 - 00000000 ____D C:\Qoobox
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\TxR
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\systemprofile
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\RegBack
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\Journal
2013-11-06 13:47 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:43 - 2013-11-06 12:50 - 00000000 ____D C:\Windows\erdnt
2013-11-06 13:39 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-06 13:32 - 2013-03-05 20:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-06 13:32 - 2009-07-14 03:34 - 95944704 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 06553600 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-06 13:31 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 10:35 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify
2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe
2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj
2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-01 11:02 - 2010-04-26 14:06 - 00766754 _____ C:\Windows\system32\perfh007.dat
2013-11-01 11:02 - 2010-04-26 14:06 - 00174946 _____ C:\Windows\system32\perfc007.dat
2013-11-01 11:02 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 10:55 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 20:50 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP
2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-17 15:05 - 2013-10-04 10:17 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind
2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
Some content of TEMP:
====================
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-04 03:30
==================== End Of Log ============================
--- --- --- --- --- --- Probleme gibts schon viel weniger, Laden von Browser und Outlook dauert noch etwas aber alles in allem schon viel besser geworden .. ein "Zwischendanke" schon mal :-) |
|
08.11.2013, 10:22
| #8 |
| /// the machine /// TB-Ausbilder | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter U2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Räum mal den Autostart auf sodass nur das wichtigste startet.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.11.2013, 11:18
| #9 |
| | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs als erstes mal der Frst Fix: HTML-Code: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER at 2013-11-08 11:09:24 Run:1
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
U2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]
*****************
syshost32 => Service deleted successfully.
==== End of Fixlog ==== gespeichert im Download ordner kann es nicht gestartet werden, weil ich nicht die Berechtigung habe, und auf den Desktop runterladen kommt folgende Meldung: "C:\Users\USER_THIS_COMPUTER\Desktop\TFC.exe konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können. Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern." |
|
08.11.2013, 12:48
| #10 |
| /// the machine /// TB-Ausbilder | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.11.2013, 19:07
| #11 |
| | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs so, Rechner aufgeräumt, Autostart entrümpelt und Rechner läuft wieder ganz ok... Allerdings noch ein paar Fragen: 1. Auf allen Internetseiten wird andauernd werbung von "Iminent" angezeigt. ISt das normal oder ist noch was auf meinem Rechner, dass hier den Browser manipuliert? 2. das Starten des Rechners dauert immer noch ganz schön lange, als erstes nach der PAssworteingabe dauert es ewig, bis der Willkommen-Bildschirm weiterschaltet 3. Outlook und Browser starten dauert ewigkeiten... Gibt's sonst noch was zu tun? Gruß Claus |
|
09.11.2013, 17:52
| #12 |
| /// the machine /// TB-Ausbilder | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Browser komplett deinstalieren, keine DAten behalten, neu installieren. Dann bitte ein frisches FRST log, ich schau nochmal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.11.2013, 17:06
| #13 |
| | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs so, browser neu installiert, Werbung ist weg... hier das Protokoll von Frst FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2013
Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 10-11-2013 16:51:25
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Windows\Dell\PanelMgr\SSMMgr.exe
() C:\Windows\Dell\PanelMgr\caller64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Spotify.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\zipsendservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Dell\Dell 2355dn Laser MFP\Dell-Scan-Manager\ScanMgr2.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-11-09] (Spotify Ltd)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] ()
HKU\user\...\Run: [phonostarTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [39936 2010-11-23] ()
HKU\user\...\Run: [phonostar-Player] - C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe [110592 2010-11-23] ()
HKU\user\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL =
SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL =
SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178
Tcpip\..\Interfaces\{4DF21D34-FBE7-4122-AB66-3576694E31B1}: [NameServer]192.168.11.11
Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44
Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28
Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.60 88.82.13.60
FireFox:
========
FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\st6cnjni.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
==================== Services (Whitelisted) =================
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation)
S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]
S2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]
==================== Drivers (Whitelisted) ====================
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-07] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131109.006\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131109.006\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-06] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2013-11-08] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U0 dmboot;
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-10 16:50 - 2013-11-10 16:51 - 01957156 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-10 12:34 - 2013-11-10 12:35 - 00119344 _____ C:\Users\USER_THIS_COMPUTER\Downloads\https _www.google.de_.htm
2013-11-10 09:09 - 2013-11-10 09:09 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-10 09:09 - 2013-11-10 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-10 09:07 - 2013-11-10 09:07 - 23123208 _____ (Mozilla) C:\Users\USER_THIS_COMPUTER\Downloads\firefox_setup_25.0.exe
2013-11-08 19:42 - 2013-11-08 19:42 - 00021504 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Berechnung fehlender Wareneinsatz.xls
2013-11-08 17:32 - 2013-11-08 18:40 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-08 17:21 - 2013-11-08 17:21 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PACANB010-Microsoft-Windows-7-Professional-(64-bit).dat
2013-11-08 17:21 - 2013-11-08 17:21 - 00000000 ____D C:\RegBackup
2013-11-08 16:32 - 2013-11-08 16:32 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio
2013-11-08 16:26 - 2013-11-08 16:26 - 02804572 _____ C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio.zip
2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:32 - 2013-11-06 19:33 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:50 - 2013-11-06 17:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-06 13:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-06 13:09 - 2013-11-06 13:48 - 00000000 ____D C:\ComboFix
2013-11-06 12:55 - 2013-11-06 13:47 - 00000000 ____D C:\Qoobox
2013-11-06 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\nircmd.exe
2013-11-06 12:50 - 2013-11-06 13:43 - 00000000 ____D C:\Windows\erdnt
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:43 - 2013-11-10 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-05 19:50 - 2013-11-08 16:34 - 00025600 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
==================== One Month Modified Files and Folders =======
2013-11-10 16:52 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype
2013-11-10 16:51 - 2013-11-10 16:50 - 01957156 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-10 16:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 16:14 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify
2013-11-10 14:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-10 13:53 - 2010-04-26 14:06 - 00752892 _____ C:\Windows\system32\perfh007.dat
2013-11-10 13:53 - 2010-04-26 14:06 - 00170776 _____ C:\Windows\system32\perfc007.dat
2013-11-10 13:53 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 12:35 - 2013-11-10 12:34 - 00119344 _____ C:\Users\USER_THIS_COMPUTER\Downloads\https _www.google.de_.htm
2013-11-10 09:09 - 2013-11-10 09:09 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-10 09:09 - 2013-11-10 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-10 09:09 - 2013-11-06 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 09:07 - 2013-11-10 09:07 - 23123208 _____ (Mozilla) C:\Users\USER_THIS_COMPUTER\Downloads\firefox_setup_25.0.exe
2013-11-08 23:39 - 2011-01-24 10:30 - 00233120 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WpsHelper.sys
2013-11-08 19:42 - 2013-11-08 19:42 - 00021504 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Berechnung fehlender Wareneinsatz.xls
2013-11-08 19:16 - 2011-01-24 09:57 - 00064418 __RSH C:\ProgramData\ntuser.pol
2013-11-08 18:55 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 18:55 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 18:50 - 2013-10-06 08:46 - 00001176 _____ C:\Windows\setupact.log
2013-11-08 18:50 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-08 18:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 18:48 - 2011-01-24 11:57 - 00000000 ___RD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2013-11-08 18:48 - 2011-01-19 18:07 - 01696335 _____ C:\Windows\WindowsUpdate.log
2013-11-08 18:47 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-08 18:43 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-08 18:42 - 2013-03-08 16:41 - 00018186 _____ C:\Windows\PFRO.log
2013-11-08 18:40 - 2013-11-08 17:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-08 18:14 - 2009-07-14 03:34 - 00000535 _____ C:\Windows\win.ini
2013-11-08 17:21 - 2013-11-08 17:21 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PACANB010-Microsoft-Windows-7-Professional-(64-bit).dat
2013-11-08 17:21 - 2013-11-08 17:21 - 00000000 ____D C:\RegBackup
2013-11-08 16:34 - 2013-11-05 19:50 - 00025600 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-08 16:32 - 2013-11-08 16:32 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio
2013-11-08 16:32 - 2013-02-02 14:10 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\WinZip
2013-11-08 16:26 - 2013-11-08 16:26 - 02804572 _____ C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio.zip
2013-11-08 11:48 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:54 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER
2013-11-06 19:33 - 2013-11-06 19:32 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:51 - 2013-11-06 17:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 17:44 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att
2013-11-06 16:22 - 2011-02-01 19:19 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Apps\2.0
2013-11-06 16:06 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-06 13:48 - 2013-11-06 13:09 - 00000000 ____D C:\ComboFix
2013-11-06 13:47 - 2013-11-06 12:55 - 00000000 ____D C:\Qoobox
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\TxR
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\systemprofile
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\RegBack
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\Journal
2013-11-06 13:47 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:43 - 2013-11-06 12:50 - 00000000 ____D C:\Windows\erdnt
2013-11-06 13:39 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-06 13:39 - 2009-07-14 03:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_225
2013-11-06 13:32 - 2013-03-05 20:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-06 13:32 - 2009-07-14 03:34 - 95944704 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 06553600 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-06 13:31 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype
2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe
2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj
2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP
2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-17 15:05 - 2013-10-04 10:17 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind
2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
Some content of TEMP:
====================
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-10 00:49
==================== End Of Log ============================
--- --- --- nochmals kurz zur info: es dauert ungefähr eineinhalb minuten, bis der Willkommensbildschirm weg ist. dann ca. zweieinhalb minuten bis Outlook startklar ist und eine knappe Minute, bis Firefox geladen ist. ISt das Normal (alle Programme wurden nacheinander gestartet)? Gruß und besten Dank für die verständige Hilfe Claus |
|
10.11.2013, 19:52
| #14 |
| /// the machine /// TB-Ausbilder | keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs Taskmanager öffnen, auf den Reiter Autostart wechseln, alles deaktivieren was nit absolut notwendig ist.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs |
| bandoo, device driver, farbar, farbar recovery scan tool, flash player, hijack.startpage, homepage, ntdll.dll, plug-in, pup.fakeflash.domaiq, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bandoo.a, pup.optional.browserprotect.a, pup.optional.datamngr.a, pup.optional.datamngrcoordinator.a, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.musicboxtoolbar.a, pup.optional.searchqu, pup.optional.wajam.a, registry, richtlinie, services.exe, spotify web helper, svchost.exe, win32/injector.aonn, win32/spy.zbot.aau |
Linear-Darstellung
