| |
| |||||||
Log-Analyse und Auswertung: VPN Verbindung nicht möglich, dll ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.11.2014, 15:49
| #1 |
 |  VPN Verbindung nicht möglich, dll Probleme Hallo, es handelt sich hier um einen Rechner, der meiner Firma gehört. Ich arbeite zur Zeit damit im HomeOffice. Heute bzw schon am Freitag hatte ich Problem mich via VPN ins Firmennetz einzuwählen, am Freitag hab ich hin bekommen, heute keine Chance. Unser Admin hat das SFC Tool laufen lassen und das hat auch einige Dateien repariert, danach wollte ich den VPN Client neu installieren, leider ohne Erfolg, gleiches Verhalten kam wieder. Ich lies dann Malwarebyte Anti Malware laufen und der hat dann viel Malware und Trojaner gefunden. Ich doktere schon den ganzen Tag rum, bin gefrustet. Hilfe!!!!!! Deshalb hier der Mailware log: HTML-Code: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.11.2014 Suchlauf-Zeit: 13:06:23 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.24.05 Rootkit Datenbank: v2014.11.22.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: AGRTA Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 715237 Verstrichene Zeit: 34 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 19 Rootkit.Necurs.GO3, C:\WINDOWS\SYSTEM32\drivers\948c009beeecd7f2.sys, In Quarantäne, [c871e4545bcbf169108ea4da4b40ba92], Trojan.FakeMoz.ED, c:\Windows\Installer\{C24A7FD3-6800-1DC9-4755-21432632D727}\syshost.exe, Löschen bei Neustart, [6372c8764438a0967c6723bf4ab735cb], Backdoor.Agent.E, c:\ProgramData\syshost.exe, Löschen bei Neustart, [23b2c77789f3e84e1ab9143abc478e72], Backdoor.Agent.E, c:\Users\Default\AppData\Roaming\syshost.exe, Löschen bei Neustart, [7362a7976913c1756b68aba3b94a11ef], Backdoor.Agent.E, c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\syshost.exe, Löschen bei Neustart, [fadbff3fceae0036dcf7b19d659e9f61], Backdoor.Agent.E, c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\syshost.exe, Löschen bei Neustart, [459062dca2da171f13c0e06e0102827e], Backdoor.Agent.E, c:\Windows\System32\config\systemprofile\AppData\Roaming\syshost.exe, Löschen bei Neustart, [bc193e00d7a561d5399a3519f60d837d], Exploit.Drop.GS, c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\syshost.exe, Löschen bei Neustart, [09cc5de1c4b8dc5a95726d2b42c12dd3], Exploit.Drop.GS, c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\syshost.exe, Löschen bei Neustart, [993cf6485f1deb4b9f687e1a4fb4857b], Exploit.Drop.GS, c:\Windows\Temp\syshost.exe, Löschen bei Neustart, [7065bb83304c082ec740b5e3897a0bf5], Exploit.Drop.GSLAD, c:\Windows\ServiceProfiles\LocalService\AppData\Local\syshost.exe, Löschen bei Neustart, [f7de7fbfbbc10b2bc0408d0cc2419070], Exploit.Drop.GSLAD, c:\Windows\ServiceProfiles\NetworkService\AppData\Local\syshost.exe, Löschen bei Neustart, [a33288b6c1bb9d994eb206937d86e21e], Exploit.Drop.GSLAD, c:\Windows\System32\config\systemprofile\AppData\Local\syshost.exe, Löschen bei Neustart, [20b583bbcdafb086d828207926dd7d83], Exploit.Drop.GS, c:\Users\Default\syshost.exe, Löschen bei Neustart, [bd18c87698e438fe1b193663d42f56aa], Exploit.Drop.GS, c:\Users\Public\syshost.exe, Löschen bei Neustart, [eee7e9554f2d40f6c371adec748f9e62], Exploit.Drop.GS, c:\Windows\ServiceProfiles\LocalService\syshost.exe, Löschen bei Neustart, [7065201e304c2f07d163f7a230d32ed2], Exploit.Drop.GS, c:\Windows\ServiceProfiles\NetworkService\syshost.exe, Löschen bei Neustart, [cd081c22760663d3e54ffa9fda293ac6], Exploit.Drop.GS, c:\Windows\System32\config\systemprofile\syshost.exe, Löschen bei Neustart, [d401e5593745eb4b0c28efaa08fba060], Trojan.Downloader, c:\Windows\syshost.exe, Löschen bei Neustart, [1bba05396f0d0333ea141bc4f40fac54], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Der Defrogger sagte ich muß Admin sein, bin ich zwar aber der lief nicht korrekt denke ich Dann der FRST64 HTML-Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01 Ran by AGRTA (administrator) on MUCLB703 on 24-11-2014 14:49:02 Running from D:\Users\agrta\Desktop Loaded Profile: AGRTA (Available profiles: AGRTA & Administrator) Platform: Windows 7 Enterprise (X64) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe (Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FSSOMA.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (Avaya Inc.) C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe (MKS Software Inc.) C:\Windows\System32\nutsrv4.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (PTC Inc.) C:\Software\PTC Portmapper\i486_nt\obj\portmap.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (FrontRange Solutions Deutschland GmbH) C:\Program Files (x86)\NetInst\NiAiServ.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (Agfa ICS) C:\Program Files (x86)\Agfa\AgfaNiAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoJabberDriver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraShoreTelDriver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraNECDriver.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraMicrosoftLyncPresence.exe (GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSametimeDriver.exe (Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe (Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel(R) Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-09-22] (McAfee, Inc.) HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-10-22] (McAfee, Inc.) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [AgfaNiAgnt] => C:\Program Files (x86)\Agfa\AgfaNiAgent.exe [110592 2013-10-21] (Agfa ICS) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation) HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Software\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation) HKLM-x32\...\Run: [!IBM Notes Browser Plugin IE Registration] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults" /v notes /t REG_DWORD /d 2 /f HKLM-x32\...\Run: [IBM NBP Disable IE Popup Blocker] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1809 /t REG_DWORD /d 3 /f HKLM-x32\...\Run: [IBM NBP Disable IE Protected Mode] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2500 /t REG_DWORD /d 3 /f HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKLM\...\Policies\Explorer: [NoNetHood] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [Real Desktop] => "C:\Program Files (x86)\Real Desktop\Real Desktop.exe" HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] => 0 HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [HandleNetworkDrivesMUC] => wscript "C:\Program Files (x86)\Agfa\HandleNetworkDrivesMUC.vbs" HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [DellSystemDetect] => D:\Users\agrta\AppData\Local\Apps\2.0\70NZO9R7.TXT\0ZZT65DC.EXQ\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-18\...\Run: [PcSync] => C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.) AppInit_DLLs: c:\progra~2\netinst\niamh.dll => c:\Program Files (x86)\NetInst\NiAMH.dll [56464 2011-06-08] (FrontRange Solutions Deutschland GmbH) AppInit_DLLs: aminit32.dll => aminit32.dll File Not Found AppInit_DLLs: C:\PROGRA~2\NetInst\NiA64.dll => C:\Program Files (x86)\NetInst\Nia64.dll [51784 2011-06-08] (FrontRange Solutions Deutschland GmbH) AppInit_DLLs: AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [74576 2014-08-23] (Symantec Corporation) AppInit_DLLs-x32: C:\PROGRA~2\NETINST\NIAMH.DLL => C:\Program Files (x86)\NetInst\NiAMH.dll [56464 2011-06-08] (FrontRange Solutions Deutschland GmbH) AppInit_DLLs-x32: AMINIT32.DLL => "AMINIT32.DLL" File Not Found IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: D:\Users\agrta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk ShortcutTarget: Real Desktop.lnk -> C:\Program Files (x86)\Real Desktop\Real Desktop.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk ShortcutTarget: Bginfo.lnk -> C:\Program Files (x86)\Agfa\Bginfo.exe (Sysinternals) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jabra Device Service.lnk ShortcutTarget: Jabra Device Service.lnk -> C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe (GN Netcom A/S) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-3511276778-1135513112-1489944413-4718] => Internet Explorer proxy is enabled. HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/webhp?hl=de HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intra.agfanet/ HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3511276778-1135513112-1489944413-4718 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) BHO: IBM Notes Browser Plug-in -> {0E9EF4E6-4BF5-4350-95B6-EEB88E105783} -> C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho64.dll (IBM Corp) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) BHO-x32: IBM Notes Browser Plug-in -> {0E9EF4E6-4BF5-4350-95B6-EEB88E105783} -> C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho.dll (IBM Corp) BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Avaya one-X® Click-to-Dial Add-on -> {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} -> C:\Program Files (x86)\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll (Avaya Inc.) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) Toolbar: HKU\S-1-5-21-3511276778-1135513112-1489944413-4718 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File DPF: HKLM {82DBCFDB-5658-4CFB-B32B-0828247043C0} hxxp://pdmtrn01.be.local/Windchill/wtcore/jsp/wvs/download/x86e_win64_ie/pvvercheck_ie.cab DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mail.agfa.net/+CSCOL+/csvrloader32.cab DPF: HKLM-x32 {3605B612-C3CF-4AB4-A426-2D853391DB2E} hxxp://morswh015.agfahealthcare.com:8080/qcbin/capicom.dll DPF: HKLM-x32 {41520880-8342-3431-3684-140032321000} https://livelink.agfa.net/Livelink/livelink.exe?func=webdav.webdavxpi&filename=otdavview101.cab DPF: HKLM-x32 {C3CBFE35-9BE8-11D1-B31B-006008948294} hxxp://aquire-codebase.vipasuite.com/codebase91/OrgPubX.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {F53270D3-0E32-48B7-B63B-159E33210F70} https://livelink.agfa.net/img/webedit/lledit.cab DPF: HKLM-x32 {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} hxxp://pdmapp01.be.local/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab DPF: HKLM-x32 {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} hxxp://morswh015.agfahealthcare.com:8080/qcbin/Spider10.cab Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: notes - {D10B24B3-B653-4E94-ABAF-B4FA22F2E4EA} - C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho64.dll (IBM Corp) Handler-x32: notes - {D10B24B3-B653-4E94-ABAF-B4FA22F2E4EA} - C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho.dll (IBM Corp) Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 14 C:\Windows\SysWOW64\nutafun4.dll [164232] (MKS Software Inc.) Winsock: Catalog9 15 C:\Windows\SysWOW64\nutafun4.dll [164232] (MKS Software Inc.) Winsock: Catalog9-x64 14 %SystemRoot%\system32\nutafun4.dll [205624] (MKS Software Inc.) Winsock: Catalog9-x64 15 %SystemRoot%\system32\nutafun4.dll [205624] (MKS Software Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default FF SelectedSearchEngine: Google FF Homepage: hxxp://intra.agfanet FF NetworkProxy: "autoconfig_url", "hxxp://proxy-pac.ict:3132/" FF NetworkProxy: "backup.ftp", "proxy.ict" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "proxy.ict" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "proxy.ict" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "proxy.ict" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "proxy.ict" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "*.Smartpipes.Net,*.esm.uu.Net,*.Xapps.ops.us.uu.net,*.Worldcom.Net,*.mci.Net,pbk.mci.com,esmws1.mci.Com,*.agfa.be,*.local,*.agfanet,172.25.*.*,192.168.*.*,10.*.*.*,*.mitra.com,*.gwi-ag.com,*.gwi.fr,*.med.agfa.be,*.he.agfa.be,*.gandinnovations.com,*.jetiprinters.com,*.agfainkjet.com,epm.agfa.net,epm-reports.agfa.net,he-epm-europe.agfa.net,jenkins*.agfahealthcare.com,orbis-maven.agfahealthcare.com,trr*.agfahealthcare.com" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "proxy.ict" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "proxy.ict" FF NetworkProxy: "ssl_port", 8080 FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\MSCREATE.DIR FF Extension: RadioTotal1 - D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5} [2014-11-14] FF Extension: Creo View Version Checker - D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default\Extensions\{51154b97-c607-43f0-ad88-dda01a32a1e3} [2014-11-12] FF Extension: Easy Youtube Video Downloader Express - D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-01-01] FF HKLM-x32\...\Firefox\Extensions: [{A0CBD44F-4031-4796-AFA8-6AD0FBE6BFED}] - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\Firefox FF Extension: Avaya Extension - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\Firefox [2014-10-07] FF HKLM-x32\...\Firefox\Extensions: [IBMNotesBrowserExtension@ibm.com] - C:\Program Files (x86)\IBM\Lotus\Notes\mozilla FF Extension: IBM Notes Browser Plug-in Extension - C:\Program Files (x86)\IBM\Lotus\Notes\mozilla [2014-10-22] FF Extension: No Name - IBMNotesBrowserExtension@ibm.com [Not Found] Chrome: ======= CHR Profile: D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01] CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-16] CHR Extension: (Google Wallet) - D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [314088 2014-08-14] (Symantec Corporation) R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2966248 2014-08-14] (Symantec Corporation) S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [630504 2014-08-14] (Symantec Corporation) R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.) S3 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [210424 2010-08-05] (FrontRange Solutions Deutschland GmbH) R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [86034 2013-04-25] (Fortinet Inc.) [File not signed] R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [5167208 2014-08-04] (IBM) R2 IBM Notes Single Logon; C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe [57448 2013-10-15] (IBM Corp) R2 iClarityQoSService; C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe [1657112 2013-09-06] (Avaya Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation) R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp) R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [19720 2009-10-22] (McAfee, Inc.) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-09-22] (McAfee, Inc.) R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [178920 2009-10-22] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66896 2009-10-22] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2009-10-22] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] () R3 NIAIServ; C:\Program Files (x86)\NetInst\NiAiServ.exe [208024 2011-06-08] (FrontRange Solutions Deutschland GmbH) S2 NiExServ; C:\Program Files (x86)\NetInst\NiExServ.exe [199832 2011-06-08] (FrontRange Solutions Deutschland GmbH) R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.) R2 PortmapperService; C:\Software/PTC Portmapper/i486_nt/obj/portmap.exe [710144 2013-11-27] (PTC Inc.) [File not signed] S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) [File not signed] R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-04-30] (VMware, Inc.) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-12-11] (Broadcom Corporation.) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-24] (Emsisoft GmbH) S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2013-02-27] (Intel(R) Corporation) [File not signed] S3 mdf16; D:\Users\agrta\AppData\Local\Temp\mdf16.sys [20400 2014-03-05] () R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2009-10-22] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [119968 2009-10-22] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469144 2009-10-22] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [77104 2009-10-22] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83784 2009-10-22] (McAfee, Inc.) S3 mvd23; D:\Users\agrta\AppData\Local\Temp\mvd23.sys [99248 2014-03-05] () S3 nmwcdsacjx64; C:\Windows\System32\drivers\nmwcdsacjx64.sys [17408 2007-05-02] (Nokia) S3 nmwcdsacx64; C:\Windows\System32\drivers\nmwcdsacx64.sys [12288 2007-05-02] (Nokia) S3 nmwcdsax64; C:\Windows\System32\drivers\nmwcdsax64.sys [171008 2007-05-02] (Nokia) R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjxpx64.sys [74656 2011-01-04] (O2Micro ) R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31344 2012-04-30] (VMware, Inc.) R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-24 14:49 - 2014-11-24 14:49 - 00028876 _____ () D:\Users\agrta\Desktop\FRST.txt 2014-11-24 14:48 - 2014-11-24 14:49 - 00000000 ____D () C:\FRST 2014-11-24 14:48 - 2014-11-24 14:48 - 02118144 _____ (Farbar) D:\Users\agrta\Desktop\FRST64.exe 2014-11-24 14:43 - 2014-11-24 14:42 - 00380416 _____ () D:\Users\agrta\Desktop\2w57m171.exe 2014-11-24 14:42 - 2014-11-24 14:38 - 00050477 _____ () D:\Users\agrta\Desktop\Defogger.exe 2014-11-24 13:57 - 2014-11-24 13:57 - 00000677 _____ () D:\Users\agrta\Desktop\Start Emsisoft Emergency Kit.lnk 2014-11-24 13:57 - 2014-11-24 13:57 - 00000000 ____D () C:\EEK 2014-11-24 13:43 - 2014-11-24 13:43 - 00003284 _____ () C:\mbm.txt 2014-11-24 12:35 - 2014-11-24 13:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-24 12:35 - 2014-11-24 12:35 - 00000984 _____ () D:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-24 12:35 - 2014-11-24 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-24 12:35 - 2014-11-24 12:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-24 12:35 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-24 12:35 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-24 12:35 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-24 12:00 - 2014-11-24 12:00 - 00000000 ____D () C:\Windows\467D5E81834948929E81C3674ED8E451.TMP 2014-11-24 11:52 - 2011-04-28 04:58 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2014-11-24 11:52 - 2011-04-28 04:58 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS 2014-11-24 11:52 - 2009-07-14 02:52 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys 2014-11-24 11:52 - 2009-07-14 02:52 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys 2014-11-24 11:52 - 2009-07-14 02:48 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys 2014-11-24 11:52 - 2009-07-14 02:48 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys 2014-11-24 11:52 - 2009-07-14 02:48 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys 2014-11-24 11:52 - 2009-07-14 02:48 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys 2014-11-24 11:52 - 2009-07-14 02:47 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2014-11-24 11:52 - 2009-07-14 02:45 - 00294992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-11-24 11:52 - 2009-07-14 02:45 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys 2014-11-24 11:52 - 2009-07-14 02:45 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys 2014-11-24 11:52 - 2009-07-14 02:45 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys 2014-11-24 11:52 - 2009-07-14 02:45 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys 2014-11-24 11:52 - 2009-07-14 02:01 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-11-24 11:52 - 2009-07-14 01:38 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys 2014-11-24 11:52 - 2009-07-14 01:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys 2014-11-24 11:52 - 2009-07-14 01:07 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys 2014-11-24 11:52 - 2009-07-14 01:07 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-11-24 11:52 - 2009-07-14 01:07 - 00184576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-24 11:52 - 2009-07-14 01:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-11-24 11:52 - 2009-07-14 01:06 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2014-11-24 11:52 - 2009-07-14 01:00 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2014-11-24 11:52 - 2009-07-14 01:00 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys 2014-11-24 11:52 - 2009-07-14 01:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys 2014-11-24 11:52 - 2009-07-14 01:00 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys 2014-11-24 11:52 - 2009-07-14 01:00 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys 2014-11-24 11:52 - 2009-07-14 00:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys 2014-11-24 11:52 - 2009-07-14 00:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys 2014-11-24 11:52 - 2009-07-14 00:31 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys 2014-11-24 11:52 - 2009-07-14 00:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys 2014-11-24 11:52 - 2009-07-14 00:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys 2014-11-24 11:52 - 2009-07-14 00:19 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys 2014-11-24 11:52 - 2009-07-14 00:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2014-11-24 11:26 - 2014-11-24 11:27 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF 2014-11-24 09:05 - 2014-11-24 09:05 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\Oracle 2014-11-24 09:05 - 2014-11-24 09:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-11-24 09:04 - 2014-11-24 09:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-11-24 09:04 - 2014-11-24 09:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-11-24 09:04 - 2014-11-24 09:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-12 09:50 - 2014-11-24 14:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-12 09:50 - 2014-11-24 14:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 09:50 - 2014-11-16 10:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-12 09:50 - 2014-11-16 10:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-10 12:30 - 2014-11-10 12:30 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-11-10 12:30 - 2014-11-10 12:30 - 00001908 _____ () C:\Windows\diagerr.xml 2014-11-06 14:05 - 2014-11-06 14:05 - 00000000 ____D () D:\Users\agrta\Documents\20141106-DRP Procedure Concept_Demo_Info(1805053632) 2014-11-05 11:00 - 2014-11-05 11:00 - 00000168 _____ () D:\Users\agrta\Desktop\Document Details - CS110760.url 2014-11-05 10:42 - 2014-11-05 10:42 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Adobe 2014-11-05 10:37 - 2014-11-05 10:37 - 00001089 _____ () D:\Users\ar_agrta\Documents\_Data.lnk 2014-11-05 10:37 - 2014-11-05 10:37 - 00000738 _____ () D:\Users\ar_agrta\Desktop\Windows Explorer.lnk 2014-11-05 10:37 - 2014-11-05 10:37 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Go_Online 2014-11-05 10:34 - 2014-11-05 10:34 - 00100208 _____ () D:\Users\ar_agrta\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-05 10:34 - 2014-11-05 10:34 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Creative 2014-11-05 10:34 - 2014-11-05 10:34 - 00000000 ____D () D:\Users\ar_agrta\AppData\Local\GN_Netcom_A_S 2014-11-05 10:33 - 2014-11-05 10:33 - 00001303 _____ () D:\Users\ar_agrta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-05 10:33 - 2014-11-05 10:33 - 00001281 _____ () D:\Users\ar_agrta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-11-05 10:33 - 2014-11-05 10:33 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Intel 2014-11-05 10:33 - 2014-11-05 10:33 - 00000000 ____D () D:\Users\ar_agrta\AppData\Local\Google 2014-11-04 15:53 - 2014-11-04 15:53 - 00001584 _____ () D:\Users\agrta\.recently-used.xbel 2014-11-02 11:17 - 2014-11-02 11:17 - 00283952 _____ () C:\Windows\Minidump\110214-22885-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-24 14:49 - 2013-02-05 16:38 - 00000000 ____D () C:\TEMP 2014-11-24 14:44 - 2013-02-22 11:49 - 00000000 ____D () C:\ProgramData\VMware 2014-11-24 14:44 - 2013-02-06 07:06 - 00262914 _____ () C:\SUService.log 2014-11-24 14:44 - 2013-02-05 16:42 - 00150316 _____ () C:\Windows\PFRO.log 2014-11-24 14:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-24 14:44 - 2009-07-14 05:51 - 00006468 _____ () C:\Windows\setupact.log 2014-11-24 14:43 - 2013-02-13 08:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-24 14:43 - 2013-02-05 16:28 - 01054962 _____ () C:\Windows\WindowsUpdate.log 2014-11-24 14:43 - 2009-07-14 06:13 - 00796846 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-24 13:53 - 2009-07-14 05:45 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-24 13:53 - 2009-07-14 05:45 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-24 13:46 - 2013-02-18 15:55 - 00000000 ____D () D:\Users\agrta\AppData\Local\PasswordSafe 2014-11-24 13:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins 2014-11-24 12:18 - 2013-12-03 10:59 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\Skype 2014-11-24 12:07 - 2013-02-05 17:57 - 00001615 _____ () C:\Windows\VPNInstall.MIF 2014-11-24 11:27 - 2013-02-05 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agfa 2014-11-24 11:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-24 09:05 - 2013-12-06 10:16 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-21 15:17 - 2013-02-05 16:43 - 00001088 _____ () C:\Windows\system32\config\netlogon.ftl 2014-11-21 15:02 - 2013-08-23 07:24 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-11-21 15:02 - 2013-02-06 06:58 - 00000000 ____D () D:\Users\agrta 2014-11-21 14:56 - 2013-02-05 16:38 - 00000000 ____D () C:\Windows\Agfa 2014-11-21 09:38 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-20 10:47 - 2013-02-07 09:55 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\TightVNC 2014-11-19 10:19 - 2013-02-05 16:46 - 00000000 ____D () C:\Program Files (x86)\NetInst 2014-11-13 06:56 - 2013-02-06 08:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-12 09:51 - 2014-10-16 07:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-12 09:51 - 2014-07-01 12:50 - 00002057 _____ () D:\Users\Public\Desktop\Google Chrome.lnk 2014-11-12 09:51 - 2013-02-06 08:16 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-10 12:30 - 2009-07-14 05:51 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-07 13:53 - 2013-10-15 07:14 - 00002060 ____H () D:\Users\agrta\Documents\Default.rdp 2014-11-05 15:58 - 2013-02-06 11:08 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\webex 2014-11-05 15:58 - 2013-02-06 10:18 - 00000000 ____D () C:\ProgramData\WebEx 2014-11-05 14:35 - 2012-04-27 10:06 - 00000000 ____D () C:\AgfaStTraining 2014-11-05 10:37 - 2013-02-12 09:53 - 00000146 ___SH () D:\Users\ar_agrta\ntuser.ini 2014-11-05 10:37 - 2013-02-12 09:53 - 00000000 ____D () D:\Users\ar_agrta 2014-11-05 10:33 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-11-05 10:05 - 2013-02-06 15:27 - 00000000 ____D () D:\Users\agrta\Documents\Snagit 2014-11-04 15:57 - 2013-07-24 14:15 - 00000000 ____D () D:\Users\agrta\.gimp-2.6 2014-11-04 15:20 - 2013-12-02 21:16 - 00000119 _____ () D:\Users\Public\Documents\std.out 2014-11-04 15:20 - 2013-11-28 08:13 - 00000112 _____ () D:\Users\Public\Documents\std.err 2014-11-02 11:17 - 2013-05-21 21:41 - 913669225 _____ () C:\Windows\MEMORY.DMP 2014-11-02 11:17 - 2013-05-21 21:41 - 00000000 ____D () C:\Windows\Minidump 2014-10-31 07:37 - 2013-08-14 12:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-10-31 07:37 - 2013-08-14 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-10-30 14:18 - 2013-09-25 10:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-30 14:15 - 2013-08-14 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-10-30 13:25 - 2013-02-06 08:07 - 00000000 ____D () C:\Signature 2014-10-28 13:54 - 2013-02-13 08:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-28 13:54 - 2013-02-13 08:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-28 13:54 - 2013-02-05 17:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\eDViewer.exe Some content of TEMP: ==================== D:\Users\agrta\AppData\Local\Temp\3wdteqo1.dll D:\Users\agrta\AppData\Local\Temp\5pz0fnkm.dll D:\Users\agrta\AppData\Local\Temp\atgpcdec.dll D:\Users\agrta\AppData\Local\Temp\cso2llle.dll D:\Users\agrta\AppData\Local\Temp\csvrelay32.dll D:\Users\agrta\AppData\Local\Temp\csvrelay64.dll D:\Users\agrta\AppData\Local\Temp\fbx15e1o.dll D:\Users\agrta\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe D:\Users\agrta\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe D:\Users\agrta\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe D:\Users\agrta\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe D:\Users\agrta\AppData\Local\Temp\Portable SecretZone.exe D:\Users\agrta\AppData\Local\Temp\SAP_AGFA_730_20131007_1613.exe D:\Users\s6_amywi\AppData\Local\Temp\InstallAX.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 10:25 ==================== End Of Log ============================ [HTML] Danach GMER HTML-Code: GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-24 15:08:12 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0005 465,76GB Running: 2w57m171.exe; Driver: D:\Users\agrta\AppData\Local\Temp\fwloypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Program Files (x86)\Fortinet\FortiClient\FSSOMA.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\Fortinet\FortiClient\FSSOMA.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[2244] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[2244] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Software\PTC Portmapper\i486_nt\obj\portmap.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Software\PTC Portmapper\i486_nt\obj\portmap.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000716e13c6 2 bytes [6E, 71] .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000716e13f6 2 bytes [6E, 71] .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000716e14ad 2 bytes [6E, 71] .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000716e14db 2 bytes [6E, 71] .text ... * 2 .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 00000000716e1577 2 bytes [6E, 71] .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000716e15d7 2 bytes [6E, 71] .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 00000000716e1794 2 bytes [6E, 71] .text C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000716e18c1 2 bytes [6E, 71] .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Windows\SysWOW64\RunDll32.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe[6168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe[6168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe[4980] C:\Windows\syswow64\kernel32.dll!UnhandledExceptionFilter 0000000076f49775 16 bytes JMP 000000010031e980 .text C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 .text D:\Users\agrta\Desktop\2w57m171.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077651465 2 bytes [65, 77] .text D:\Users\agrta\Desktop\2w57m171.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776514bb 2 bytes [65, 77] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[2400] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [140006aa8] C:\Windows\system32\mfevtps.exe IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\slc.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\slc.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\slc.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExW] [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SXS.DLL[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryExA] [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryW] [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!GetProcAddress] [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\imagehlp.dll[KERNEL32.dll!LoadLibraryA] [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543500ef2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543500ef2 (not active ControlSet) ---- EOF - GMER 2.1 ---- Thomas |
|
24.11.2014, 15:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | VPN Verbindung nicht möglich, dll Probleme Hi,
__________________Zitat:
__________________ |
|
24.11.2014, 16:14
| #3 |
| | VPN Verbindung nicht möglich, dll Probleme Danke für die schnelle Antwort, das hab ich mir schon gedacht, ich komme nur diese Woche nicht mehr dazu und soll doch noch von Zuhause arbeiten, kann man das die Woche nicht mehr, ich sag mal notdürftig kitten?
__________________ |
|
24.11.2014, 23:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | VPN Verbindung nicht möglich, dll Probleme Keine Bereinigung kann dir garantieren, dass das VPN danach vernünftig wieder läuft Du kommst eh nicht drum herum die Kiste neu aufsetzen zu lassen also mach es gleich
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.11.2014, 08:59
| #5 |
| | VPN Verbindung nicht möglich, dll Probleme Hi dank Euch, die VPN läuft wieder, warum auch immer. Natürlich werde ich die Kiste neu aufsetzen lassen, danke nochmal |
|
25.11.2014, 09:25
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | VPN Verbindung nicht möglich, dll Probleme Du solltest wirklich nicht allzu lange warten...  Lesestoff:Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ --> VPN Verbindung nicht möglich, dll Probleme |
|
25.11.2014, 13:26
| #7 |
| | VPN Verbindung nicht möglich, dll Probleme Hi wenn ich Malwarebytes Anti Malware laufen lasse, dann findet er nix mehr. Ist der Backdoor Schädling jetzt weg? Kann ich noch was checken? |
|
25.11.2014, 16:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | VPN Verbindung nicht möglich, dll Probleme Nein so einfach ist die Welt nicht...wenn es so einfach wäre, würde das TB ziemlich sinnfrei sein Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu VPN Verbindung nicht möglich, dll Probleme |
| backdoor.agent.e, browser, exploit.drop.gs, exploit.drop.gslad, explorer, flash player, google, homepage, iexplore.exe, neustart, rootkit.necurs.go3, schutz, services.exe, software, svchost.exe, symantec, trojan.downloader, trojan.fakemoz.ed, trojaner, windows, wscript |
Linear-Darstellung
