Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.11.2013, 12:15   #1
Entrepreneur
 
keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Hallo Experten,
seit einiger Zeit wird mein Rechner verdächtig langsam, schaltet Anti Virensoftware ab verzägert eingaben bei google. Ich vermutete, dass das am instalierten "Ask Toolkit" lag und wollte dies installieren. Da erhielt ich die folgende Meldung:
"Sie verfügen nicht über ausreichend berechtigung, um Ask Toolbar updater zu deinstalieren..."

Daraufhin wurden diverse Scans wie empfohlen durchgeführt, hier das ergebnis:

1. defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:38 on 06/11/2013 (XXXUSER)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

2. First:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 06-11-2013 11:40:28
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
() C:\Windows\Dell\PanelMgr\SSMMgr.exe
() C:\Windows\Dell\PanelMgr\caller64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
HKCU\...\Run: [Neuer Wert #1] - [x]
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: {5ffc578e-d812-11e2-82ad-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {5ffc5797-d812-11e2-82ad-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {74e61dd7-865b-11e2-82fa-e839df859bb5} - E:\LaunchU3.exe -a
MountPoints2: {8fc838f8-faf4-11e2-9a46-b482fe9d386c} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] ()
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL c:\progra~2\musict~1\datamngr\x64\mgrldr.dll [8704 2013-09-22] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL c:\progra~2\musict~1\datamngr\mgrldr.dll [18432 2013-10-13] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browsemngr.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browsermngr.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IMEO\cltmngsvc.exe: [Debugger] tasklist.exe
IMEO\delta babylon.exe: [Debugger] tasklist.exe
IMEO\delta tb.exe: [Debugger] tasklist.exe
IMEO\delta2.exe: [Debugger] tasklist.exe
IMEO\deltainstaller.exe: [Debugger] tasklist.exe
IMEO\deltasetup.exe: [Debugger] tasklist.exe
IMEO\deltatb.exe: [Debugger] tasklist.exe
IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IMEO\iminentsetup.exe: [Debugger] tasklist.exe
IMEO\rjatydimofu.exe: [Debugger] tasklist.exe
IMEO\sweetimsetup.exe: [Debugger] tasklist.exe
IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [485376 2013-10-13] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [657920 2013-10-13] () <===== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/102?appid=100
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ts.fujitsu.com/index2
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKCU - DefaultScope {DD2F7462-4D17-4CEB-A83D-A787C2076C88} URL = hxxp://www.bing.com/search?q={searchTerms}&r=100
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=56EA4A0F6E742F73
SearchScopes: HKCU - {726D6F83-8A31-4436-99AB-864BC23EEBDB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=AACB7B16-65BE-4BD0-98C3-E788386DBD3E&apn_sauid=6D88DA0B-A73F-48DE-A33D-33630C6D8979
SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=102&apn_uid=4104496122144376&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKCU - {DD2F7462-4D17-4CEB-A83D-A787C2076C88} URL = hxxp://www.bing.com/search?q={searchTerms}&r=100
SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178
Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44
Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28
Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.28 88.82.13.28

FireFox:
========
FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default
FF user.js: detected! => C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\user.js
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10646A&gct=hp&d=102-100&v=a9659-142&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=102&v=a9659-142&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=4104496122144376&o=APN10646&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bandoo for Firefox - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\ffox@bandoo.com
FF Extension: Delta Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\ffxtlbr@delta.com
FF Extension: gTranslator - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\jyboy.yy@gmail.com
FF Extension: New tab - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{5FE1FEC3-D2C0-BDA1-4982-F9508D4E6709}
FF Extension: Search-Results Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}
FF Extension: Searchqu Toolbar - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: webbooster - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com

==================== Services (Whitelisted) =================

R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3422720 2013-10-13] (Bandoo Media Inc.)
S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation)
S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]
S2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]

==================== Drivers (Whitelisted) ====================

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-06] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.002\ENG64.SYS [126040 2013-11-06] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.002\EX64.SYS [2099288 2013-11-06] (Symantec Corporation)
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-10-04] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U0 dmboot;
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000474 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-10-30 20:35 - 2013-10-30 23:23 - 00000000 ____D C:\Program Files (x86)\a2zLyrics-16
2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-21 22:59 - 2013-11-06 11:34 - 00000000 ____D C:\ProgramData\Datamngr
2013-10-21 22:59 - 2013-10-21 22:59 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind

==================== One Month Modified Files and Folders =======

2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000474 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:38 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-06 11:34 - 2013-10-21 22:59 - 00000000 ____D C:\ProgramData\Datamngr
2013-11-06 11:23 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 11:23 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 11:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 11:18 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 11:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-06 11:14 - 2013-10-06 08:46 - 00000840 _____ C:\Windows\setupact.log
2013-11-06 11:14 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-06 11:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 11:04 - 2011-01-19 18:07 - 01504004 _____ C:\Windows\WindowsUpdate.log
2013-11-06 10:35 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify
2013-11-06 09:54 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-06 00:31 - 2013-10-01 01:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify
2013-11-05 17:50 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-05 06:48 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att
2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe
2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj
2013-11-01 15:36 - 2013-03-08 16:41 - 00010588 _____ C:\Windows\PFRO.log
2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-01 11:02 - 2010-04-26 14:06 - 00766754 _____ C:\Windows\system32\perfh007.dat
2013-11-01 11:02 - 2010-04-26 14:06 - 00174946 _____ C:\Windows\system32\perfc007.dat
2013-11-01 11:02 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 10:55 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 23:23 - 2013-10-30 20:35 - 00000000 ____D C:\Program Files (x86)\a2zLyrics-16
2013-10-30 20:50 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP
2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-10-21 23:46 - 2013-10-21 23:46 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-21 23:00 - 2013-05-23 17:59 - 00000000 ____D C:\ProgramData\Wincert
2013-10-21 22:59 - 2013-10-21 22:59 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-10-21 22:59 - 2013-05-23 17:58 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind
2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind

Files to move or delete:
====================
C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll


Some content of TEMP:
====================
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\BEB3.tmp.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Delta.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\DeltaTB.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\MybabylonTB.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\propsys.dll
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\WSSetup.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is4BF1.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is8E9B.exe
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\_is9EA2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-04 03:30

==================== End Of Log ============================

3. Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER at 2013-11-06 11:41:25
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

39703 x64 (x32 Version: 1.00.0000)
64 Bit HP CIO Components Installer (Version: 7.2.5)
7-Zip 4.42 (x32)
Adobe AIR (x32 Version: 3.3.0.3650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.3) - Deutsch (x32 Version: 10.1.3)
Allzeit Atomzeit 2.00 (x32 Version: 2.00)
Anviz Zeiter fassungs system (x32)
Ask Toolbar Updater (HKCU Version: 1.2.4.36191)
B1315AppGuid (x32 Version: 1.0.0)
Bluetooth Feature Pack 5.0 (Version: 5.0.14)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0)
Canon Utilities EOS Sample Music (x32 Version: 1.0.0.204)
Canon Utilities EOS Utility (x32 Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
CCleaner (Version: 3.27)
Common Desktop Agent (Version: 1.62.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6514.5001)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001)
Crystal Reports Runtime XI (x32 Version: 1.0.9)
CyberLink YouCam (x32 Version: 3.0.1908.7636)
DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0)
DATEV Installation V.3.0 (x32)
Dell 2355dn Laser MFP Software-Deinstallation (x32)
Dell Driver Download Manager (HKCU Version: 3.0.0.0)
DeskUpdate 4.11 (x32 Version: 4.11.0074)
DFL2010 ConfigDB (x32 Version: 4.16.3241.0)
DFL2010 Microkernel (x32 Version: 4.16.3241.0)
Evernote v. 4.5.6 (x32 Version: 4.5.6.6884)
FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2)
FreePDF (Remove only) (x32)
Fujitsu Display Manager (Version: 7.01.00.210)
Fujitsu Display Manager (x32 Version: )
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000)
Fujitsu MobilityCenter Extension Utility (x32 Version: )
Fujitsu System Extension Utility (Version: 3.1.1.0)
Fujitsu System Extension Utility (x32)
GeoGebra 4 (HKCU)
GoToMeeting 5.0.0.802 (HKCU Version: 5.0.0.802)
GPL Ghostscript 9.00 (x32)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Java Auto Updater (x32 Version: 2.0.7.2)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Junk Mail filter update (x32 Version: 14.0.8117.416)
jZip (HKCU Version: 2.0.0.132700)
LifeBook Application Panel (Version: 8.1.0.0)
LifeBook Application Panel (x32)
LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.92)
Market Samurai (x32 Version: 0.88.74)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft MapPoint Europa 2006 (x32 Version: 13.00.18.1200)
Microsoft Office Outlook 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.5614.0)
Microsoft Office Project Professional 2003 (x32 Version: 11.0.5614.0)
Microsoft Office Visio Professional 2003 (x32 Version: 11.0.3216.5614)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Browser (x32 Version: 10.51.2500.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XML Parser (x32 Version: 8.70.1104.04)
Mobile Connection Manager (x32)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Optimizer Pro v3.1 (x32 Version: 3.1)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3)
phonostar-Player Version 3.02.0 (x32)
Power Saving Utility (Version: 31.01.11.013)
Power Saving Utility (x32)
Rapport (x32 Version: 3.5.1302.61)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087)
RedMon - Redirection Port Monitor
Samsung Kies (x32 Version: 2.0.0.11011_16)
Samsung OCR Software (x32 Version: 1.00.05 (10.07.2012))
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.1800.0)
Scan Manager (x32 Version: 0.00.0013)
Screen Sharing Plug-in (x32 Version: 2.0.4)
Search-Results Toolbar (x32 Version: 1.2.0.0)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.9 (x32 Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.169.gc0399df6)
Spybot - Search & Destroy (x32 Version: 2.0.12)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SQLXML4 (Version: 9.00.5000.00)
Symantec Endpoint Protection-Client (Version: 12.0.1001.95)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
SystemDiagnostics (x32 Version: 3.02.0010)
TeamViewer 8 (x32 Version: 8.0.20202)
Trusteer Endpunkt-Sicherheit (x32 Version: 3.5.1302.61)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Vodafone Mobile Broadband (x32 Version: 10.3.209.40724)
WebEx (x32)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows-Treiberpaket - Prolific (Ser2pl) Ports (02/12/2007 3.0.1.0) (Version: 02/12/2007 3.0.1.0)
WinZip 17.0 (x32 Version: 17.0.10283)
Wireless Selector (Version: 4.01.00.101)
Wireless Selector (x32 Version: )
XMind 2012 (v3.3.1) (x32 Version: 3.3.1.201212250029)
ZTE USB Driver (Version: 1.0.1.25_TME)

==================== Restore Points =========================

18-09-2013 16:37:10 Installiert InstallShield Wiederherstellungspunkt
18-09-2013 16:37:42 Installiert InstallShield Wiederherstellungspunkt
18-09-2013 16:39:59 Installiert InstallShield Wiederherstellungspunkt
18-09-2013 16:40:05 Installiert InstallShield Wiederherstellungspunkt
18-09-2013 16:41:26 Installiert Scan Manager
04-10-2013 09:15:56 Installed Rapport
04-10-2013 09:19:27 Entfernt Symantec Endpoint Protection-Client.
11-10-2013 13:59:07 Geplanter Prüfpunkt
24-10-2013 08:18:57 Geplanter Prüfpunkt
28-10-2013 22:33:02 Windows Defender Checkpoint
30-10-2013 19:54:20 Windows Defender Checkpoint
01-11-2013 10:04:36 Windows Defender Checkpoint

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-28 10:15 - 00004933 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {2745DF4E-5ACE-4374-93C7-2FB2A028E5A5} - System32\Tasks\{A5B6A56F-0432-4E8D-8BB9-D1B2EA954A3A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {52572393-265E-48C3-8012-ADA9F405F1E0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {634FC067-13FB-4E2C-9AC3-4D32416D6CF1} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {8028141C-C89F-4EF3-B6B0-029C55F72207} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {9B114685-E0B2-4743-A00D-186B3B5DAAB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {9E4AD570-3783-4778-9831-B6C06C0DF9FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-21 22:59 - 2013-10-13 09:51 - 00657920 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-21 22:59 - 2013-10-13 09:50 - 00018432 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll
2013-10-21 22:59 - 2013-10-13 09:51 - 00485376 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
2013-03-05 20:51 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-03-05 20:51 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-03-05 20:51 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-03-05 20:51 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-03-05 20:51 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2012-03-16 14:42 - 2012-03-16 14:42 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-03-16 14:42 - 2012-03-16 14:42 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-10-04 10:17 - 2013-10-04 10:17 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-03-05 20:51 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-07-31 12:11 - 2012-07-31 12:11 - 00396800 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-10-01 01:14 - 2013-10-01 01:14 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-12 17:00 - 2012-11-12 17:00 - 00466944 ____R () C:\Program Files (x86)\WinZip\adxloader.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\USER_THIS_COMPUTER\Desktop\Präsentation bulthaup.pptx:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus) (User: )
Description: Sicherheitsrisiko gefunden!Trojan.Zbot in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\FB16.tmp.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion:

Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus) (User: )
Description: Sicherheitsrisiko gefunden!Trojan.Gpcoder.E in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe\epgox.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion:

Error: (11/06/2013 11:07:35 AM) (Source: Symantec AntiVirus) (User: )
Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe von: Auto-Protect-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion:

Error: (11/06/2013 09:53:14 AM) (Source: RasClient) (User: )
Description: CoID={8C7361D4-70ED-463F-919E-1D6FF6F38A82}: Der Benutzer "PACA\USER_THIS_COMPUTER" hat eine Verbindung mit dem Namen "PACA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (11/06/2013 09:53:14 AM) (Source: RasClient) (User: )
Description: CoID={8C7361D4-70ED-463F-919E-1D6FF6F38A82}: Der Benutzer "PACA\USER_THIS_COMPUTER" hat eine Verbindung mit dem Namen "PACA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 800.

Error: (11/06/2013 07:23:40 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (11/06/2013 06:31:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (11/06/2013 06:31:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (11/06/2013 06:31:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (11/06/2013 05:24:06 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.


System errors:
=============
Error: (11/06/2013 11:17:11 AM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (11/06/2013 11:15:10 AM) (Source: Microsoft-Windows-GroupPolicy) (User: PACA)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (11/06/2013 11:14:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/06/2013 11:14:20 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (11/06/2013 11:14:16 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne PACA aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (11/06/2013 11:12:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (11/06/2013 11:07:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus)(User: )
Description: Sicherheitsrisiko gefunden!Trojan.Zbot in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\FB16.tmp.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion:

Error: (11/06/2013 11:07:36 AM) (Source: Symantec AntiVirus)(User: )
Description: Sicherheitsrisiko gefunden!Trojan.Gpcoder.E in Datei: c:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe\epgox.exe von: Geplante-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion:

Error: (11/06/2013 11:07:35 AM) (Source: Symantec AntiVirus)(User: )
Description: Sicherheitsrisiko gefunden!Trojan.Gen.2 in Datei: C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe von: Auto-Protect-Scan. Aktion: Löschen fehlgeschlagen : Nichts unternehmen fehlgeschlagen. Beschreibung der Aktion:

Error: (11/06/2013 09:53:14 AM) (Source: RasClient)(User: )
Description: {8C7361D4-70ED-463F-919E-1D6FF6F38A82}PACA\USER_THIS_COMPUTERPACA0

Error: (11/06/2013 09:53:14 AM) (Source: RasClient)(User: )
Description: {8C7361D4-70ED-463F-919E-1D6FF6F38A82}PACA\USER_THIS_COMPUTERPACA800

Error: (11/06/2013 07:23:40 AM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (11/06/2013 06:31:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe

Error: (11/06/2013 06:31:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe

Error: (11/06/2013 06:31:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Program Files (x86)\phonostar-Player\phonostar.exe

Error: (11/06/2013 05:24:06 AM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3892.55 MB
Available physical RAM: 1796.64 MB
Total Pagefile: 7783.25 MB
Available Pagefile: 5519.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:296.08 GB) (Free:220.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive u: (Offline) (Network) (Total:296.08 GB) (Free:220.53 GB) CSC-CACHE

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=296 GB) - (Type=07 NTFS)

==================== End Of Log ============================

4. Gmer

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-06 12:00:57
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0001 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\awrorpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077740028 5 bytes JMP 000000010131ab00
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076521d26 4 bytes CALL 71ab0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000762f6737 5 bytes JMP 0000000171a50022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076307133 5 bytes JMP 0000000171ae0022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[3124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5228] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077740028 5 bytes JMP 00000001002bbad0
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076521d26 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000762f6737 5 bytes JMP 0000000171a20022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076307133 5 bytes JMP 0000000171a60022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[5968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763e1401 2 bytes JMP 76efeb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763e1419 2 bytes JMP 76f0b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763e1431 2 bytes JMP 76f88609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763e144a 2 bytes CALL 76ee1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763e14dd 2 bytes JMP 76f87efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763e14f5 2 bytes JMP 76f880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763e150d 2 bytes JMP 76f87df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763e1525 2 bytes JMP 76f881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763e153d 2 bytes JMP 76eff088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763e1555 2 bytes JMP 76f0b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763e156d 2 bytes JMP 76f886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763e1585 2 bytes JMP 76f88222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763e159d 2 bytes JMP 76f87db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763e15b5 2 bytes JMP 76eff121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763e15cd 2 bytes JMP 76f0b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763e16b2 2 bytes JMP 76f88584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763e16bd 2 bytes JMP 76f87d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006c8511a8 2 bytes [85, 6C]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006c85127d 2 bytes CALL 76ee14dd C:\Windows\syswow64\kernel32.dll
.text ... * 6
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006c8513a8 2 bytes [85, 6C]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006c851422 2 bytes [85, 6C]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2592] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006c851498 2 bytes [85, 6C]

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [3740:3044] 000007fef6049688
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:3156] 00000000664a86e5
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:4180] 00000000656e689f
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:5768] 00000000656e689f
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:2024] 00000000656e689f
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:1504] 00000000656e689f
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:3012] 00000000656e689f
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [3676:6128] 00000000656e689f

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9d386c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe9d386c@3c8bfe454904 0x41 0x57 0xF7 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5@3c8bfe454904 0xE9 0x22 0xF0 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df859bb5@cc051b837cfc 0x03 0xA3 0xB9 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098@3c8bfe454904 0x74 0xBC 0x5E 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df868098@f0e77ee16218 0x20 0x85 0x08 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9d386c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe9d386c@3c8bfe454904 0x41 0x57 0xF7 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5@3c8bfe454904 0xE9 0x22 0xF0 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df859bb5@cc051b837cfc 0x03 0xA3 0xB9 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098@3c8bfe454904 0x74 0xBC 0x5E 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df868098@f0e77ee16218 0x20 0x85 0x08 0x4B ...

---- EOF - GMER 2.1 ----


als Laie kapituliere ich vor soviel meldung, hoffe das geht einigermaßen zu reparieren und warte (Verzweifelt) auf Hilfe

Gruß Claus

Alt 06.11.2013, 12:44   #2
schrauber
/// the machine
/// TB-Ausbilder
 

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 06.11.2013, 14:44   #3
Entrepreneur
 
keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



voila!

alles per Anweisung durchgeführt... keine Zickerei beim Neustart...

Code:
ATTFilter
ComboFix 13-11-04.01 - User_This_Computer 06.11.2013  13:14:26.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3893.1419 [GMT 1:00]
ausgeführt von:: c:\users\User_This_Computer\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\a2zLyrics-16
c:\program files (x86)\Search Results Toolbar\Datamngr
c:\program files (x86)\Search Results Toolbar\Datamngr\del_DM_DLL_nsiBCA2.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\del_DM_EXE_nsiBCA2.exe
c:\program files (x86)\Search Results Toolbar\Datamngr\del_DM_LL_nsiBCA2.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\del_mg_nsiBCA2.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultsDx.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultstb.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\as_guid.dat
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\custom.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\about.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\custom.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\external.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsspreview.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\rsswin.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\datastore.jsm
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\neterror.xhtml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\preferences.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\template.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.htm
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\toolbar.xul
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmncode.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\vmnrsswin.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\engines.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search\search.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\weather\icons.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\lib\en.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\locale.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\de.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\en.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\es.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\fr.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\locale\toolbar\it.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\blip.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluelite.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\bluesky.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-settings.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn-widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\btn_settings.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\custom.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\dailymotion.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\divider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\ebay.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\facebook.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\find-videos.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\grey.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\icon_games.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\images.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\alexabutton.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\aol.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\blank.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\button-splitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\checkmark.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\chevron.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\collapse.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx-test.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\dtx.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\edit-back.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\expand.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\found.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\gmail.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\hotmail.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\imap.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\launchers.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\lock.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\mailcom.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\minus.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\modify.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\move.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\movetarget.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\ie-only.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\ie7-only.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-close-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-close.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\footer-short-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\footer-short-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\footer-short-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\titlebar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\titlebar-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\titlebar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\main.html.bak
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts\defscript.js.bak
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ajax-loader.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\apps-hover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-down-white.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-add-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-grey-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-close.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-left22-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-left22.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-middle22.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-right22-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-dark-right22.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-install.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-launch-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-launch.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\footer-short-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\footer-short-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\footer-short-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-box-next.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-info-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-info.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-pref-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-pref.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\ico-user-monitor.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\left-menu-hover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchbox.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchboxlite.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\searchboxlite_end.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\shadow-leftmenu.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\sprite-dropdown.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_blank.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\titlebar-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\titlebar-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\titlebar-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\topbar-inside-gradient.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-bottom-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-left-bottomglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-left-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-left-topglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-right-bottomglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-right-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-right-topglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images\win-top-middleglow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\default.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.uniform.min.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\js\jquery.url.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\plus.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\pop.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\radio.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\reload.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\remove.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rename.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rss.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search-go.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\separator.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\throbber.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.html.bak
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\yahoo.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lichen.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-about.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo-separator.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\logo.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\metacafe.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify-save.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modify.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\modifyhot.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\namespacetoolbar.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-main.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-search.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-weather.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options\options-widgets.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\orange.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search-over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\search_icon.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\setting_stb_16x.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\settings_stb_19x_over.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluelite.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-bluesky.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-grey.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-lichen.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-orange.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin-yellow.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\skin.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\sv.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\throbber.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\TRUSTe_about.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\tv.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\twitter.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\veoh.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\video.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vimeo.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\vmn.css
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\web.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\websearch.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\yellow.gif
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\youtube.png
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\components\windowmediator.js
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\install.ico
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\manifest.xml
c:\program files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\uninstall.exe
c:\program files (x86)\Search Results Toolbar\Datamngr\x64\del_DM_LL_nsiBCA2.dll
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\User_This_Computer\AppData\Local\assembly\tmp
c:\users\User_This_Computer\AppData\Local\Temp\IntResource.dll
c:\users\User_This_Computer\AppData\Roaming\Afazo
c:\users\User_This_Computer\AppData\Roaming\Afazo\exajyv.exe
c:\users\User_This_Computer\AppData\Roaming\Bamuv
c:\users\User_This_Computer\AppData\Roaming\Bamuv\adsyup.exe
c:\users\User_This_Computer\AppData\Roaming\Egaqan
c:\users\User_This_Computer\AppData\Roaming\Egaqan\kiexo.exe
c:\users\User_This_Computer\AppData\Roaming\Lowues
c:\users\User_This_Computer\AppData\Roaming\Lowues\vupeut.exe
c:\users\User_This_Computer\AppData\Roaming\Witem
c:\users\User_This_Computer\AppData\Roaming\Witem\yjot.exe
c:\users\User_This_Computer\AppData\Roaming\Zuviy
c:\users\User_This_Computer\AppData\Roaming\Zuviy\kaac.exe
c:\users\user\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-06 bis 2013-11-06  ))))))))))))))))))))))))))))))
.
.
2013-11-06 10:40 . 2013-11-06 10:40	--------	d-----w-	C:\FRST
2013-11-01 14:52 . 2013-11-06 10:48	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2D6C8F8-BB51-4B78-907B-589BFB5E87AD}\offreg.dll
2013-10-21 22:46 . 2013-10-21 22:46	--------	d-----w-	c:\programdata\BrowserProtect
2013-10-21 22:46 . 2013-10-21 22:46	--------	d-----w-	c:\programdata\BitGuard
2013-10-21 21:59 . 2013-10-21 21:59	--------	d-----w-	c:\program files (x86)\Music Toolbar
2013-10-21 21:59 . 2013-11-06 12:39	--------	d-----w-	c:\programdata\Datamngr
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 10:19 . 2012-06-07 18:55	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 10:19 . 2012-06-07 18:55	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-10 21:18 . 2013-10-04 09:17	295696	----a-w-	c:\windows\system32\drivers\RapportKE64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"Spotify Web Helper"="c:\users\User_This_Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-08 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-01-24 115560]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-07-31 69632]
"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2011-04-15 692224]
.
c:\users\User_This_Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2012-6-13 22624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;DATEV Schnittstellensystem pro V0300;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
R4 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [x]
R4 Datev.Database.Conserve;DATEV Connection Service;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R4 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R4 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R4 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [x]
R4 MSSQL$DATEV_DBENGINE;SQL Server (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [x]
R4 MSSQLFDLauncher$DATEV_DBENGINE;SQL Full-text Filter Daemon Launcher (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$DATEV_DBENGINE;SQL Server Agent (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 16:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
"CSRBIP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe" [2009-12-24 419752]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/102?appid=100
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: NameServer = 62.6.40.178
TCP: Interfaces\{4DF21D34-FBE7-4122-AB66-3576694E31B1}: NameServer = 192.168.11.11
TCP: Interfaces\{7C28AF9D-50FF-4C7A-9EBA-D637A9FFB26B}\2427F6E6A75645967656272474: DhcpNameServer = 192.168.0.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: NameServer = 88.82.13.44 88.82.13.44
TCP: Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: NameServer = 88.82.13.28 88.82.13.28
TCP: Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: NameServer = 88.82.13.28 88.82.13.28
FF - ProfilePath - c:\users\User_This_Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.search.ask.com/?o=APN10646A&gct=hp&d=102-100&v=a9659-142&t=4
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=102&v=a9659-142&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=4104496122144376&o=APN10646&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{7abe12ca-e995-4ab4-9a4e-ef8820a20182} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Toolbar-Locked - (no file)
Toolbar-{7abe12ca-e995-4ab4-9a4e-ef8820a20182} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Neuer Wert #1 - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-BthSyncServ - c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe
AddRemove-jziptoolbargaw - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
AddRemove-GeoGebra 4 - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-450697736-2229791768-3296062214-1169\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,dc,1a,
   bd,e1,23,c0,06,be,88,d0,a6,8b,ee,5d,0e
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,3b,1b,b5,45,b8,
   d8,1d,df,f8,06,9e,23,f8,a8,5c,40,51,9c
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,21,3a,
   54,8f,33,12,0d,8f,f8,a2,84,07,74,35,6e
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,82,9f,
   81,1c,1e,b5,03,86,da,83,d9,69,a9,31,a7
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,3b,1b,a6,d6,ed,
   85,0e,75,1f,0b,8b,e7,52,74,70,92,c8,da
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-06  13:46:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-06 12:46
.
Vor Suchlauf: 18 Verzeichnis(se), 239.505.862.656 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 238.781.882.368 Bytes frei
.
- - End Of File - - FDBF3AEDC5F4B9BE4A31CEB16581B6B4
         
wie geht's weiter?

Gruß Claus
__________________

Alt 06.11.2013, 17:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.11.2013, 20:27   #5
Entrepreneur
 
keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Malware durchgeführt, Ergebnis siehe unten:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.06.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
USER_THIS_Computer :: PACANB010 [Administrator]

06.11.2013 17:54:37
mbam-log-2013-11-06 (17-54-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291016
Laufzeit: 59 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 3
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (PUP.Optional.Bandoo.A) -> 1996 -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (PUP.Optional.Bandoo.A) -> 2104 -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (PUP.Optional.Bandoo.A) -> 432 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 14
HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\DATAMNGR (PUP.Optional.MusicBoxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Datamngr|uninstallstring (PUP.Optional.MusicBoxToolBar.A) -> Daten: C:\Program Files (x86)\Music Toolbar\Datamngr\uninstall.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Daten: hxxp://www.delta-search.com/?affID=120519&tt=gc_&babsrc=NT_ss&mntrId=56EA4A0F6E742F73 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator|ImagePath (PUP.Optional.DatamngrCoordinator.A) -> Daten: C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.searchnu.com/102?appid=100) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 10
C:\ProgramData\Datamngr (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Music Toolbar\Datamngr (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\x64 (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.

Infizierte Dateien: 29
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (PUP.Optional.Bandoo.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (PUP.Optional.Bandoo.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> Löschen bei Neustart.
C:\Users\USER_THIS_Computer\Downloads\Babylon10_setup(1).exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER_THIS_Computer\Downloads\Babylon10_setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER_THIS_Computer\Downloads\FlashPlayer_V.161252661b.exe (PUP.FakeFlash.Domaiq) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Datamngr\coordinator.cfg (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Datamngr\general.cfg (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Datamngr\S-1-5-21-450697736-2229791768-3296062214-1169.cfg (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\Datamngr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\Helper.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\Internet Explorer Settings.exe (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\Uninstall.exe (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\Datamngr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\Internet Explorer Settings.exe (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll (PUP.Optional.MusicBoxToolBar.A) -> Löschen bei Neustart.

(Ende)
         
Adware auch ausgeführt, Ergebnis:

Code:
ATTFilter
# AdwCleaner v3.011 - Bericht erstellt am 06/11/2013 um 19:38:08
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzername : USER_THIS_COMPUTER - PACANB010
# Gestartet von : C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\Ask
[!] Ordner Gelöscht : C:\ProgramData\Bandoo
[!] Ordner Gelöscht : C:\ProgramData\BitGuard
[!] Ordner Gelöscht : C:\ProgramData\boost_interprocess
[!] Ordner Gelöscht : C:\ProgramData\Browser Manager
[!] Ordner Gelöscht : C:\ProgramData\BrowserProtect
[!] Ordner Gelöscht : C:\ProgramData\eSafe
[!] Ordner Gelöscht : C:\ProgramData\Partner
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
[!] Ordner Gelöscht : C:\Program Files (x86)\Bandoo
[!] Ordner Gelöscht : C:\Program Files (x86)\Ilivid
[!] Ordner Gelöscht : C:\Program Files (x86)\jZip
[!] Ordner Gelöscht : C:\Program Files (x86)\Music Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Search Results Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar
[!] Ordner Gelöscht : C:\Users\user\AppData\Local\PackageAware
[!] Ordner Gelöscht : C:\Users\user\AppData\LocalLow\AskToolbar
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Iminent
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\Qtrax
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Local\Ilivid Player
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Local\jZip
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Local\PackageAware
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\LocalLow\jziptoolbargaw
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\LocalLow\Searchqutoolbar
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Bandoo
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\DSite
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1etsrt3d.default\jziptoolbargaw
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1etsrt3d.default\Searchqutoolbar
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\jziptoolbargaw
[!] Ordner Gelöscht : C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Searchqutoolbar
[!] Ordner Gelöscht : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1etsrt3d.default\Extensions\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
         
und hier noch Junkware:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by USER_THIS_COMPUTER on 06.11.2013 at 20:08:02,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-enabler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-enabler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-updater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-updater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-enabler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-enabler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-updater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-updater_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{726D6F83-8A31-4436-99AB-864BC23EEBDB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD2F7462-4D17-4CEB-A83D-A787C2076C88}



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\user.js
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\invalidprefs.js
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\ask.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\searchplugins\searchresults.xml
Successfully deleted the following from C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\prefs.js

user_pref("iminent.LayoutId", "1");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.registerToolbarEvent102", "1383763533079");
user_pref("iminent.registerToolbarEvent140", "1383696411634");
user_pref("iminent.version", "7.43.4.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.41.2.1\",\"InstallEventCTime\":1382392843535,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1383765194942}");
user_pref("iminent.webbooster.scripts.minibar.FavLinkSplitTestingClass", "v1");
user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1375441696317");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1374930217500");
user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1375349857612");
Emptied folder: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\mozilla\firefox\profiles\ma1f09lu.default\minidumps [313 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2013 at 20:19:03,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und hier noch eine Frischt First.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 06-11-2013 20:24:34
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
() C:\Windows\Dell\PanelMgr\SSMMgr.exe
() C:\Windows\Dell\PanelMgr\caller64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] ()
HKU\user\...\Run: [phonostarTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [39936 2010-11-23] ()
HKU\user\...\Run: [phonostar-Player] - C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe [110592 2010-11-23] ()
HKU\user\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL = 
SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL = 
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178
Tcpip\..\Interfaces\{4DF21D34-FBE7-4122-AB66-3576694E31B1}: [NameServer]192.168.11.11
Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44
Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28
Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.28 88.82.13.28

FireFox:
========
FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: gTranslator - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\jyboy.yy@gmail.com
FF Extension: New tab - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{5FE1FEC3-D2C0-BDA1-4982-F9508D4E6709}
FF Extension: webbooster - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}

==================== Services (Whitelisted) =================

R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation)
S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-06] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.025\ENG64.SYS [126040 2013-11-06] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131105.025\EX64.SYS [2099288 2013-11-06] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-06] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U0 dmboot; 
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 20:19 - 2013-11-06 20:19 - 00006466 _____ C:\Users\USER_THIS_COMPUTER\Desktop\JRT.txt
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:32 - 2013-11-06 19:33 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:50 - 2013-11-06 17:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-06 13:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-06 13:09 - 2013-11-06 13:48 - 00000000 ____D C:\ComboFix
2013-11-06 12:55 - 2013-11-06 13:47 - 00000000 ____D C:\Qoobox
2013-11-06 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\nircmd.exe
2013-11-06 12:50 - 2013-11-06 13:43 - 00000000 ____D C:\Windows\erdnt
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:43 - 2013-11-06 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:59 - 2013-11-06 12:04 - 00045914 _____ C:\Users\USER_THIS_COMPUTER\Desktop\gmer.txt
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:41 - 2013-11-06 12:03 - 00027815 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Addition.txt
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 12:02 - 00000478 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind

==================== One Month Modified Files and Folders =======

2013-11-06 20:19 - 2013-11-06 20:19 - 00006466 _____ C:\Users\USER_THIS_COMPUTER\Desktop\JRT.txt
2013-11-06 20:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 20:07 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype
2013-11-06 20:06 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-06 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:55 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-06 19:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 19:54 - 2013-10-06 08:46 - 00001008 _____ C:\Windows\setupact.log
2013-11-06 19:54 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER
2013-11-06 19:53 - 2011-01-19 18:07 - 01539927 _____ C:\Windows\WindowsUpdate.log
2013-11-06 19:33 - 2013-11-06 19:32 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 19:26 - 2013-03-08 16:41 - 00017834 _____ C:\Windows\PFRO.log
2013-11-06 19:26 - 2012-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:51 - 2013-11-06 17:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 17:44 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att
2013-11-06 16:22 - 2011-02-01 19:19 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Apps\2.0
2013-11-06 16:06 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-06 14:22 - 2013-11-06 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 13:48 - 2013-11-06 13:09 - 00000000 ____D C:\ComboFix
2013-11-06 13:47 - 2013-11-06 12:55 - 00000000 ____D C:\Qoobox
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\TxR
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\systemprofile
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\RegBack
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\Journal
2013-11-06 13:47 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:43 - 2013-11-06 12:50 - 00000000 ____D C:\Windows\erdnt
2013-11-06 13:39 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-06 13:32 - 2013-03-05 20:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-06 13:32 - 2009-07-14 03:34 - 95944704 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 06553600 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-06 13:31 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:04 - 2013-11-06 11:59 - 00045914 _____ C:\Users\USER_THIS_COMPUTER\Desktop\gmer.txt
2013-11-06 12:03 - 2013-11-06 11:41 - 00027815 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Addition.txt
2013-11-06 12:02 - 2013-11-06 11:38 - 00000478 _____ C:\Users\USER_THIS_COMPUTER\Downloads\defogger_disable.log
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 10:35 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify
2013-11-05 19:50 - 2013-11-05 19:50 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe
2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj
2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-01 11:02 - 2010-04-26 14:06 - 00766754 _____ C:\Windows\system32\perfh007.dat
2013-11-01 11:02 - 2010-04-26 14:06 - 00174946 _____ C:\Windows\system32\perfc007.dat
2013-11-01 11:02 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 10:55 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 20:50 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP
2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-17 15:05 - 2013-10-04 10:17 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind
2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL
2013-10-07 06:25 - 2013-10-07 06:25 - 00070028 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Faktoren.xmind

Some content of TEMP:
====================
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-04 03:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hausaufgaben erledigt, warte gepsannt, wies weiter geht....

Gruß Claus


Alt 07.11.2013, 12:28   #6
schrauber
/// the machine
/// TB-Ausbilder
 

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs

Alt 07.11.2013, 18:49   #7
Entrepreneur
 
keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Ergebnisse Smartinstaller:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d12ef347b5ba4545a2633d0b42fdc55c
# engine=15793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-07 04:56:44
# local_time=2013-11-07 05:56:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776637 100 94 9348 135473254 0 0
# scanned=165824
# found=6
# cleaned=0
# scan_time=9137
sh=9EB3F26FCA53F48D89C4DB4AD8E932572B51751E ft=1 fh=feb261162876a139 vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Afazo\exajyv.exe.vir"
sh=73FEDB598D7B42AD30343E3CF016E42C886D4E54 ft=1 fh=599dcf419ba3b29b vn="a variant of Win32/Injector.AONN trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Bamuv\adsyup.exe.vir"
sh=D2C72FA39C2274434C519A84270FD5B5111590FF ft=1 fh=3e57d3dd48e4ccff vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Egaqan\kiexo.exe.vir"
sh=346AAA17CC52F6EE3117D1A0325C4ACDB696E0FC ft=1 fh=903ac8b69ba3b29b vn="a variant of Win32/Injector.AONN trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Lowues\vupeut.exe.vir"
sh=2133C05D0A19377BCDCC2793A956AAC91F8E51FA ft=1 fh=2fe26782e59740cc vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Witem\yjot.exe.vir"
sh=88F371DF13326A45062A40A753DB7AA510C79A86 ft=1 fh=7a00eafdd1a2e769 vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER_THIS_COMPUTER\AppData\Roaming\Zuviy\kaac.exe.vir"
         
der Eset ORdner lässt sich nicht löschen. Verlangt nach Berechtigung, wenn diese erteilt wird gibt's ne Fehlermeldung
"Fehler beim Anwenden von Sicherheitsinformationen auf: c:\program files(x86
)\... smartinstaller.exe

Zugriff verweigert"

...und der Security scan sagt: "UNSUPPORTED OPERATING SYSTEM! ABORTED!"

... und hier die neueste Frst Log datei:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 07-11-2013 18:45:00
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Dell\PanelMgr\SSMMgr.exe
() C:\Windows\Dell\PanelMgr\caller64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(phonostar) C:\Program Files (x86)\phonostar-Player\phonostar.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\mstsc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\zipsendservice.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
() C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\Dell\Dell 2355dn Laser MFP\Dell-Scan-Manager\ScanMgr2.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-08] (Spotify Ltd)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] ()
HKU\user\...\Run: [phonostarTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [39936 2010-11-23] ()
HKU\user\...\Run: [phonostar-Player] - C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe [110592 2010-11-23] ()
HKU\user\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL = 
SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL = 
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.11.11
Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178
Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44
Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28
Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.60 88.82.13.60

FireFox:
========
FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: gTranslator - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\jyboy.yy@gmail.com
FF Extension: New tab - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\{5FE1FEC3-D2C0-BDA1-4982-F9508D4E6709}
FF Extension: webbooster - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\ma1f09lu.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}

==================== Services (Whitelisted) =================

R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation)
S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]
U2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]

==================== Drivers (Whitelisted) ====================

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-06] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131106.025\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131106.025\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-06] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-04] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U0 dmboot; 
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 15:21 - 2013-11-07 15:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:32 - 2013-11-06 19:33 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:50 - 2013-11-06 17:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-06 13:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-06 13:09 - 2013-11-06 13:48 - 00000000 ____D C:\ComboFix
2013-11-06 12:55 - 2013-11-06 13:47 - 00000000 ____D C:\Qoobox
2013-11-06 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\nircmd.exe
2013-11-06 12:50 - 2013-11-06 13:43 - 00000000 ____D C:\Windows\erdnt
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:43 - 2013-11-07 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-05 19:50 - 2013-11-07 17:20 - 00024576 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL

==================== One Month Modified Files and Folders =======

2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 18:39 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype
2013-11-07 18:38 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-07 18:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 18:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 17:20 - 2013-11-05 19:50 - 00024576 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-07 15:21 - 2013-11-07 15:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-07 15:20 - 2011-01-19 18:07 - 01583813 _____ C:\Windows\WindowsUpdate.log
2013-11-07 11:35 - 2013-11-06 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:03 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:55 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-06 19:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 19:54 - 2013-10-06 08:46 - 00001008 _____ C:\Windows\setupact.log
2013-11-06 19:54 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER
2013-11-06 19:33 - 2013-11-06 19:32 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 19:26 - 2013-03-08 16:41 - 00017834 _____ C:\Windows\PFRO.log
2013-11-06 19:26 - 2012-05-06 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:51 - 2013-11-06 17:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 17:44 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att
2013-11-06 16:22 - 2011-02-01 19:19 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Apps\2.0
2013-11-06 16:06 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-06 13:48 - 2013-11-06 13:09 - 00000000 ____D C:\ComboFix
2013-11-06 13:47 - 2013-11-06 12:55 - 00000000 ____D C:\Qoobox
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\TxR
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\systemprofile
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\RegBack
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\Journal
2013-11-06 13:47 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:43 - 2013-11-06 12:50 - 00000000 ____D C:\Windows\erdnt
2013-11-06 13:39 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-06 13:32 - 2013-03-05 20:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-06 13:32 - 2009-07-14 03:34 - 95944704 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 06553600 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-06 13:31 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:39 - 2013-11-06 11:39 - 01957098 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 10:35 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify
2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe
2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj
2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-11-01 11:02 - 2010-04-26 14:06 - 00766754 _____ C:\Windows\system32\perfh007.dat
2013-11-01 11:02 - 2010-04-26 14:06 - 00174946 _____ C:\Windows\system32\perfc007.dat
2013-11-01 11:02 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 10:55 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-30 20:50 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP
2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-17 15:05 - 2013-10-04 10:17 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind
2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe
2013-10-08 13:41 - 2013-10-08 13:41 - 00123203 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL(1)
2013-10-08 13:40 - 2013-10-08 13:40 - 00130315 _____ C:\Users\USER_THIS_COMPUTER\Downloads\FENOSOL

Some content of TEMP:
====================
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-04 03:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Probleme gibts schon viel weniger, Laden von Browser und Outlook dauert noch etwas aber alles in allem schon viel besser geworden .. ein "Zwischendanke" schon mal :-)

Alt 08.11.2013, 10:22   #8
schrauber
/// the machine
/// TB-Ausbilder
 

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
U2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Räum mal den Autostart auf sodass nur das wichtigste startet.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.11.2013, 11:18   #9
Entrepreneur
 
keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



als erstes mal der Frst Fix:

HTML-Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by USER_THIS_COMPUTER at 2013-11-08 11:09:24 Run:1
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
U2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]
*****************

syshost32 => Service deleted successfully.

==== End of Fixlog ====
Mit TFC hab ich ein Problem:
gespeichert im Download ordner kann es nicht gestartet werden, weil ich nicht die Berechtigung habe, und auf den Desktop runterladen kommt folgende Meldung:

"C:\Users\USER_THIS_COMPUTER\Desktop\TFC.exe konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können.

Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern."

Alt 08.11.2013, 12:48   #10
schrauber
/// the machine
/// TB-Ausbilder
 

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.11.2013, 19:07   #11
Entrepreneur
 
keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



so, Rechner aufgeräumt, Autostart entrümpelt und Rechner läuft wieder ganz ok...
Allerdings noch ein paar Fragen:
1. Auf allen Internetseiten wird andauernd werbung von "Iminent" angezeigt. ISt das normal oder ist noch was auf meinem Rechner, dass hier den Browser manipuliert?
2. das Starten des Rechners dauert immer noch ganz schön lange, als erstes nach der PAssworteingabe dauert es ewig, bis der Willkommen-Bildschirm weiterschaltet
3. Outlook und Browser starten dauert ewigkeiten...

Gibt's sonst noch was zu tun?

Gruß Claus

Alt 09.11.2013, 17:52   #12
schrauber
/// the machine
/// TB-Ausbilder
 

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Browser komplett deinstalieren, keine DAten behalten, neu installieren. Dann bitte ein frisches FRST log, ich schau nochmal.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.11.2013, 17:06   #13
Entrepreneur
 
keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



so, browser neu installiert, Werbung ist weg...

hier das Protokoll von Frst


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2013
Ran by USER_THIS_COMPUTER (administrator) on PACANB010 on 10-11-2013 16:51:25
Running from C:\Users\USER_THIS_COMPUTER\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Windows\Dell\PanelMgr\SSMMgr.exe
() C:\Windows\Dell\PanelMgr\caller64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Spotify Ltd) C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Spotify.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\zipsendservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Dell\Dell 2355dn Laser MFP\Dell-Scan-Manager\ScanMgr2.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
HKLM\...\Run: [CSRBIP] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe [419752 2009-12-24] (CSR, plc)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-11-09] (Spotify Ltd)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-01-24] (Symantec Corporation)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [Dell PanelMgr] - C:\Windows\Dell\PanelMgr\SSMMgr.exe [692224 2011-04-15] ()
HKU\user\...\Run: [phonostarTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [39936 2010-11-23] ()
HKU\user\...\Run: [phonostar-Player] - C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe [110592 2010-11-23] ()
HKU\user\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKCU - {781341CD-F4DF-47E4-9418-7D92C232AF99} URL = 
SearchScopes: HKCU - {FDD7292B-9F37-4C4E-AD8F-6987FFD95AE3} URL = 
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{32C1FAD3-B362-440A-9B5A-A7D9BE5AA03E}: [NameServer]62.6.40.178
Tcpip\..\Interfaces\{4DF21D34-FBE7-4122-AB66-3576694E31B1}: [NameServer]192.168.11.11
Tcpip\..\Interfaces\{880C66D5-830F-48CB-8BF7-62C91F72ACE1}: [NameServer]88.82.13.44 88.82.13.44
Tcpip\..\Interfaces\{A0122993-960A-424A-8C10-B38BA151B2AA}: [NameServer]88.82.13.28 88.82.13.28
Tcpip\..\Interfaces\{FA1EDED6-FF4F-4D2D-A387-D03785B6BD0A}: [NameServer]88.82.13.60 88.82.13.60

FireFox:
========
FF ProfilePath: C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\st6cnjni.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}

==================== Services (Whitelisted) =================

R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-01-24] (Symantec Corporation)
S4 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
S4 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-08-18] (Symantec Corporation)
S4 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-17] (Trusteer Ltd.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3144696 2011-01-24] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [414536 2011-01-24] (Symantec Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2011-01-24] (Symantec Corporation)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S4 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S4 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S4 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
S4 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]
S2 syshost32; "C:\Windows\Installer\{8E385834-2193-171F-C0D3-765E9FCF2722}\syshost.exe" /service [x]

==================== Drivers (Whitelisted) ====================

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-07] (Symantec Corporation)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131109.006\ENG64.SYS [126040 2013-11-07] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20131109.006\EX64.SYS [2099288 2013-11-07] (Symantec Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-06] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-17] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-17] (Trusteer Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-01-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2011-01-24] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2011-01-24] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52272 2011-01-24] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2013-11-08] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U0 dmboot; 
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-10 16:50 - 2013-11-10 16:51 - 01957156 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-10 12:34 - 2013-11-10 12:35 - 00119344 _____ C:\Users\USER_THIS_COMPUTER\Downloads\https _www.google.de_.htm
2013-11-10 09:09 - 2013-11-10 09:09 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-10 09:09 - 2013-11-10 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-10 09:07 - 2013-11-10 09:07 - 23123208 _____ (Mozilla) C:\Users\USER_THIS_COMPUTER\Downloads\firefox_setup_25.0.exe
2013-11-08 19:42 - 2013-11-08 19:42 - 00021504 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Berechnung fehlender Wareneinsatz.xls
2013-11-08 17:32 - 2013-11-08 18:40 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-08 17:21 - 2013-11-08 17:21 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PACANB010-Microsoft-Windows-7-Professional-(64-bit).dat
2013-11-08 17:21 - 2013-11-08 17:21 - 00000000 ____D C:\RegBackup
2013-11-08 16:32 - 2013-11-08 16:32 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio
2013-11-08 16:26 - 2013-11-08 16:26 - 02804572 _____ C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio.zip
2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:32 - 2013-11-06 19:33 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-06 17:50 - 2013-11-06 17:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-06 13:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-06 13:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-06 13:09 - 2013-11-06 13:48 - 00000000 ____D C:\ComboFix
2013-11-06 12:55 - 2013-11-06 13:47 - 00000000 ____D C:\Qoobox
2013-11-06 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\nircmd.exe
2013-11-06 12:50 - 2013-11-06 13:43 - 00000000 ____D C:\Windows\erdnt
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 12:43 - 2013-11-10 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-05 19:50 - 2013-11-08 16:34 - 00025600 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 06:48 - 2013-11-05 07:14 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-01 15:33 - 2013-11-05 11:12 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-10-17 19:28 - 2013-10-24 12:12 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 17:37 - 2013-10-17 19:08 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-15 18:02 - 2013-10-15 18:25 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 08:39 - 2013-10-11 08:38 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe

==================== One Month Modified Files and Folders =======

2013-11-10 16:52 - 2011-01-25 19:31 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Skype
2013-11-10 16:51 - 2013-11-10 16:50 - 01957156 _____ (Farbar) C:\Users\USER_THIS_COMPUTER\Downloads\FRST64.exe
2013-11-10 16:19 - 2012-06-07 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 16:14 - 2013-05-21 06:51 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Spotify
2013-11-10 14:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-10 13:53 - 2010-04-26 14:06 - 00752892 _____ C:\Windows\system32\perfh007.dat
2013-11-10 13:53 - 2010-04-26 14:06 - 00170776 _____ C:\Windows\system32\perfc007.dat
2013-11-10 13:53 - 2009-07-14 06:13 - 01809320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 12:35 - 2013-11-10 12:34 - 00119344 _____ C:\Users\USER_THIS_COMPUTER\Downloads\https _www.google.de_.htm
2013-11-10 09:09 - 2013-11-10 09:09 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-10 09:09 - 2013-11-10 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-10 09:09 - 2013-11-06 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 09:07 - 2013-11-10 09:07 - 23123208 _____ (Mozilla) C:\Users\USER_THIS_COMPUTER\Downloads\firefox_setup_25.0.exe
2013-11-08 23:39 - 2011-01-24 10:30 - 00233120 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WpsHelper.sys
2013-11-08 19:42 - 2013-11-08 19:42 - 00021504 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Berechnung fehlender Wareneinsatz.xls
2013-11-08 19:16 - 2011-01-24 09:57 - 00064418 __RSH C:\ProgramData\ntuser.pol
2013-11-08 18:55 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 18:55 - 2009-07-14 05:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 18:50 - 2013-10-06 08:46 - 00001176 _____ C:\Windows\setupact.log
2013-11-08 18:50 - 2013-04-03 18:27 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-08 18:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 18:48 - 2011-01-24 11:57 - 00000000 ___RD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2013-11-08 18:48 - 2011-01-19 18:07 - 01696335 _____ C:\Windows\WindowsUpdate.log
2013-11-08 18:47 - 2013-03-08 16:51 - 00086552 _____ C:\Users\USER_THIS_COMPUTER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-08 18:43 - 2013-03-08 16:41 - 00344904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-08 18:42 - 2013-03-08 16:41 - 00018186 _____ C:\Windows\PFRO.log
2013-11-08 18:40 - 2013-11-08 17:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-11-08 18:14 - 2009-07-14 03:34 - 00000535 _____ C:\Windows\win.ini
2013-11-08 17:21 - 2013-11-08 17:21 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PACANB010-Microsoft-Windows-7-Professional-(64-bit).dat
2013-11-08 17:21 - 2013-11-08 17:21 - 00000000 ____D C:\RegBackup
2013-11-08 16:34 - 2013-11-05 19:50 - 00025600 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Messekalender.xls
2013-11-08 16:32 - 2013-11-08 16:32 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio
2013-11-08 16:32 - 2013-02-02 14:10 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\WinZip
2013-11-08 16:26 - 2013-11-08 16:26 - 02804572 _____ C:\Users\USER_THIS_COMPUTER\Downloads\tweaking.com_windows_repair_aio.zip
2013-11-08 11:48 - 2011-01-24 09:55 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-07 18:43 - 2013-11-07 18:43 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck(1).exe
2013-11-07 17:21 - 2013-11-07 17:21 - 00891167 _____ C:\Users\USER_THIS_COMPUTER\Downloads\SecurityCheck.exe
2013-11-07 15:20 - 2013-11-07 15:20 - 02347384 _____ (ESET) C:\Users\USER_THIS_COMPUTER\Downloads\esetsmartinstaller_enu.exe
2013-11-06 20:01 - 2013-11-06 20:01 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 20:00 - 2013-11-06 20:00 - 01034531 _____ (Thisisu) C:\Users\USER_THIS_COMPUTER\Downloads\JRT.exe
2013-11-06 19:54 - 2011-01-24 11:57 - 00000000 ____D C:\Users\USER_THIS_COMPUTER
2013-11-06 19:33 - 2013-11-06 19:32 - 01073262 _____ C:\Users\USER_THIS_COMPUTER\Downloads\adwcleaner.exe
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2013-11-06 19:30 - 2013-11-06 19:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-06 17:52 - 2013-11-06 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 17:51 - 2013-11-06 17:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\USER_THIS_COMPUTER\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-06 17:44 - 2013-08-29 12:50 - 00000000 ____D C:\Program Files\Att
2013-11-06 16:22 - 2011-02-01 19:19 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Apps\2.0
2013-11-06 16:06 - 2012-10-17 09:16 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-06 13:48 - 2013-11-06 13:09 - 00000000 ____D C:\ComboFix
2013-11-06 13:47 - 2013-11-06 12:55 - 00000000 ____D C:\Qoobox
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\TxR
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\systemprofile
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\RegBack
2013-11-06 13:47 - 2011-01-19 10:38 - 00000000 ____D C:\Users\Journal
2013-11-06 13:47 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-06 13:46 - 2013-11-06 13:46 - 00075915 _____ C:\ComboFix.txt
2013-11-06 13:43 - 2013-11-06 12:50 - 00000000 ____D C:\Windows\erdnt
2013-11-06 13:39 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-06 13:39 - 2009-07-14 03:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_225
2013-11-06 13:32 - 2013-03-05 20:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-06 13:32 - 2009-07-14 03:34 - 95944704 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 06553600 _____ C:\Windows\system32\config\DEFAULT.bak
2013-11-06 13:32 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-06 13:31 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-11-06 12:46 - 2013-11-06 12:46 - 05144303 ____R (Swearware) C:\Users\USER_THIS_COMPUTER\Downloads\ComboFix.exe
2013-11-06 11:42 - 2013-11-06 11:42 - 00377856 _____ C:\Users\USER_THIS_COMPUTER\Downloads\gmer_2.1.19163.exe
2013-11-06 11:40 - 2013-11-06 11:40 - 00000000 ____D C:\FRST
2013-11-06 11:38 - 2013-11-06 11:38 - 00000000 _____ C:\Users\USER_THIS_COMPUTER\defogger_reenable
2013-11-06 11:37 - 2013-11-06 11:37 - 00050477 _____ C:\Users\USER_THIS_COMPUTER\Downloads\Defogger.exe
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 11:17 - 2011-01-25 19:31 - 00000000 ____D C:\ProgramData\Skype
2013-11-05 18:37 - 2013-05-21 06:52 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\Spotify
2013-11-05 17:07 - 2013-11-05 17:07 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\EMCS_core_business_module
2013-11-05 17:06 - 2013-11-05 17:06 - 07066352 _____ C:\Users\USER_THIS_COMPUTER\Downloads\emcs_en.zip
2013-11-05 11:12 - 2013-11-01 15:33 - 00023040 _____ C:\Users\USER_THIS_COMPUTER\Desktop\laufende_Projekte.xls
2013-11-05 07:14 - 2013-11-05 06:48 - 00082944 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Zeiterfassung_September_2013.xls
2013-11-04 23:23 - 2011-01-30 15:30 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Roaming\Dahe
2013-11-04 23:15 - 2009-07-14 01:20 - 00000000 __SHD C:\Users\USER_THIS_COMPUTER\AppData\Roaming\rejiudsj
2013-11-01 15:25 - 2013-05-27 19:53 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-10-28 17:43 - 2011-02-01 21:24 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\AppData\Local\FreePDF_XP
2013-10-24 12:12 - 2013-10-17 19:28 - 00208384 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical with Gastank.vsd
2013-10-17 19:08 - 2013-10-17 17:37 - 00192512 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Plan Uniquemical.vsd
2013-10-17 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-17 16:28 - 2013-10-17 16:28 - 00015360 _____ C:\Users\USER_THIS_COMPUTER\Desktop\Finanzplan Oktober.xls
2013-10-17 15:05 - 2013-10-04 10:17 - 00317808 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-16 15:10 - 2013-04-03 06:47 - 00000000 ____D C:\Program Files (x86)\XMind
2013-10-15 18:25 - 2013-10-15 18:02 - 00000000 ____D C:\Users\USER_THIS_COMPUTER\Desktop\Reisekosten
2013-10-11 11:19 - 2012-06-07 19:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 11:19 - 2012-06-07 19:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 11:19 - 2012-06-07 19:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 08:38 - 2013-10-11 08:39 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(3).exe
2013-10-11 08:33 - 2013-10-11 08:33 - 05831344 _____ (TeamViewer GmbH) C:\Users\USER_THIS_COMPUTER\Downloads\TeamViewer_Setup_de(2).exe

Some content of TEMP:
====================
C:\Users\USER_THIS_COMPUTER\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 00:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---


nochmals kurz zur info:

es dauert ungefähr eineinhalb minuten, bis der Willkommensbildschirm weg ist.
dann ca. zweieinhalb minuten bis Outlook startklar ist und eine knappe Minute, bis Firefox geladen ist. ISt das Normal (alle Programme wurden nacheinander gestartet)?

Gruß und besten Dank für die verständige Hilfe

Claus

Alt 10.11.2013, 19:52   #14
schrauber
/// the machine
/// TB-Ausbilder
 

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Standard

keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs



Taskmanager öffnen, auf den Reiter Autostart wechseln, alles deaktivieren was nit absolut notwendig ist.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs
bandoo, device driver, farbar, farbar recovery scan tool, flash player, hijack.startpage, homepage, ntdll.dll, pup.fakeflash.domaiq, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bandoo.a, pup.optional.browserprotect.a, pup.optional.datamngr.a, pup.optional.datamngrcoordinator.a, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.musicboxtoolbar.a, pup.optional.searchqu, pup.optional.wajam.a, registry, richtlinie, services.exe, spotify web helper, svchost.exe, win32/injector.aonn, win32/spy.zbot.aau



Ähnliche Themen: keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs


  1. Windows 7: Keine Berechtigung zum Herunterfahren des Rechners und zum Ausführen jeglicher Dateien
    Log-Analyse und Auswertung - 06.04.2015 (21)
  2. Windows 8: webcake + antivir Berechtigung fehlt
    Log-Analyse und Auswertung - 07.08.2013 (5)
  3. Nach Virus keine Berechtigung für externe Festplatte mehr
    Log-Analyse und Auswertung - 04.08.2013 (12)
  4. Perison Network Ltd will beim Computerstart berechtigung
    Log-Analyse und Auswertung - 17.06.2013 (3)
  5. Ausreichende Bereinigung nach GVU-Trojaner
    Log-Analyse und Auswertung - 14.03.2013 (13)
  6. Keine Berechtigung zum Löschen/Kopieren - einziger Administrator
    Log-Analyse und Auswertung - 25.06.2012 (5)
  7. Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (25)
  8. Kann nicht auf meine Programme zugreifen. Fehlende berechtigung!
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
  9. Virenscanner laufen nicht mehr, Zugriff verweigert, keine ausreichende Berechtigung
    Mülltonne - 22.07.2011 (1)
  10. "keine ausreichende Berechtigung"
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (16)
  11. "keine ausreichende Berechtigung"
    Alles rund um Windows - 08.12.2010 (4)
  12. Probleme im Bereich Berechtigung / Updates von files / Zugriff
    Plagegeister aller Art und deren Bekämpfung - 24.11.2010 (1)
  13. Fehlende Adminrechte - "Keine ausreichende Berechtigung, um auf Elemente zugreifen zu könnnen."
    Plagegeister aller Art und deren Bekämpfung - 17.11.2010 (55)
  14. Keine Berechtigung Windows 7
    Alles rund um Windows - 14.10.2010 (1)
  15. plötzlich "keine berechtigung" auf Programme (exe.dateien) aufzurufen
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (7)
  16. Nicht ausreichende Berechtigungen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2008 (1)
  17. WinXP: Warum User mit eingeschränkter Berechtigung?
    Alles rund um Windows - 22.10.2008 (2)

Zum Thema keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs - Hallo Experten, seit einiger Zeit wird mein Rechner verdächtig langsam, schaltet Anti Virensoftware ab verzägert eingaben bei google. Ich vermutete, dass das am instalierten "Ask Toolkit" lag und wollte dies - keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs...
Archiv
Du betrachtest: keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.