Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: VPN Verbindung nicht möglich, dll Probleme

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 24.11.2014, 15:49   #1
TOMROSSI
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Hallo,
es handelt sich hier um einen Rechner, der meiner Firma gehört. Ich arbeite zur Zeit damit im HomeOffice.
Heute bzw schon am Freitag hatte ich Problem mich via VPN ins Firmennetz einzuwählen, am Freitag hab ich hin bekommen, heute keine Chance.
Unser Admin hat das SFC Tool laufen lassen und das hat auch einige Dateien repariert, danach wollte ich den VPN Client neu installieren, leider ohne Erfolg, gleiches Verhalten kam wieder.
Ich lies dann Malwarebyte Anti Malware laufen und der hat dann viel Malware und Trojaner gefunden.

Ich doktere schon den ganzen Tag rum, bin gefrustet.
Hilfe!!!!!!

Deshalb hier der Mailware log:

HTML-Code:
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.11.2014
Suchlauf-Zeit: 13:06:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.24.05
Rootkit Datenbank: v2014.11.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: AGRTA

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 715237
Verstrichene Zeit: 34 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 19
Rootkit.Necurs.GO3, C:\WINDOWS\SYSTEM32\drivers\948c009beeecd7f2.sys, In Quarantäne, [c871e4545bcbf169108ea4da4b40ba92], 
Trojan.FakeMoz.ED, c:\Windows\Installer\{C24A7FD3-6800-1DC9-4755-21432632D727}\syshost.exe, Löschen bei Neustart, [6372c8764438a0967c6723bf4ab735cb], 
Backdoor.Agent.E, c:\ProgramData\syshost.exe, Löschen bei Neustart, [23b2c77789f3e84e1ab9143abc478e72], 
Backdoor.Agent.E, c:\Users\Default\AppData\Roaming\syshost.exe, Löschen bei Neustart, [7362a7976913c1756b68aba3b94a11ef], 
Backdoor.Agent.E, c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\syshost.exe, Löschen bei Neustart, [fadbff3fceae0036dcf7b19d659e9f61], 
Backdoor.Agent.E, c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\syshost.exe, Löschen bei Neustart, [459062dca2da171f13c0e06e0102827e], 
Backdoor.Agent.E, c:\Windows\System32\config\systemprofile\AppData\Roaming\syshost.exe, Löschen bei Neustart, [bc193e00d7a561d5399a3519f60d837d], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\syshost.exe, Löschen bei Neustart, [09cc5de1c4b8dc5a95726d2b42c12dd3], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\syshost.exe, Löschen bei Neustart, [993cf6485f1deb4b9f687e1a4fb4857b], 
Exploit.Drop.GS, c:\Windows\Temp\syshost.exe, Löschen bei Neustart, [7065bb83304c082ec740b5e3897a0bf5], 
Exploit.Drop.GSLAD, c:\Windows\ServiceProfiles\LocalService\AppData\Local\syshost.exe, Löschen bei Neustart, [f7de7fbfbbc10b2bc0408d0cc2419070], 
Exploit.Drop.GSLAD, c:\Windows\ServiceProfiles\NetworkService\AppData\Local\syshost.exe, Löschen bei Neustart, [a33288b6c1bb9d994eb206937d86e21e], 
Exploit.Drop.GSLAD, c:\Windows\System32\config\systemprofile\AppData\Local\syshost.exe, Löschen bei Neustart, [20b583bbcdafb086d828207926dd7d83], 
Exploit.Drop.GS, c:\Users\Default\syshost.exe, Löschen bei Neustart, [bd18c87698e438fe1b193663d42f56aa], 
Exploit.Drop.GS, c:\Users\Public\syshost.exe, Löschen bei Neustart, [eee7e9554f2d40f6c371adec748f9e62], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\LocalService\syshost.exe, Löschen bei Neustart, [7065201e304c2f07d163f7a230d32ed2], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\NetworkService\syshost.exe, Löschen bei Neustart, [cd081c22760663d3e54ffa9fda293ac6], 
Exploit.Drop.GS, c:\Windows\System32\config\systemprofile\syshost.exe, Löschen bei Neustart, [d401e5593745eb4b0c28efaa08fba060], 
Trojan.Downloader, c:\Windows\syshost.exe, Löschen bei Neustart, [1bba05396f0d0333ea141bc4f40fac54], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Danach bin nach Anweisung vorgegangen.

Der Defrogger sagte ich muß Admin sein, bin ich zwar aber der lief nicht korrekt denke ich

Dann der FRST64
HTML-Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by AGRTA (administrator) on MUCLB703 on 24-11-2014 14:49:02
Running from D:\Users\agrta\Desktop
Loaded Profile: AGRTA (Available profiles: AGRTA & Administrator)
Platform: Windows 7 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FSSOMA.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Avaya Inc.) C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(PTC Inc.) C:\Software\PTC Portmapper\i486_nt\obj\portmap.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(FrontRange Solutions Deutschland GmbH) C:\Program Files (x86)\NetInst\NiAiServ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Agfa ICS) C:\Program Files (x86)\Agfa\AgfaNiAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoJabberDriver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraShoreTelDriver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraNECDriver.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraMicrosoftLyncPresence.exe
(GN Netcom A/S) C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSametimeDriver.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-09-22] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-10-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AgfaNiAgnt] => C:\Program Files (x86)\Agfa\AgfaNiAgent.exe [110592 2013-10-21] (Agfa ICS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Software\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM-x32\...\Run: [!IBM Notes Browser Plugin IE Registration] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults" /v notes /t REG_DWORD /d 2 /f
HKLM-x32\...\Run: [IBM NBP Disable IE Popup Blocker] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1809 /t REG_DWORD /d 3 /f
HKLM-x32\...\Run: [IBM NBP Disable IE Protected Mode] => REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2500 /t REG_DWORD /d 3 /f
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [Real Desktop] => "C:\Program Files (x86)\Real Desktop\Real Desktop.exe"
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] => 0
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [HandleNetworkDrivesMUC] => wscript "C:\Program Files (x86)\Agfa\HandleNetworkDrivesMUC.vbs"
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Run: [DellSystemDetect] => D:\Users\agrta\AppData\Local\Apps\2.0\70NZO9R7.TXT\0ZZT65DC.EXQ\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Run: [PcSync] => C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.)
AppInit_DLLs: c:\progra~2\netinst\niamh.dll => c:\Program Files (x86)\NetInst\NiAMH.dll [56464 2011-06-08] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs:  aminit32.dll => aminit32.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\NetInst\NiA64.dll => C:\Program Files (x86)\NetInst\Nia64.dll [51784 2011-06-08] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs:  AMINIT64.DLL => C:\Windows\system32\AMINIT64.DLL [74576 2014-08-23] (Symantec Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NETINST\NIAMH.DLL => C:\Program Files (x86)\NetInst\NiAMH.dll [56464 2011-06-08] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs-x32:  AMINIT32.DLL => "AMINIT32.DLL" File Not Found
IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: D:\Users\agrta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk
ShortcutTarget: Real Desktop.lnk -> C:\Program Files (x86)\Real Desktop\Real Desktop.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk
ShortcutTarget: Bginfo.lnk -> C:\Program Files (x86)\Agfa\Bginfo.exe (Sysinternals)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jabra Device Service.lnk
ShortcutTarget: Jabra Device Service.lnk -> C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe (GN Netcom A/S)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3511276778-1135513112-1489944413-4718] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/webhp?hl=de
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intra.agfanet/
HKU\S-1-5-21-3511276778-1135513112-1489944413-4718\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3511276778-1135513112-1489944413-4718 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: IBM Notes Browser Plug-in -> {0E9EF4E6-4BF5-4350-95B6-EEB88E105783} -> C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho64.dll (IBM Corp)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: IBM Notes Browser Plug-in -> {0E9EF4E6-4BF5-4350-95B6-EEB88E105783} -> C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho.dll (IBM Corp)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Avaya one-X® Click-to-Dial Add-on -> {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} -> C:\Program Files (x86)\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll (Avaya Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKU\S-1-5-21-3511276778-1135513112-1489944413-4718 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM {82DBCFDB-5658-4CFB-B32B-0828247043C0} hxxp://pdmtrn01.be.local/Windchill/wtcore/jsp/wvs/download/x86e_win64_ie/pvvercheck_ie.cab
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://mail.agfa.net/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {3605B612-C3CF-4AB4-A426-2D853391DB2E} hxxp://morswh015.agfahealthcare.com:8080/qcbin/capicom.dll
DPF: HKLM-x32 {41520880-8342-3431-3684-140032321000} https://livelink.agfa.net/Livelink/livelink.exe?func=webdav.webdavxpi&filename=otdavview101.cab
DPF: HKLM-x32 {C3CBFE35-9BE8-11D1-B31B-006008948294} hxxp://aquire-codebase.vipasuite.com/codebase91/OrgPubX.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: HKLM-x32 {F53270D3-0E32-48B7-B63B-159E33210F70} https://livelink.agfa.net/img/webedit/lledit.cab
DPF: HKLM-x32 {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} hxxp://pdmapp01.be.local/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab
DPF: HKLM-x32 {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} hxxp://morswh015.agfahealthcare.com:8080/qcbin/Spider10.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: notes - {D10B24B3-B653-4E94-ABAF-B4FA22F2E4EA} - C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho64.dll (IBM Corp)
Handler-x32: notes - {D10B24B3-B653-4E94-ABAF-B4FA22F2E4EA} - C:\Program Files (x86)\IBM\Lotus\Notes\msie\nnotebho.dll (IBM Corp)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 14 C:\Windows\SysWOW64\nutafun4.dll [164232] (MKS Software Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\nutafun4.dll [164232] (MKS Software Inc.)
Winsock: Catalog9-x64 14 %SystemRoot%\system32\nutafun4.dll [205624] (MKS Software Inc.)
Winsock: Catalog9-x64 15 %SystemRoot%\system32\nutafun4.dll [205624] (MKS Software Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://intra.agfanet
FF NetworkProxy: "autoconfig_url", "hxxp://proxy-pac.ict:3132/"
FF NetworkProxy: "backup.ftp", "proxy.ict"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "proxy.ict"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "proxy.ict"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "proxy.ict"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy.ict"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "*.Smartpipes.Net,*.esm.uu.Net,*.Xapps.ops.us.uu.net,*.Worldcom.Net,*.mci.Net,pbk.mci.com,esmws1.mci.Com,*.agfa.be,*.local,*.agfanet,172.25.*.*,192.168.*.*,10.*.*.*,*.mitra.com,*.gwi-ag.com,*.gwi.fr,*.med.agfa.be,*.he.agfa.be,*.gandinnovations.com,*.jetiprinters.com,*.agfainkjet.com,epm.agfa.net,epm-reports.agfa.net,he-epm-europe.agfa.net,jenkins*.agfahealthcare.com,orbis-maven.agfahealthcare.com,trr*.agfahealthcare.com"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.ict"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.ict"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\MSCREATE.DIR
FF Extension: RadioTotal1  - D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5} [2014-11-14]
FF Extension: Creo View Version Checker - D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default\Extensions\{51154b97-c607-43f0-ad88-dda01a32a1e3} [2014-11-12]
FF Extension: Easy Youtube Video Downloader Express - D:\Users\agrta\AppData\Roaming\Mozilla\Firefox\Profiles\rmgnd5ek.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-01-01]
FF HKLM-x32\...\Firefox\Extensions: [{A0CBD44F-4031-4796-AFA8-6AD0FBE6BFED}] - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\Firefox
FF Extension: Avaya Extension - C:\Program Files (x86)\Avaya\Avaya one-X Communicator\Firefox [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [IBMNotesBrowserExtension@ibm.com] - C:\Program Files (x86)\IBM\Lotus\Notes\mozilla
FF Extension: IBM Notes Browser Plug-in Extension - C:\Program Files (x86)\IBM\Lotus\Notes\mozilla [2014-10-22]
FF Extension: No Name - IBMNotesBrowserExtension@ibm.com [Not Found]

Chrome: 
=======
CHR Profile: D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-16]
CHR Extension: (Google Wallet) - D:\Users\agrta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [314088 2014-08-14] (Symantec Corporation)
R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2966248 2014-08-14] (Symantec Corporation)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [630504 2014-08-14] (Symantec Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
S3 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [210424 2010-08-05] (FrontRange Solutions Deutschland GmbH)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [86034 2013-04-25] (Fortinet Inc.) [File not signed]
R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [5167208 2014-08-04] (IBM)
R2 IBM Notes Single Logon; C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe [57448 2013-10-15] (IBM Corp)
R2 iClarityQoSService; C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe [1657112 2013-09-06] (Avaya Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [19720 2009-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-09-22] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [178920 2009-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66896 2009-10-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2009-10-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R3 NIAIServ; C:\Program Files (x86)\NetInst\NiAiServ.exe [208024 2011-06-08] (FrontRange Solutions Deutschland GmbH)
S2 NiExServ; C:\Program Files (x86)\NetInst\NiExServ.exe [199832 2011-06-08] (FrontRange Solutions Deutschland GmbH)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 PortmapperService; C:\Software/PTC Portmapper/i486_nt/obj/portmap.exe [710144 2013-11-27] (PTC Inc.) [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-04-30] (VMware, Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-12-11] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-24] (Emsisoft GmbH)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2013-02-27] (Intel(R) Corporation) [File not signed]
S3 mdf16; D:\Users\agrta\AppData\Local\Temp\mdf16.sys [20400 2014-03-05] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2009-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [119968 2009-10-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469144 2009-10-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [77104 2009-10-22] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83784 2009-10-22] (McAfee, Inc.)
S3 mvd23; D:\Users\agrta\AppData\Local\Temp\mvd23.sys [99248 2014-03-05] ()
S3 nmwcdsacjx64; C:\Windows\System32\drivers\nmwcdsacjx64.sys [17408 2007-05-02] (Nokia)
S3 nmwcdsacx64; C:\Windows\System32\drivers\nmwcdsacx64.sys [12288 2007-05-02] (Nokia)
S3 nmwcdsax64; C:\Windows\System32\drivers\nmwcdsax64.sys [171008 2007-05-02] (Nokia)
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjxpx64.sys [74656 2011-01-04] (O2Micro )
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31344 2012-04-30] (VMware, Inc.)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 14:49 - 2014-11-24 14:49 - 00028876 _____ () D:\Users\agrta\Desktop\FRST.txt
2014-11-24 14:48 - 2014-11-24 14:49 - 00000000 ____D () C:\FRST
2014-11-24 14:48 - 2014-11-24 14:48 - 02118144 _____ (Farbar) D:\Users\agrta\Desktop\FRST64.exe
2014-11-24 14:43 - 2014-11-24 14:42 - 00380416 _____ () D:\Users\agrta\Desktop\2w57m171.exe
2014-11-24 14:42 - 2014-11-24 14:38 - 00050477 _____ () D:\Users\agrta\Desktop\Defogger.exe
2014-11-24 13:57 - 2014-11-24 13:57 - 00000677 _____ () D:\Users\agrta\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-24 13:57 - 2014-11-24 13:57 - 00000000 ____D () C:\EEK
2014-11-24 13:43 - 2014-11-24 13:43 - 00003284 _____ () C:\mbm.txt
2014-11-24 12:35 - 2014-11-24 13:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 12:35 - 2014-11-24 12:35 - 00000984 _____ () D:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-24 12:35 - 2014-11-24 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 12:35 - 2014-11-24 12:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-24 12:35 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 12:35 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 12:35 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 12:00 - 2014-11-24 12:00 - 00000000 ____D () C:\Windows\467D5E81834948929E81C3674ED8E451.TMP
2014-11-24 11:52 - 2011-04-28 04:58 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-11-24 11:52 - 2011-04-28 04:58 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2014-11-24 11:52 - 2009-07-14 02:52 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-11-24 11:52 - 2009-07-14 02:52 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys
2014-11-24 11:52 - 2009-07-14 02:48 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2014-11-24 11:52 - 2009-07-14 02:48 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2014-11-24 11:52 - 2009-07-14 02:48 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2014-11-24 11:52 - 2009-07-14 02:48 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2014-11-24 11:52 - 2009-07-14 02:47 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-11-24 11:52 - 2009-07-14 02:45 - 00294992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-24 11:52 - 2009-07-14 02:45 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-11-24 11:52 - 2009-07-14 02:45 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2014-11-24 11:52 - 2009-07-14 02:45 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2014-11-24 11:52 - 2009-07-14 02:45 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2014-11-24 11:52 - 2009-07-14 02:01 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-11-24 11:52 - 2009-07-14 01:38 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-11-24 11:52 - 2009-07-14 01:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys
2014-11-24 11:52 - 2009-07-14 01:07 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-11-24 11:52 - 2009-07-14 01:07 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-11-24 11:52 - 2009-07-14 01:07 - 00184576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-24 11:52 - 2009-07-14 01:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-11-24 11:52 - 2009-07-14 01:06 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2014-11-24 11:52 - 2009-07-14 01:00 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2014-11-24 11:52 - 2009-07-14 01:00 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2014-11-24 11:52 - 2009-07-14 01:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2014-11-24 11:52 - 2009-07-14 01:00 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2014-11-24 11:52 - 2009-07-14 01:00 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2014-11-24 11:52 - 2009-07-14 00:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2014-11-24 11:52 - 2009-07-14 00:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys
2014-11-24 11:52 - 2009-07-14 00:31 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys
2014-11-24 11:52 - 2009-07-14 00:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2014-11-24 11:52 - 2009-07-14 00:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2014-11-24 11:52 - 2009-07-14 00:19 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2014-11-24 11:52 - 2009-07-14 00:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2014-11-24 11:26 - 2014-11-24 11:27 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-11-24 09:05 - 2014-11-24 09:05 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\Oracle
2014-11-24 09:05 - 2014-11-24 09:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-24 09:04 - 2014-11-24 09:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-24 09:04 - 2014-11-24 09:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-24 09:04 - 2014-11-24 09:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-12 09:50 - 2014-11-24 14:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 09:50 - 2014-11-24 14:07 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 09:50 - 2014-11-16 10:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 09:50 - 2014-11-16 10:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-10 12:30 - 2014-11-10 12:30 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-11-10 12:30 - 2014-11-10 12:30 - 00001908 _____ () C:\Windows\diagerr.xml
2014-11-06 14:05 - 2014-11-06 14:05 - 00000000 ____D () D:\Users\agrta\Documents\20141106-DRP Procedure Concept_Demo_Info(1805053632)
2014-11-05 11:00 - 2014-11-05 11:00 - 00000168 _____ () D:\Users\agrta\Desktop\Document Details - CS110760.url
2014-11-05 10:42 - 2014-11-05 10:42 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Adobe
2014-11-05 10:37 - 2014-11-05 10:37 - 00001089 _____ () D:\Users\ar_agrta\Documents\_Data.lnk
2014-11-05 10:37 - 2014-11-05 10:37 - 00000738 _____ () D:\Users\ar_agrta\Desktop\Windows Explorer.lnk
2014-11-05 10:37 - 2014-11-05 10:37 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Go_Online
2014-11-05 10:34 - 2014-11-05 10:34 - 00100208 _____ () D:\Users\ar_agrta\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 10:34 - 2014-11-05 10:34 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Creative
2014-11-05 10:34 - 2014-11-05 10:34 - 00000000 ____D () D:\Users\ar_agrta\AppData\Local\GN_Netcom_A_S
2014-11-05 10:33 - 2014-11-05 10:33 - 00001303 _____ () D:\Users\ar_agrta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-05 10:33 - 2014-11-05 10:33 - 00001281 _____ () D:\Users\ar_agrta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-05 10:33 - 2014-11-05 10:33 - 00000000 ____D () D:\Users\ar_agrta\AppData\Roaming\Intel
2014-11-05 10:33 - 2014-11-05 10:33 - 00000000 ____D () D:\Users\ar_agrta\AppData\Local\Google
2014-11-04 15:53 - 2014-11-04 15:53 - 00001584 _____ () D:\Users\agrta\.recently-used.xbel
2014-11-02 11:17 - 2014-11-02 11:17 - 00283952 _____ () C:\Windows\Minidump\110214-22885-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 14:49 - 2013-02-05 16:38 - 00000000 ____D () C:\TEMP
2014-11-24 14:44 - 2013-02-22 11:49 - 00000000 ____D () C:\ProgramData\VMware
2014-11-24 14:44 - 2013-02-06 07:06 - 00262914 _____ () C:\SUService.log
2014-11-24 14:44 - 2013-02-05 16:42 - 00150316 _____ () C:\Windows\PFRO.log
2014-11-24 14:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 14:44 - 2009-07-14 05:51 - 00006468 _____ () C:\Windows\setupact.log
2014-11-24 14:43 - 2013-02-13 08:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-24 14:43 - 2013-02-05 16:28 - 01054962 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 14:43 - 2009-07-14 06:13 - 00796846 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 13:53 - 2009-07-14 05:45 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 13:53 - 2009-07-14 05:45 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 13:46 - 2013-02-18 15:55 - 00000000 ____D () D:\Users\agrta\AppData\Local\PasswordSafe
2014-11-24 13:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins
2014-11-24 12:18 - 2013-12-03 10:59 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\Skype
2014-11-24 12:07 - 2013-02-05 17:57 - 00001615 _____ () C:\Windows\VPNInstall.MIF
2014-11-24 11:27 - 2013-02-05 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agfa
2014-11-24 11:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-24 09:05 - 2013-12-06 10:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-21 15:17 - 2013-02-05 16:43 - 00001088 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-21 15:02 - 2013-08-23 07:24 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-11-21 15:02 - 2013-02-06 06:58 - 00000000 ____D () D:\Users\agrta
2014-11-21 14:56 - 2013-02-05 16:38 - 00000000 ____D () C:\Windows\Agfa
2014-11-21 09:38 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-20 10:47 - 2013-02-07 09:55 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\TightVNC
2014-11-19 10:19 - 2013-02-05 16:46 - 00000000 ____D () C:\Program Files (x86)\NetInst
2014-11-13 06:56 - 2013-02-06 08:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 09:51 - 2014-10-16 07:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 09:51 - 2014-07-01 12:50 - 00002057 _____ () D:\Users\Public\Desktop\Google Chrome.lnk
2014-11-12 09:51 - 2013-02-06 08:16 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-10 12:30 - 2009-07-14 05:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 13:53 - 2013-10-15 07:14 - 00002060 ____H () D:\Users\agrta\Documents\Default.rdp
2014-11-05 15:58 - 2013-02-06 11:08 - 00000000 ____D () D:\Users\agrta\AppData\Roaming\webex
2014-11-05 15:58 - 2013-02-06 10:18 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-05 14:35 - 2012-04-27 10:06 - 00000000 ____D () C:\AgfaStTraining
2014-11-05 10:37 - 2013-02-12 09:53 - 00000146 ___SH () D:\Users\ar_agrta\ntuser.ini
2014-11-05 10:37 - 2013-02-12 09:53 - 00000000 ____D () D:\Users\ar_agrta
2014-11-05 10:33 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-05 10:05 - 2013-02-06 15:27 - 00000000 ____D () D:\Users\agrta\Documents\Snagit
2014-11-04 15:57 - 2013-07-24 14:15 - 00000000 ____D () D:\Users\agrta\.gimp-2.6
2014-11-04 15:20 - 2013-12-02 21:16 - 00000119 _____ () D:\Users\Public\Documents\std.out
2014-11-04 15:20 - 2013-11-28 08:13 - 00000112 _____ () D:\Users\Public\Documents\std.err
2014-11-02 11:17 - 2013-05-21 21:41 - 913669225 _____ () C:\Windows\MEMORY.DMP
2014-11-02 11:17 - 2013-05-21 21:41 - 00000000 ____D () C:\Windows\Minidump
2014-10-31 07:37 - 2013-08-14 12:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-31 07:37 - 2013-08-14 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-30 14:18 - 2013-09-25 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-30 14:15 - 2013-08-14 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-30 13:25 - 2013-02-06 08:07 - 00000000 ____D () C:\Signature
2014-10-28 13:54 - 2013-02-13 08:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-28 13:54 - 2013-02-13 08:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-28 13:54 - 2013-02-05 17:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\eDViewer.exe


Some content of TEMP:
====================
D:\Users\agrta\AppData\Local\Temp\3wdteqo1.dll
D:\Users\agrta\AppData\Local\Temp\5pz0fnkm.dll
D:\Users\agrta\AppData\Local\Temp\atgpcdec.dll
D:\Users\agrta\AppData\Local\Temp\cso2llle.dll
D:\Users\agrta\AppData\Local\Temp\csvrelay32.dll
D:\Users\agrta\AppData\Local\Temp\csvrelay64.dll
D:\Users\agrta\AppData\Local\Temp\fbx15e1o.dll
D:\Users\agrta\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
D:\Users\agrta\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
D:\Users\agrta\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
D:\Users\agrta\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
D:\Users\agrta\AppData\Local\Temp\Portable SecretZone.exe
D:\Users\agrta\AppData\Local\Temp\SAP_AGFA_730_20131007_1613.exe
D:\Users\s6_amywi\AppData\Local\Temp\InstallAX.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 10:25

==================== End Of Log ============================

[HTML]
Danach GMER
HTML-Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-24 15:08:12
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0005 465,76GB
Running: 2w57m171.exe; Driver: D:\Users\agrta\AppData\Local\Temp\fwloypod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                    0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                   00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                      0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                     00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Program Files (x86)\Fortinet\FortiClient\FSSOMA.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\Fortinet\FortiClient\FSSOMA.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[2244] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                          0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[2244] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                         00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                        0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2372] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                       00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Software\PTC Portmapper\i486_nt\obj\portmap.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000077651465 2 bytes [65, 77]
.text  C:\Software\PTC Portmapper\i486_nt\obj\portmap.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26                                                                                                 00000000716e13c6 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74                                                                                                 00000000716e13f6 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257                                                                                                00000000716e14ad 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303                                                                                                00000000716e14db 2 bytes [6E, 71]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79                                                                                                 00000000716e1577 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175                                                                                                00000000716e15d7 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620                                                                                                00000000716e1794 2 bytes [6E, 71]
.text  C:\Windows\SysWOW64\vmnat.exe[2768] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921                                                                                                00000000716e18c1 2 bytes [6E, 71]
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Windows\SysWOW64\RunDll32.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                             0000000077651465 2 bytes [65, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[6092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                            00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe[6168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000077651465 2 bytes [65, 77]
.text  C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe[6168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe[4980] C:\Windows\syswow64\kernel32.dll!UnhandledExceptionFilter                                                   0000000076f49775 16 bytes JMP 000000010031e980
.text  C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000077651465 2 bytes [65, 77]
.text  C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2
.text  D:\Users\agrta\Desktop\2w57m171.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000077651465 2 bytes [65, 77]
.text  D:\Users\agrta\Desktop\2w57m171.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                         00000000776514bb 2 bytes [65, 77]
.text  ...                                                                                                                                                                                        * 2

---- User IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\system32\mfevtps.exe[2400] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA]                                                                                         [140006aa8] C:\Windows\system32\mfevtps.exe
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExA]                                                                                                       [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!GetProcAddress]                                                                                                       [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryW]                                                                                                         [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExW]                                                                                                       [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryA]                                                                                                         [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW]                                                                                              [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA]                                                                                                [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW]                                                                                                [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExA]                                                                                              [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryExW]                                                                                                 [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryA]                                                                                                   [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryW]                                                                                                   [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExW]                                                                                                [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryW]                                                                                                  [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress]                                                                                                [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW]                                                                                                 [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA]                                                                                                 [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW]                                                                                               [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress]                                                                                               [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA]                                                                                               [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryW]                                                                                                 [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA]                                                                                                 [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA]                                                                                                   [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW]                                                                                                   [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA]                                                                                              [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW]                                                                                                [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA]                                                                                                [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExA]                                                                                         [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryA]                                                                                           [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!GetProcAddress]                                                                                         [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryW]                                                                                           [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExW]                                                                                         [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryA]                                                                                                   [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                 [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryW]                                                                                                   [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExW]                                                                                                 [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                 [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!LoadLibraryW]                                                                                                   [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                 [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryW]                                                                                                   [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExW]                                                                                                 [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExA]                                                                                               [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress]                                                                                               [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryW]                                                                                                 [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExW]                                                                                               [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExW]                                                                                              [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!GetProcAddress]                                                                                              [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExA]                                                                                              [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExA]                                                                                              [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryA]                                                                                                [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExW]                                                                                              [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress]                                                                                              [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryW]                                                                                                [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress]                                                                                              [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!LoadLibraryExA]                                                                                              [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress]                                                                                                [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\slc.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                   [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\slc.dll[KERNEL32.dll!GetProcAddress]                                                                                                   [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\slc.dll[KERNEL32.dll!LoadLibraryW]                                                                                                     [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!LoadLibraryA]             [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!LoadLibraryW]             [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!GetProcAddress]           [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\gdiplus.dll[KERNEL32.dll!LoadLibraryExW]           [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!LoadLibraryExA]                                                                                               [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress]                                                                                               [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExW]                                                                                               [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryW]                                                                                                 [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress]                                                                                               [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExA]                                                                                               [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryA]                                                                                                 [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryW]                                                                                                 [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!GetProcAddress]                                                                                               [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryExW]                                                                                               [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!LoadLibraryW]    [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!LoadLibraryExW]  [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!LoadLibraryExA]  [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll[KERNEL32.dll!GetProcAddress]  [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryExA]                                                                                         [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!GetProcAddress]                                                                                         [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryW]                                                                                           [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!GetProcAddress]                                                                                      [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!LoadLibraryExA]                                                                                      [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExA]                                                                                             [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!GetProcAddress]                                                                                             [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExW]                                                                                             [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress]                                                                                               [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!LoadLibraryExA]                                                                                               [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                 [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryA]                                                                                                   [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExW]                                                                                                 [70001041a60] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress]                                                                                                 [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryW]                                                                                                   [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!GetProcAddress]                                                                                                [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryExA]                                                                                              [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryA]                                                                                                [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress]                                                                                              [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryW]                                                                                                [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\SXS.DLL[KERNEL32.dll!LoadLibraryW]                                                                                                     [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryExA]                                                                                                [700010419e4] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryW]                                                                                                  [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress]                                                                                                [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryW]                                                                                                [7000104197c] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryA]                                                                                                [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!GetProcAddress]                                                                                              [70001041adc] C:\Program Files (x86)\NetInst\NiApmg64.dll
IAT    C:\Windows\Explorer.EXE[4076] @ C:\Windows\system32\imagehlp.dll[KERNEL32.dll!LoadLibraryA]                                                                                                [70001041914] C:\Program Files (x86)\NetInst\NiApmg64.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543500ef2                                                                                                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543500ef2 (not active ControlSet)                                                                                            

---- EOF - GMER 2.1 ----
Hoffe Ihr könnt mir helfen, danke schon mal
Thomas

Alt 24.11.2014, 15:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Hi,

Zitat:
Ich doktere schon den ganzen Tag rum, bin gefrustet.
Angesicherts der Backdoor-Funde solltest du dringend die Kiste neu aufsetzen lassen
__________________

__________________

Alt 24.11.2014, 16:14   #3
TOMROSSI
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Danke für die schnelle Antwort, das hab ich mir schon gedacht, ich komme nur diese Woche nicht mehr dazu und soll doch noch von Zuhause arbeiten, kann man das die Woche nicht mehr, ich sag mal notdürftig kitten?
__________________

Alt 24.11.2014, 23:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Keine Bereinigung kann dir garantieren, dass das VPN danach vernünftig wieder läuft
Du kommst eh nicht drum herum die Kiste neu aufsetzen zu lassen also mach es gleich
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.11.2014, 08:59   #5
TOMROSSI
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Hi
dank Euch, die VPN läuft wieder, warum auch immer. Natürlich werde ich die Kiste neu aufsetzen lassen, danke nochmal


Alt 25.11.2014, 09:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Du solltest wirklich nicht allzu lange warten...

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.
__________________
--> VPN Verbindung nicht möglich, dll Probleme

Alt 25.11.2014, 13:26   #7
TOMROSSI
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Hi
wenn ich Malwarebytes Anti Malware laufen lasse, dann findet er nix mehr.
Ist der Backdoor Schädling jetzt weg? Kann ich noch was checken?

Alt 25.11.2014, 16:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
VPN Verbindung nicht möglich, dll Probleme - Standard

VPN Verbindung nicht möglich, dll Probleme



Nein so einfach ist die Welt nicht...wenn es so einfach wäre, würde das TB ziemlich sinnfrei sein


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu VPN Verbindung nicht möglich, dll Probleme
backdoor.agent.e, browser, exploit.drop.gs, exploit.drop.gslad, explorer, flash player, google, homepage, iexplore.exe, neustart, rootkit.necurs.go3, schutz, services.exe, software, svchost.exe, symantec, trojan.downloader, trojan.fakemoz.ed, trojaner, windows, wscript



Ähnliche Themen: VPN Verbindung nicht möglich, dll Probleme


  1. Dubiose Probleme: LAN/WLAN und Firewall, installieren neuer Programme nicht möglich
    Log-Analyse und Auswertung - 09.09.2015 (6)
  2. Verbindung zu vielen Internetseiten nicht möglich
    Netzwerk und Hardware - 19.06.2015 (5)
  3. Windows 7 Rechner ging plötzlich aus Verbindung zu Monitor, Tastatur und Maus nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 07.01.2015 (7)
  4. Windows 8.1 verbindung zu Pfad nicht möglich
    Alles rund um Windows - 12.06.2014 (7)
  5. Verbindung zu Update/ Download Servern nicht möglich
    Log-Analyse und Auswertung - 14.11.2013 (2)
  6. Verbindung mit dem WLAN Netzwerk nicht mehr möglich - ständig Netzwerkidentifizierung
    Alles rund um Windows - 08.06.2013 (6)
  7. System 32 Probleme// Nach Neustart nicht mehr möglich die Festplatte mit dem Betriebsystem zu starten
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (1)
  8. Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (10)
  9. Modemrouter wird nicht erkannt, keine LAN Verbindung möglich, garnichts geht!
    Netzwerk und Hardware - 18.08.2012 (3)
  10. Akm-Trojaner am Pc und die dazugehörenden Probleme (CD auswerfen nicht möglich)
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (4)
  11. keine internet verbindung mehr möglich.
    Netzwerk und Hardware - 09.07.2012 (3)
  12. Keine Verbindung zu versch. Servern möglich
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (2)
  13. Wlan-Verbindung nicht möglich
    Alles rund um Windows - 28.12.2011 (3)
  14. IE verbindung nicht möglich - Firefox schon!
    Alles rund um Windows - 18.09.2011 (8)
  15. Windows-Updates nicht möglich (Fehlercode 80072EFE) & Probleme beim Herunterfahren
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (3)
  16. Keine Verbindung zu Hauptservern mehr möglich...
    Log-Analyse und Auswertung - 09.11.2009 (1)
  17. Keiner Verbindung zum Internet möglich
    Netzwerk und Hardware - 09.07.2008 (1)

Zum Thema VPN Verbindung nicht möglich, dll Probleme - Hallo, es handelt sich hier um einen Rechner, der meiner Firma gehört. Ich arbeite zur Zeit damit im HomeOffice. Heute bzw schon am Freitag hatte ich Problem mich via VPN - VPN Verbindung nicht möglich, dll Probleme...
Archiv
Du betrachtest: VPN Verbindung nicht möglich, dll Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.