![]() |
|
Log-Analyse und Auswertung: Win7: Iminent läßt sich nicht löschen...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Win7: Iminent läßt sich nicht löschen... Hallo, ich habe mir irgendwie Iminent auf meinen Laptop gezogen und bin bei der Recherche auf eurer Forum und den den Thread: "Iminent lässt sich nicht entfernen" von vor einem Jahr gestoßen (www.trojaner-board.de/129808-iminent-laesst-entfernen-2.html). Wenn ich das richtig verstanden habe, reicht es nicht die Schritte alleine durch zu führen sondern lieber mit einem Profie :-D Ich hoffe ihr könnt mir weiterhelfen? Hier meine FRST Datei: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by Mobil Media (administrator) on MOBILMEDIA-PC on 07-01-2014 11:15:14 Running from C:\Users\Mobil Media\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (HP) C:\Windows\System32\HPSIsvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (McAfee, Inc.) D:\Programme\Common Framework\FrameworkService.exe (McAfee, Inc.) D:\Programme\McAfee\vstskmgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe (McAfee, Inc.) D:\Programme\McAfee\mfeann.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe () C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe (McAfee, Inc.) D:\Programme\Common Framework\naPrdMgr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe () C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (McAfee, Inc.) D:\Programme\Common Framework\UdaterUI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (McAfee, Inc.) D:\Programme\Common Framework\McTray.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (McAfee, Inc.) D:\Programme\McAfee\shstat.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.) HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [388600 2013-04-15] (Lenovo Group Limited) HKLM\...\Run: [PasswordManager] - C:\Program Files\Lenovo\Password Manager\password_manager.exe [3091256 2011-12-26] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-09-03] (Synaptics Incorporated) HKLM-x32\...\Run: [McAfeeUpdaterUI] - D:\Programme\Common Framework\UdaterUI.exe [333416 2012-09-05] (McAfee, Inc.) HKLM-x32\...\Run: [ShStatEXE] - D:\Programme\McAfee\shstat.exe [215656 2012-08-14] (McAfee, Inc.) HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-27] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6619432 2013-09-03] (Lenovo Group Limited) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-10] () HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Mobil Media\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l MountPoints2: {d6e7631f-2ae0-11e3-8005-e89a8fafb3f6} - F:\SISetup.exe AppInit_DLLs: [ ] () AppInit_DLLs-x32: [ ] () Startup: C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=hp&installDate=23/10/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49645283C9BDCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013 URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013 SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013 BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130926161453.dll (McAfee, Inc.) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: HDvid Codec V1 - {11111111-1111-1111-1111-110311431162} - C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-bho.dll (installdaddy) BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130926161453.dll (McAfee, Inc.) BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default FF user.js: detected! => C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default\user.js FF SelectedSearchEngine: StartWeb FF Homepage: hxxp://start.iminent.com/?appId=06E9FC18-98D5-4A5A-A47A-C0348F08D7C6 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillancePlugin - C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.64\npSurveillancePlugin.dll (Synology) FF Extension: Torntv V6.0 - C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com FF Extension: Search in Google Scholar - C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default\Extensions\vincent.piras@gmail.com.xpi FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe Chrome: ======= CHR HKLM\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx CHR HKLM-x32\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx ==================== Services (Whitelisted) ================= R2 McAfeeFramework; D:\Programme\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-09-26] (McAfee, Inc.) R2 McTaskManager; D:\Programme\McAfee\vstskmgr.exe [210056 2012-08-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-09-26] (McAfee, Inc.) R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited) R2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [66848 2013-12-07] () R2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [66848 2013-12-26] () R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-09-26] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-09-26] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-09-26] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-09-26] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-09-26] (McAfee, Inc.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows (R) Win 7 DDK provider) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-07 11:15 - 2014-01-07 11:16 - 00018312 _____ C:\Users\Mobil Media\Downloads\FRST.txt 2014-01-07 11:15 - 2014-01-07 11:15 - 00000000 ____D C:\FRST 2014-01-07 11:14 - 2014-01-07 11:14 - 01931762 _____ (Farbar) C:\Users\Mobil Media\Downloads\FRST64.exe 2014-01-07 11:13 - 2014-01-07 11:13 - 00000484 _____ C:\Users\Mobil Media\Downloads\defogger_disable.log 2014-01-07 11:13 - 2014-01-07 11:13 - 00000000 _____ C:\Users\Mobil Media\defogger_reenable 2014-01-07 11:12 - 2014-01-07 11:12 - 00050477 _____ C:\Users\Mobil Media\Downloads\Defogger.exe 2014-01-07 07:15 - 2014-01-07 07:15 - 00000056 _____ C:\Windows\setupact.log 2014-01-07 07:15 - 2014-01-07 07:15 - 00000000 _____ C:\Windows\setuperr.log 2014-01-07 00:58 - 2014-01-07 11:14 - 00039715 _____ C:\Windows\WindowsUpdate.log 2014-01-01 14:44 - 2014-01-01 14:44 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\elsterformular 2014-01-01 14:43 - 2014-01-01 14:44 - 00000000 ____D C:\ProgramData\elsterformular 2014-01-01 14:43 - 2014-01-01 14:43 - 00001233 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-01 14:43 - 2014-01-01 14:43 - 00000000 ____D C:\Program Files (x86)\ElsterFormular 2014-01-01 14:40 - 2014-01-01 14:42 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\Mobil Media\Downloads\ElsterFormular-14.4.20130909p.exe 2013-12-30 20:51 - 2013-12-30 20:51 - 03257476 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_Version2.wav 2013-12-30 20:51 - 2013-12-30 20:51 - 02249860 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_120713.wav 2013-12-30 20:35 - 2013-12-30 20:35 - 01110476 _____ C:\Users\Mobil Media\Downloads\7z920.exe 2013-12-30 20:15 - 2013-12-30 20:15 - 03571656 _____ (Piriform Ltd) C:\Users\Mobil Media\Downloads\ccsetup409_slim.exe 2013-12-30 19:57 - 2013-12-30 19:58 - 13976557 _____ C:\Users\Mobil Media\Downloads\Intro.zip 2013-12-30 19:56 - 2013-12-30 19:56 - 03944505 _____ C:\Users\Mobil Media\Downloads\Version 2.zip 2013-12-29 17:38 - 2013-12-29 17:41 - 100242441 _____ (Realtek Semiconductor Corp.) C:\Users\Mobil Media\Downloads\32bit_Win7_Win8_Win81_R273.exe 2013-12-26 00:18 - 2014-01-07 10:29 - 00005489 _____ C:\Users\Mobil Media\daemonprocess.txt 2013-12-26 00:18 - 2014-01-07 07:16 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\newnext.me 2013-12-26 00:18 - 2013-12-27 10:11 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\cache 2013-12-26 00:18 - 2013-12-26 00:34 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\Mobogenie 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\Documents\Mobogenie 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\genienext 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\.android 2013-12-26 00:17 - 2013-12-27 10:24 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-26 00:16 - 2013-12-26 00:16 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\BeamriseUninstall 2013-12-26 00:14 - 2014-01-07 07:46 - 00000000 ____D C:\Program Files (x86)\SecretSauce 2013-12-26 00:13 - 2014-01-07 07:16 - 00002184 _____ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job 2013-12-26 00:13 - 2014-01-07 07:16 - 00001308 _____ C:\Windows\Tasks\Torntv V6.0-updater.job 2013-12-26 00:13 - 2013-12-26 00:13 - 00004338 _____ C:\Windows\System32\Tasks\Torntv V6.0-updater 2013-12-26 00:13 - 2013-12-26 00:13 - 00000852 _____ C:\Users\Mobil Media\Desktop\TornTV.lnk 2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com 2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\TornTV.com 2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\Torntv V6.0 2013-12-26 00:11 - 2013-12-26 00:11 - 00444440 _____ C:\Users\Mobil Media\Downloads\Die_Siedler_Von_Catan_Die_Erste_Insel.exe 2013-12-25 23:53 - 2013-12-25 23:53 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Cities3D 2013-12-25 23:52 - 2013-12-25 23:52 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cities Online 2013-12-22 22:05 - 2013-12-22 22:05 - 00000000 ____D C:\Users\Mobil Media\Desktop\Transferordner 2013-12-21 15:04 - 2013-12-22 21:59 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos Fotoaperat 2013-12-21 15:04 - 2013-12-21 15:04 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos digicam unsortirt 2013-12-17 00:08 - 2014-01-07 00:58 - 00000000 ____D C:\Users\Mobil Media\Desktop\DMK 2013-12-13 08:48 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-13 08:48 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-13 08:48 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-13 08:48 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-13 08:46 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-13 08:46 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-13 08:46 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-13 08:46 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-13 08:46 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-13 08:46 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-13 08:46 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-13 08:46 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-13 08:46 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-13 08:46 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-13 08:46 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-13 08:46 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-13 08:46 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-13 08:46 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-13 08:46 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-13 08:46 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-13 08:46 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-13 08:46 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-13 08:46 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-13 08:46 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-13 08:46 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-13 08:46 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-13 08:46 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-13 08:46 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-13 08:46 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-13 08:46 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-13 08:46 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-13 08:46 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-13 08:46 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-13 08:46 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-13 08:46 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 22:40 - 2013-12-12 22:41 - 08861848 _____ C:\Users\Mobil Media\Downloads\SynologyAssistantSetup-4.3-4359.exe 2013-12-12 09:44 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 09:44 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 09:44 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 09:44 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-12 09:44 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 09:44 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 09:44 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 09:44 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 09:44 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 09:43 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 09:43 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 09:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-12 09:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 09:43 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 09:43 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 09:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-12 09:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 09:43 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 09:43 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Users\Public\Juniper Networks 2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-12-09 17:01 - 2013-02-18 13:30 - 00590952 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll 2013-12-09 17:01 - 2013-02-18 13:30 - 00423016 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll 2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Sun 2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Oracle 2013-12-09 16:58 - 2013-12-09 16:57 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-09 16:58 - 2013-12-09 16:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-09 16:58 - 2013-12-09 16:57 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-09 16:58 - 2013-12-09 16:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-09 16:57 - 2013-12-09 16:57 - 00000000 ____D C:\Program Files (x86)\Java 2013-12-09 16:56 - 2013-12-09 16:56 - 00915368 _____ (Oracle Corporation) C:\Users\Mobil Media\Downloads\jxpiinstall.exe 2013-12-09 16:54 - 2013-12-09 16:54 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller(1).exe 2013-12-09 10:59 - 2013-12-09 17:06 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Juniper Networks 2013-12-09 10:59 - 2013-12-09 10:59 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller.exe 2013-12-09 10:49 - 2013-12-09 10:56 - 00000000 ____D C:\Program Files\OpenVPN 2013-12-09 10:47 - 2013-12-09 10:47 - 01722556 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.1-x86_64-cms.exe 2013-12-09 10:47 - 2013-12-09 10:47 - 00004839 _____ C:\Users\Mobil Media\Downloads\hu-ca.crt 2013-12-09 10:47 - 2013-12-09 10:47 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin(1).ovpn 2013-12-09 10:47 - 2013-12-09 10:47 - 00000637 _____ C:\Users\Mobil Media\Downloads\hu-ta.key 2013-12-09 10:45 - 2013-12-09 10:45 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin.ovpn 2013-12-09 10:27 - 2013-12-09 10:27 - 01757632 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.2-I003-x86_64.exe ==================== One Month Modified Files and Folders ======= 2014-01-07 11:16 - 2014-01-07 11:15 - 00018312 _____ C:\Users\Mobil Media\Downloads\FRST.txt 2014-01-07 11:15 - 2014-01-07 11:15 - 00000000 ____D C:\FRST 2014-01-07 11:15 - 2013-09-27 16:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-07 11:14 - 2014-01-07 11:14 - 01931762 _____ (Farbar) C:\Users\Mobil Media\Downloads\FRST64.exe 2014-01-07 11:14 - 2014-01-07 00:58 - 00039715 _____ C:\Windows\WindowsUpdate.log 2014-01-07 11:13 - 2014-01-07 11:13 - 00000484 _____ C:\Users\Mobil Media\Downloads\defogger_disable.log 2014-01-07 11:13 - 2014-01-07 11:13 - 00000000 _____ C:\Users\Mobil Media\defogger_reenable 2014-01-07 11:13 - 2013-09-26 11:46 - 00000000 ____D C:\Users\Mobil Media 2014-01-07 11:12 - 2014-01-07 11:12 - 00050477 _____ C:\Users\Mobil Media\Downloads\Defogger.exe 2014-01-07 10:51 - 2013-09-26 14:52 - 00000000 ____D C:\Users\Mobil Media\Desktop\Organisation 2014-01-07 10:41 - 2013-09-27 23:42 - 00000000 ____D C:\Program Files (x86)\IminentToolbar 2014-01-07 10:29 - 2013-12-26 00:18 - 00005489 _____ C:\Users\Mobil Media\daemonprocess.txt 2014-01-07 07:46 - 2013-12-26 00:14 - 00000000 ____D C:\Program Files (x86)\SecretSauce 2014-01-07 07:23 - 2009-07-14 18:58 - 00699342 _____ C:\Windows\system32\perfh007.dat 2014-01-07 07:23 - 2009-07-14 18:58 - 00149450 _____ C:\Windows\system32\perfc007.dat 2014-01-07 07:23 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-07 07:23 - 2009-07-14 05:45 - 00014784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-07 07:23 - 2009-07-14 05:45 - 00014784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-07 07:16 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\newnext.me 2014-01-07 07:16 - 2013-12-26 00:13 - 00002184 _____ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job 2014-01-07 07:16 - 2013-12-26 00:13 - 00001308 _____ C:\Windows\Tasks\Torntv V6.0-updater.job 2014-01-07 07:16 - 2013-09-27 23:40 - 00001224 _____ C:\Windows\Tasks\HDvid Codec V1-updater.job 2014-01-07 07:16 - 2013-09-27 23:40 - 00001218 _____ C:\Windows\Tasks\HDvid Codec V1-codedownloader.job 2014-01-07 07:16 - 2013-09-27 23:40 - 00001128 _____ C:\Windows\Tasks\HDvid Codec V1-enabler.job 2014-01-07 07:15 - 2014-01-07 07:15 - 00000056 _____ C:\Windows\setupact.log 2014-01-07 07:15 - 2014-01-07 07:15 - 00000000 _____ C:\Windows\setuperr.log 2014-01-07 07:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-07 00:58 - 2013-12-17 00:08 - 00000000 ____D C:\Users\Mobil Media\Desktop\DMK 2014-01-04 00:58 - 2013-11-15 14:56 - 00000000 ____D C:\Users\Mobil Media\Documents\Citavi 4 2014-01-03 11:30 - 2013-09-27 21:32 - 00007614 _____ C:\Users\Mobil Media\AppData\Local\Resmon.ResmonCfg 2014-01-01 14:44 - 2014-01-01 14:44 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\elsterformular 2014-01-01 14:44 - 2014-01-01 14:43 - 00000000 ____D C:\ProgramData\elsterformular 2014-01-01 14:43 - 2014-01-01 14:43 - 00001233 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-01 14:43 - 2014-01-01 14:43 - 00000000 ____D C:\Program Files (x86)\ElsterFormular 2014-01-01 14:42 - 2014-01-01 14:40 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\Mobil Media\Downloads\ElsterFormular-14.4.20130909p.exe 2013-12-30 20:51 - 2013-12-30 20:51 - 03257476 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_Version2.wav 2013-12-30 20:51 - 2013-12-30 20:51 - 02249860 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_120713.wav 2013-12-30 20:35 - 2013-12-30 20:35 - 01110476 _____ C:\Users\Mobil Media\Downloads\7z920.exe 2013-12-30 20:15 - 2013-12-30 20:15 - 03571656 _____ (Piriform Ltd) C:\Users\Mobil Media\Downloads\ccsetup409_slim.exe 2013-12-30 19:58 - 2013-12-30 19:57 - 13976557 _____ C:\Users\Mobil Media\Downloads\Intro.zip 2013-12-30 19:56 - 2013-12-30 19:56 - 03944505 _____ C:\Users\Mobil Media\Downloads\Version 2.zip 2013-12-29 17:41 - 2013-12-29 17:38 - 100242441 _____ (Realtek Semiconductor Corp.) C:\Users\Mobil Media\Downloads\32bit_Win7_Win8_Win81_R273.exe 2013-12-27 10:24 - 2013-12-26 00:17 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-27 10:11 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\cache 2013-12-26 00:34 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\Mobogenie 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\Documents\Mobogenie 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\genienext 2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\.android 2013-12-26 00:16 - 2013-12-26 00:16 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\BeamriseUninstall 2013-12-26 00:13 - 2013-12-26 00:13 - 00004338 _____ C:\Windows\System32\Tasks\Torntv V6.0-updater 2013-12-26 00:13 - 2013-12-26 00:13 - 00000852 _____ C:\Users\Mobil Media\Desktop\TornTV.lnk 2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com 2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\TornTV.com 2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\Torntv V6.0 2013-12-26 00:11 - 2013-12-26 00:11 - 00444440 _____ C:\Users\Mobil Media\Downloads\Die_Siedler_Von_Catan_Die_Erste_Insel.exe 2013-12-25 23:53 - 2013-12-25 23:53 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Cities3D 2013-12-25 23:52 - 2013-12-25 23:52 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cities Online 2013-12-25 14:05 - 2013-09-27 23:40 - 00004254 _____ C:\Windows\System32\Tasks\HDvid Codec V1-updater 2013-12-22 22:11 - 2013-10-23 19:05 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\vlc 2013-12-22 22:07 - 2013-10-20 21:13 - 00000000 ____D C:\Users\Mobil Media\Desktop\Transfer-Ordner 2013-12-22 22:05 - 2013-12-22 22:05 - 00000000 ____D C:\Users\Mobil Media\Desktop\Transferordner 2013-12-22 21:59 - 2013-12-21 15:04 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos Fotoaperat 2013-12-21 15:04 - 2013-12-21 15:04 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos digicam unsortirt 2013-12-19 12:46 - 2013-11-06 19:37 - 00000000 ____D C:\Users\Mobil Media\Desktop\Trash 2013-12-16 11:11 - 2013-10-06 16:15 - 00000000 ____D C:\Windows\system32\MRT 2013-12-16 08:28 - 2013-10-06 16:15 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-13 09:05 - 2009-07-14 05:45 - 00384936 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-12 22:41 - 2013-12-12 22:40 - 08861848 _____ C:\Users\Mobil Media\Downloads\SynologyAssistantSetup-4.3-4359.exe 2013-12-10 22:16 - 2013-09-27 16:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-10 22:16 - 2013-09-27 16:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-10 22:16 - 2013-09-27 16:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-09 19:59 - 2013-10-23 19:34 - 00003282 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart 2013-12-09 17:06 - 2013-12-09 10:59 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Juniper Networks 2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Users\Public\Juniper Networks 2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Sun 2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Oracle 2013-12-09 16:57 - 2013-12-09 16:58 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-09 16:57 - 2013-12-09 16:58 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-09 16:57 - 2013-12-09 16:58 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-09 16:57 - 2013-12-09 16:58 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-09 16:57 - 2013-12-09 16:57 - 00000000 ____D C:\Program Files (x86)\Java 2013-12-09 16:56 - 2013-12-09 16:56 - 00915368 _____ (Oracle Corporation) C:\Users\Mobil Media\Downloads\jxpiinstall.exe 2013-12-09 16:54 - 2013-12-09 16:54 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller(1).exe 2013-12-09 10:59 - 2013-12-09 10:59 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller.exe 2013-12-09 10:56 - 2013-12-09 10:49 - 00000000 ____D C:\Program Files\OpenVPN 2013-12-09 10:47 - 2013-12-09 10:47 - 01722556 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.1-x86_64-cms.exe 2013-12-09 10:47 - 2013-12-09 10:47 - 00004839 _____ C:\Users\Mobil Media\Downloads\hu-ca.crt 2013-12-09 10:47 - 2013-12-09 10:47 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin(1).ovpn 2013-12-09 10:47 - 2013-12-09 10:47 - 00000637 _____ C:\Users\Mobil Media\Downloads\hu-ta.key 2013-12-09 10:45 - 2013-12-09 10:45 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin.ovpn 2013-12-09 10:27 - 2013-12-09 10:27 - 01757632 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.2-I003-x86_64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-02 22:26 ==================== End Of Log ============================ Und hier die ADDITION: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014und hier die GMER: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2014-01-07 12:17:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0AB0Q 232,89GB Running: gmer_2.1.19163.exe; Driver: C:\Users\MOBILM~1\AppData\Local\Temp\fgdyikow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76] .text C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76] .text ... * 2 .text C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe[2708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76] .text C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe[2708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76] .text ... * 2 .text C:\Windows\SysWOW64\rundll32.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76] .text C:\Windows\SysWOW64\rundll32.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76] .text ... * 2 .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76] .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4240:4816] 000007fefb3e2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4240:3484] 000007fee9834830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4240:5424] 000007fef4935124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{00AEBB00-C179-46DF-B8FB-8C01C144198F}\Connection@Name isatap.{049507F4-4A02-4053-BDC1-9ADE6A7807AF} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{266FF6A0-EB5B-4885-A3FB-42F888A56362}?\Device\{00AEBB00-C179-46DF-B8FB-8C01C144198F}?\Device\{401C1179-8507-48A6-AB67-7DB40167A28F}?\Device\{1ADA3D80-0370-4D7B-9FA7-9BD87AF52A0D}?\Device\{B472DFAD-C9B8-4DA4-AB78-06B0109BA304}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{266FF6A0-EB5B-4885-A3FB-42F888A56362}"?"{00AEBB00-C179-46DF-B8FB-8C01C144198F}"?"{401C1179-8507-48A6-AB67-7DB40167A28F}"?"{1ADA3D80-0370-4D7B-9FA7-9BD87AF52A0D}"?"{B472DFAD-C9B8-4DA4-AB78-06B0109BA304}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{266FF6A0-EB5B-4885-A3FB-42F888A56362}?\Device\TCPIP6TUNNEL_{00AEBB00-C179-46DF-B8FB-8C01C144198F}?\Device\TCPIP6TUNNEL_{401C1179-8507-48A6-AB67-7DB40167A28F}?\Device\TCPIP6TUNNEL_{1ADA3D80-0370-4D7B-9FA7-9BD87AF52A0D}?\Device\TCPIP6TUNNEL_{B472DFAD-C9B8-4DA4-AB78-06B0109BA304}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{00AEBB00-C179-46DF-B8FB-8C01C144198F}@InterfaceName isatap.{049507F4-4A02-4053-BDC1-9ADE6A7807AF} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{00AEBB00-C179-46DF-B8FB-8C01C144198F}@ReusableType 0 ---- EOF - GMER 2.1 ---- Ich hoffe das hilft für den Anfang. Schonmal vorab besten Dan und Grüße Jan |