Win7: Iminent läßt sich nicht löschen...
Hallo,
ich habe mir irgendwie Iminent auf meinen Laptop gezogen und bin bei der Recherche auf eurer Forum und den den Thread: "Iminent lässt sich nicht entfernen" von vor einem Jahr gestoßen (www.trojaner-board.de/129808-iminent-laesst-entfernen-2.html).
Wenn ich das richtig verstanden habe, reicht es nicht die Schritte alleine durch zu führen sondern lieber mit einem Profie :-D
Ich hoffe ihr könnt mir weiterhelfen? Hier meine FRST Datei:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Mobil Media (administrator) on MOBILMEDIA-PC on 07-01-2014 11:15:14
Running from C:\Users\Mobil Media\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(McAfee, Inc.) D:\Programme\Common Framework\FrameworkService.exe
(McAfee, Inc.) D:\Programme\McAfee\vstskmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(McAfee, Inc.) D:\Programme\McAfee\mfeann.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
(McAfee, Inc.) D:\Programme\Common Framework\naPrdMgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(McAfee, Inc.) D:\Programme\Common Framework\UdaterUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(McAfee, Inc.) D:\Programme\Common Framework\McTray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(McAfee, Inc.) D:\Programme\McAfee\shstat.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [PasswordManager] - C:\Program Files\Lenovo\Password Manager\password_manager.exe [3091256 2011-12-26] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-09-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - D:\Programme\Common Framework\UdaterUI.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - D:\Programme\McAfee\shstat.exe [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6619432 2013-09-03] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-10] ()
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Mobil Media\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MountPoints2: {d6e7631f-2ae0-11e3-8005-e89a8fafb3f6} - F:\SISetup.exe
AppInit_DLLs: [ ] ()
AppInit_DLLs-x32: [ ] ()
Startup: C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=hp&installDate=23/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49645283C9BDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013
SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=9d81a02b-fffe-2e96-6156-bbb8da4ba6ef&searchtype=ds&q={searchTerms}&installDate=23/10/2013
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130926161453.dll (McAfee, Inc.)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: HDvid Codec V1 - {11111111-1111-1111-1111-110311431162} - C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-bho.dll (installdaddy)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130926161453.dll (McAfee, Inc.)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default
FF user.js: detected! => C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default\user.js
FF SelectedSearchEngine: StartWeb
FF Homepage: hxxp://start.iminent.com/?appId=06E9FC18-98D5-4A5A-A47A-C0348F08D7C6
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillancePlugin - C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.64\npSurveillancePlugin.dll (Synology)
FF Extension: Torntv V6.0 - C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default\Extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com
FF Extension: Search in Google Scholar - C:\Users\Mobil Media\AppData\Roaming\Mozilla\Firefox\Profiles\okorhv29.default\Extensions\vincent.piras@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx
CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx
==================== Services (Whitelisted) =================
R2 McAfeeFramework; D:\Programme\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-09-26] (McAfee, Inc.)
R2 McTaskManager; D:\Programme\McAfee\vstskmgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-09-26] (McAfee, Inc.)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
R2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [66848 2013-12-07] ()
R2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [66848 2013-12-26] ()
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-09-26] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-09-26] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-09-26] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-09-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-09-26] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows (R) Win 7 DDK provider)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-07 11:15 - 2014-01-07 11:16 - 00018312 _____ C:\Users\Mobil Media\Downloads\FRST.txt
2014-01-07 11:15 - 2014-01-07 11:15 - 00000000 ____D C:\FRST
2014-01-07 11:14 - 2014-01-07 11:14 - 01931762 _____ (Farbar) C:\Users\Mobil Media\Downloads\FRST64.exe
2014-01-07 11:13 - 2014-01-07 11:13 - 00000484 _____ C:\Users\Mobil Media\Downloads\defogger_disable.log
2014-01-07 11:13 - 2014-01-07 11:13 - 00000000 _____ C:\Users\Mobil Media\defogger_reenable
2014-01-07 11:12 - 2014-01-07 11:12 - 00050477 _____ C:\Users\Mobil Media\Downloads\Defogger.exe
2014-01-07 07:15 - 2014-01-07 07:15 - 00000056 _____ C:\Windows\setupact.log
2014-01-07 07:15 - 2014-01-07 07:15 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 00:58 - 2014-01-07 11:14 - 00039715 _____ C:\Windows\WindowsUpdate.log
2014-01-01 14:44 - 2014-01-01 14:44 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\elsterformular
2014-01-01 14:43 - 2014-01-01 14:44 - 00000000 ____D C:\ProgramData\elsterformular
2014-01-01 14:43 - 2014-01-01 14:43 - 00001233 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2014-01-01 14:43 - 2014-01-01 14:43 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2014-01-01 14:40 - 2014-01-01 14:42 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\Mobil Media\Downloads\ElsterFormular-14.4.20130909p.exe
2013-12-30 20:51 - 2013-12-30 20:51 - 03257476 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_Version2.wav
2013-12-30 20:51 - 2013-12-30 20:51 - 02249860 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_120713.wav
2013-12-30 20:35 - 2013-12-30 20:35 - 01110476 _____ C:\Users\Mobil Media\Downloads\7z920.exe
2013-12-30 20:15 - 2013-12-30 20:15 - 03571656 _____ (Piriform Ltd) C:\Users\Mobil Media\Downloads\ccsetup409_slim.exe
2013-12-30 19:57 - 2013-12-30 19:58 - 13976557 _____ C:\Users\Mobil Media\Downloads\Intro.zip
2013-12-30 19:56 - 2013-12-30 19:56 - 03944505 _____ C:\Users\Mobil Media\Downloads\Version 2.zip
2013-12-29 17:38 - 2013-12-29 17:41 - 100242441 _____ (Realtek Semiconductor Corp.) C:\Users\Mobil Media\Downloads\32bit_Win7_Win8_Win81_R273.exe
2013-12-26 00:18 - 2014-01-07 10:29 - 00005489 _____ C:\Users\Mobil Media\daemonprocess.txt
2013-12-26 00:18 - 2014-01-07 07:16 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\newnext.me
2013-12-26 00:18 - 2013-12-27 10:11 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\cache
2013-12-26 00:18 - 2013-12-26 00:34 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\Mobogenie
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\Documents\Mobogenie
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\genienext
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\.android
2013-12-26 00:17 - 2013-12-27 10:24 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-26 00:16 - 2013-12-26 00:16 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\BeamriseUninstall
2013-12-26 00:14 - 2014-01-07 07:46 - 00000000 ____D C:\Program Files (x86)\SecretSauce
2013-12-26 00:13 - 2014-01-07 07:16 - 00002184 _____ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job
2013-12-26 00:13 - 2014-01-07 07:16 - 00001308 _____ C:\Windows\Tasks\Torntv V6.0-updater.job
2013-12-26 00:13 - 2013-12-26 00:13 - 00004338 _____ C:\Windows\System32\Tasks\Torntv V6.0-updater
2013-12-26 00:13 - 2013-12-26 00:13 - 00000852 _____ C:\Users\Mobil Media\Desktop\TornTV.lnk
2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\Torntv V6.0
2013-12-26 00:11 - 2013-12-26 00:11 - 00444440 _____ C:\Users\Mobil Media\Downloads\Die_Siedler_Von_Catan_Die_Erste_Insel.exe
2013-12-25 23:53 - 2013-12-25 23:53 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Cities3D
2013-12-25 23:52 - 2013-12-25 23:52 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cities Online
2013-12-22 22:05 - 2013-12-22 22:05 - 00000000 ____D C:\Users\Mobil Media\Desktop\Transferordner
2013-12-21 15:04 - 2013-12-22 21:59 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos Fotoaperat
2013-12-21 15:04 - 2013-12-21 15:04 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos digicam unsortirt
2013-12-17 00:08 - 2014-01-07 00:58 - 00000000 ____D C:\Users\Mobil Media\Desktop\DMK
2013-12-13 08:48 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 08:48 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 08:48 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 08:48 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 08:46 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:46 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:46 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 08:46 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 08:46 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 08:46 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 08:46 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:46 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:46 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 08:46 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 08:46 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:46 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:46 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 08:46 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 08:46 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 08:46 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 08:46 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 08:46 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:46 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 08:46 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 08:46 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 08:46 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 08:46 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:46 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 08:46 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 08:46 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:46 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:46 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 08:46 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 08:46 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 08:46 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 22:40 - 2013-12-12 22:41 - 08861848 _____ C:\Users\Mobil Media\Downloads\SynologyAssistantSetup-4.3-4359.exe
2013-12-12 09:44 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 09:44 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 09:44 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 09:44 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 09:44 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 09:44 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 09:44 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 09:44 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 09:44 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 09:43 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 09:43 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 09:43 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 09:43 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 09:43 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 09:43 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 09:43 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 09:43 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 09:43 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 09:43 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2013-12-09 17:01 - 2013-02-18 13:30 - 00590952 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll
2013-12-09 17:01 - 2013-02-18 13:30 - 00423016 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll
2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Sun
2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Oracle
2013-12-09 16:58 - 2013-12-09 16:57 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-09 16:58 - 2013-12-09 16:57 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-09 16:58 - 2013-12-09 16:57 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-09 16:58 - 2013-12-09 16:57 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-09 16:57 - 2013-12-09 16:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-09 16:56 - 2013-12-09 16:56 - 00915368 _____ (Oracle Corporation) C:\Users\Mobil Media\Downloads\jxpiinstall.exe
2013-12-09 16:54 - 2013-12-09 16:54 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller(1).exe
2013-12-09 10:59 - 2013-12-09 17:06 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Juniper Networks
2013-12-09 10:59 - 2013-12-09 10:59 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller.exe
2013-12-09 10:49 - 2013-12-09 10:56 - 00000000 ____D C:\Program Files\OpenVPN
2013-12-09 10:47 - 2013-12-09 10:47 - 01722556 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.1-x86_64-cms.exe
2013-12-09 10:47 - 2013-12-09 10:47 - 00004839 _____ C:\Users\Mobil Media\Downloads\hu-ca.crt
2013-12-09 10:47 - 2013-12-09 10:47 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin(1).ovpn
2013-12-09 10:47 - 2013-12-09 10:47 - 00000637 _____ C:\Users\Mobil Media\Downloads\hu-ta.key
2013-12-09 10:45 - 2013-12-09 10:45 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin.ovpn
2013-12-09 10:27 - 2013-12-09 10:27 - 01757632 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.2-I003-x86_64.exe
==================== One Month Modified Files and Folders =======
2014-01-07 11:16 - 2014-01-07 11:15 - 00018312 _____ C:\Users\Mobil Media\Downloads\FRST.txt
2014-01-07 11:15 - 2014-01-07 11:15 - 00000000 ____D C:\FRST
2014-01-07 11:15 - 2013-09-27 16:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 11:14 - 2014-01-07 11:14 - 01931762 _____ (Farbar) C:\Users\Mobil Media\Downloads\FRST64.exe
2014-01-07 11:14 - 2014-01-07 00:58 - 00039715 _____ C:\Windows\WindowsUpdate.log
2014-01-07 11:13 - 2014-01-07 11:13 - 00000484 _____ C:\Users\Mobil Media\Downloads\defogger_disable.log
2014-01-07 11:13 - 2014-01-07 11:13 - 00000000 _____ C:\Users\Mobil Media\defogger_reenable
2014-01-07 11:13 - 2013-09-26 11:46 - 00000000 ____D C:\Users\Mobil Media
2014-01-07 11:12 - 2014-01-07 11:12 - 00050477 _____ C:\Users\Mobil Media\Downloads\Defogger.exe
2014-01-07 10:51 - 2013-09-26 14:52 - 00000000 ____D C:\Users\Mobil Media\Desktop\Organisation
2014-01-07 10:41 - 2013-09-27 23:42 - 00000000 ____D C:\Program Files (x86)\IminentToolbar
2014-01-07 10:29 - 2013-12-26 00:18 - 00005489 _____ C:\Users\Mobil Media\daemonprocess.txt
2014-01-07 07:46 - 2013-12-26 00:14 - 00000000 ____D C:\Program Files (x86)\SecretSauce
2014-01-07 07:23 - 2009-07-14 18:58 - 00699342 _____ C:\Windows\system32\perfh007.dat
2014-01-07 07:23 - 2009-07-14 18:58 - 00149450 _____ C:\Windows\system32\perfc007.dat
2014-01-07 07:23 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 07:23 - 2009-07-14 05:45 - 00014784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 07:23 - 2009-07-14 05:45 - 00014784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 07:16 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\newnext.me
2014-01-07 07:16 - 2013-12-26 00:13 - 00002184 _____ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job
2014-01-07 07:16 - 2013-12-26 00:13 - 00001308 _____ C:\Windows\Tasks\Torntv V6.0-updater.job
2014-01-07 07:16 - 2013-09-27 23:40 - 00001224 _____ C:\Windows\Tasks\HDvid Codec V1-updater.job
2014-01-07 07:16 - 2013-09-27 23:40 - 00001218 _____ C:\Windows\Tasks\HDvid Codec V1-codedownloader.job
2014-01-07 07:16 - 2013-09-27 23:40 - 00001128 _____ C:\Windows\Tasks\HDvid Codec V1-enabler.job
2014-01-07 07:15 - 2014-01-07 07:15 - 00000056 _____ C:\Windows\setupact.log
2014-01-07 07:15 - 2014-01-07 07:15 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 07:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 00:58 - 2013-12-17 00:08 - 00000000 ____D C:\Users\Mobil Media\Desktop\DMK
2014-01-04 00:58 - 2013-11-15 14:56 - 00000000 ____D C:\Users\Mobil Media\Documents\Citavi 4
2014-01-03 11:30 - 2013-09-27 21:32 - 00007614 _____ C:\Users\Mobil Media\AppData\Local\Resmon.ResmonCfg
2014-01-01 14:44 - 2014-01-01 14:44 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\elsterformular
2014-01-01 14:44 - 2014-01-01 14:43 - 00000000 ____D C:\ProgramData\elsterformular
2014-01-01 14:43 - 2014-01-01 14:43 - 00001233 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2014-01-01 14:43 - 2014-01-01 14:43 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2014-01-01 14:42 - 2014-01-01 14:40 - 69755760 _____ (Landesfinanzdirektion Thüringen) C:\Users\Mobil Media\Downloads\ElsterFormular-14.4.20130909p.exe
2013-12-30 20:51 - 2013-12-30 20:51 - 03257476 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_Version2.wav
2013-12-30 20:51 - 2013-12-30 20:51 - 02249860 _____ C:\Users\Mobil Media\Downloads\Jingle_DMK_Audioprint_120713.wav
2013-12-30 20:35 - 2013-12-30 20:35 - 01110476 _____ C:\Users\Mobil Media\Downloads\7z920.exe
2013-12-30 20:15 - 2013-12-30 20:15 - 03571656 _____ (Piriform Ltd) C:\Users\Mobil Media\Downloads\ccsetup409_slim.exe
2013-12-30 19:58 - 2013-12-30 19:57 - 13976557 _____ C:\Users\Mobil Media\Downloads\Intro.zip
2013-12-30 19:56 - 2013-12-30 19:56 - 03944505 _____ C:\Users\Mobil Media\Downloads\Version 2.zip
2013-12-29 17:41 - 2013-12-29 17:38 - 100242441 _____ (Realtek Semiconductor Corp.) C:\Users\Mobil Media\Downloads\32bit_Win7_Win8_Win81_R273.exe
2013-12-27 10:24 - 2013-12-26 00:17 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-27 10:11 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\cache
2013-12-26 00:34 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\Mobogenie
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\Documents\Mobogenie
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\genienext
2013-12-26 00:18 - 2013-12-26 00:18 - 00000000 ____D C:\Users\Mobil Media\.android
2013-12-26 00:16 - 2013-12-26 00:16 - 00000000 ____D C:\Users\Mobil Media\AppData\Local\BeamriseUninstall
2013-12-26 00:13 - 2013-12-26 00:13 - 00004338 _____ C:\Windows\System32\Tasks\Torntv V6.0-updater
2013-12-26 00:13 - 2013-12-26 00:13 - 00000852 _____ C:\Users\Mobil Media\Desktop\TornTV.lnk
2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-12-26 00:13 - 2013-12-26 00:13 - 00000000 ____D C:\Program Files (x86)\Torntv V6.0
2013-12-26 00:11 - 2013-12-26 00:11 - 00444440 _____ C:\Users\Mobil Media\Downloads\Die_Siedler_Von_Catan_Die_Erste_Insel.exe
2013-12-25 23:53 - 2013-12-25 23:53 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Cities3D
2013-12-25 23:52 - 2013-12-25 23:52 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cities Online
2013-12-25 14:05 - 2013-09-27 23:40 - 00004254 _____ C:\Windows\System32\Tasks\HDvid Codec V1-updater
2013-12-22 22:11 - 2013-10-23 19:05 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\vlc
2013-12-22 22:07 - 2013-10-20 21:13 - 00000000 ____D C:\Users\Mobil Media\Desktop\Transfer-Ordner
2013-12-22 22:05 - 2013-12-22 22:05 - 00000000 ____D C:\Users\Mobil Media\Desktop\Transferordner
2013-12-22 21:59 - 2013-12-21 15:04 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos Fotoaperat
2013-12-21 15:04 - 2013-12-21 15:04 - 00000000 ____D C:\Users\Mobil Media\Desktop\Fotos digicam unsortirt
2013-12-19 12:46 - 2013-11-06 19:37 - 00000000 ____D C:\Users\Mobil Media\Desktop\Trash
2013-12-16 11:11 - 2013-10-06 16:15 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 08:28 - 2013-10-06 16:15 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 09:05 - 2009-07-14 05:45 - 00384936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 22:41 - 2013-12-12 22:40 - 08861848 _____ C:\Users\Mobil Media\Downloads\SynologyAssistantSetup-4.3-4359.exe
2013-12-10 22:16 - 2013-09-27 16:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 22:16 - 2013-09-27 16:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 22:16 - 2013-09-27 16:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-09 19:59 - 2013-10-23 19:34 - 00003282 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2013-12-09 17:06 - 2013-12-09 10:59 - 00000000 ____D C:\Users\Mobil Media\AppData\Roaming\Juniper Networks
2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Users\Public\Juniper Networks
2013-12-09 17:01 - 2013-12-09 17:01 - 00000000 ____D C:\Program Files (x86)\Juniper Networks
2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Sun
2013-12-09 16:58 - 2013-12-09 16:58 - 00000000 ____D C:\ProgramData\Oracle
2013-12-09 16:57 - 2013-12-09 16:58 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-09 16:57 - 2013-12-09 16:58 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-09 16:57 - 2013-12-09 16:58 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-09 16:57 - 2013-12-09 16:58 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-09 16:57 - 2013-12-09 16:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-09 16:56 - 2013-12-09 16:56 - 00915368 _____ (Oracle Corporation) C:\Users\Mobil Media\Downloads\jxpiinstall.exe
2013-12-09 16:54 - 2013-12-09 16:54 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller(1).exe
2013-12-09 10:59 - 2013-12-09 10:59 - 01419864 _____ (Juniper Networks, Inc.) C:\Users\Mobil Media\Downloads\JuniperSetupClientInstaller.exe
2013-12-09 10:56 - 2013-12-09 10:49 - 00000000 ____D C:\Program Files\OpenVPN
2013-12-09 10:47 - 2013-12-09 10:47 - 01722556 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.1-x86_64-cms.exe
2013-12-09 10:47 - 2013-12-09 10:47 - 00004839 _____ C:\Users\Mobil Media\Downloads\hu-ca.crt
2013-12-09 10:47 - 2013-12-09 10:47 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin(1).ovpn
2013-12-09 10:47 - 2013-12-09 10:47 - 00000637 _____ C:\Users\Mobil Media\Downloads\hu-ta.key
2013-12-09 10:45 - 2013-12-09 10:45 - 00001852 _____ C:\Users\Mobil Media\Downloads\hu-berlin.ovpn
2013-12-09 10:27 - 2013-12-09 10:27 - 01757632 _____ C:\Users\Mobil Media\Downloads\openvpn-install-2.3.2-I003-x86_64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-02 22:26
==================== End Of Log ============================
--- --- ---
Und hier die ADDITION: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Mobil Media at 2014-01-07 11:18:11
Running from C:\Users\Mobil Media\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x32 Version: - )
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.1.0 - Adobe Systems) Hidden
Adobe Acrobat 8.1.0 Professional (x32 Version: 8.1.0 - Adobe Systems)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.851.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70127.0812 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0127.816.14645 - Ihr Firmenname) Hidden
Anzeige am Bildschirm (Version: 6.70.00 - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.2.43 - Atheros Communications Inc.)
Broadcom 802.11 Network Adapter (Version: 5.100.82.95 - Broadcom Corporation)
Bundled software uninstaller (x32 Version: - ) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0127.816.14645 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0127.816.14645 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0127.816.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0127.0815.14645 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0127.816.14645 - Advanced Micro Devices, Inc.) Hidden
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (x32 Version: 4.2.0.11 - Swiss Academic Software)
CitiesOnline (x32 Version: - )
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001 - Microsoft Corporation)
Conexant HD Audio (Version: 8.32.34.50 - Conexant)
ElsterFormular (x32 Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
Energie-Manager (x32 Version: 6.63.1 - Lenovo Group Limited)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614 - Evernote Corp.)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0 - )
FilesFrog Update Checker (x32 Version: - ) <==== ATTENTION
HDvid Codec V1 (x32 Version: 1.27.153.8 - installdaddy) <==== ATTENTION
HP LaserJet Professional P1100-P1560-P1600 Series (Version: - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (x32 Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN Driver (x32 Version: 1.6.0.4 - Suyin Optronics Corp.)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.03.0000 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Network Connect 7.1.14 (x32 Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1 - Juniper Networks, Inc.)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (Version: 1.67.03.13 - )
Lenovo Screen Reading Optimizer (x32 Version: 1.16 - Lenovo)
Lenovo System Interface Driver (Version: 1.05 - )
Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) Hidden
Livescribe Connect (x32 Version: 1.2.1.58498 - Livescribe Inc)
Livescribe Desktop (x32 Version: 2.8.3 - Livescribe Inc)
Lumac (x32 Version: 1.1.92.0 - Firstload)
Lumac (x32 Version: 1.1.92.0 - Firstload) Hidden
McAfee Agent (x32 Version: 4.6.0.2988 - McAfee, Inc.)
McAfee VirusScan Enterprise (x32 Version: 8.8.02004 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (x32 Version: 6.5.1.5 - Ericsson AB)
Mobogenie (x32 Version: - Mobogenie.com)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0 - Mozilla)
Mozilla Firefox 26.0 (x86 de) (HKCU Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.0 - Mozilla)
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
PhotoFiltre 7 (HKCU Version: - )
Realtek PCIE Card Reader (x32 Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
SecretSauce (Version: 2013.12.07.011955 - SecretSauce)
SurveillancePlugin (x32 Version: 1.0.0.64 - Synology)
ThinkPad UltraNav Driver (Version: 16.2.19.11 - )
ThinkPad Wireless LAN Adapter Software (x32 Version: 1.00.0031.1 - )
ThinkVantage AutoLock (Version: 1.07 - Lenovo)
ThinkVantage Password Manager (Version: 4.00.0024.00 - Lenovo Group Limited)
TornTV (x32 Version: 2.1 Build 26473 - TornTV.com) <==== ATTENTION
Torntv V6.0 (x32 Version: 1.31.153.0 - installdaddy) <==== ATTENTION
Total Commander 64-bit (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
VLC media player 2.0.3 (x32 Version: 2.0.3 - VideoLAN)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-12-10 14:49 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {09D7E1D1-C002-41D1-876C-9E142FEF502D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {0D56CD6D-D135-4530-AC49-4ADFAFF493EB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {10D45A3B-2C03-4D1C-A693-9F5587486A6B} - System32\Tasks\HDvid Codec V1-updater => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe [2013-09-27] (installdaddy) <==== ATTENTION
Task: {11380E12-D727-4355-B85B-BA8C071E4488} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {1FC37159-A2E9-49C0-BEA8-7839FDD99921} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {328E13B2-902E-45FC-AE6C-5BFB56679316} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {3C9BA9C8-926B-45B2-BF00-FAD1DE66ED4B} - System32\Tasks\Torntv V6.0-firefoxinstaller => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe [2013-12-26] (installdaddy) <==== ATTENTION
Task: {414FA858-BAA6-4697-9586-8B3B3757378F} - System32\Tasks\HDvid Codec V1-enabler => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe [2013-12-25] (installdaddy) <==== ATTENTION
Task: {9471D81D-F74D-48BF-9AF6-EF7C2127085D} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A9DE8A01-2BC2-455A-9B57-70A1D4A3B8CC} - System32\Tasks\HDvid Codec V1-codedownloader => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe [2013-09-27] (installdaddy) <==== ATTENTION
Task: {C8FA0B5E-E4F2-4D91-A035-A33DE3BCEBA0} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Mobil Media\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION
Task: {D92500F0-6363-4B16-92B5-ADB832DF2F0A} - System32\Tasks\Torntv V6.0-updater => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe [2013-12-26] (installdaddy) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HDvid Codec V1-codedownloader.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid Codec V1-enabler.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid Codec V1-updater.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Torntv V6.0-updater.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-09-27 11:57 - 2013-09-03 05:03 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-12-26 10:47 - 2011-12-26 10:47 - 02163512 _____ () C:\Program Files\Lenovo\Password Manager\pwm_gui.dll
2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () D:\Programme\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () D:\Programme\Common Framework\ccme_base.dll
2012-08-14 19:08 - 2012-08-14 19:08 - 00150328 _____ () D:\Programme\McAfee\WscAv.dll
2011-10-27 23:56 - 2011-10-27 23:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2013-09-26 21:31 - 2011-05-26 16:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2013-09-26 21:22 - 2011-06-29 17:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2013-09-26 21:22 - 2011-06-29 17:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-12-11 23:31 - 2013-12-11 23:32 - 03559024 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-15 14:55 - 2013-07-17 23:56 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2014-01-07 07:46 - 2014-01-07 07:46 - 00398112 _____ () C:\Program Files (x86)\SecretSauce\bin\SecretSauce.BrowserFilter.Helper.dll
2013-12-10 22:16 - 2013-12-10 22:16 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\RnRMount:$WIMMOUNTDATA
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: SM bios service
Description: SM bios service
Class Guid: {9d2fe6d0-9b76-11db-b606-0800200c9a66}
Manufacturer: Lenovo TVT SMBIOS
Service: psadd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (01/06/2014 00:46:43 PM) (Source: Application Hang) (User: )
Description: Programm Acrobat.exe, Version 8.1.0.137 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 168c
Startzeit: 01cf0ad482e08ce9
Endzeit: 47
Anwendungspfad: D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
Berichts-ID: 1ac25d07-76c8-11e3-9a51-e89a8fafb3f6
Error: (01/06/2014 10:29:52 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0039d9f0
ID des fehlerhaften Prozesses: 0xef0
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Error: (01/01/2014 01:22:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0xf54
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Error: (12/28/2013 10:44:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e71e0
ID des fehlerhaften Prozesses: 0x1904
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Error: (12/26/2013 00:38:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x1908
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (12/26/2013 00:13:26 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: tempttv.exe, Version: 1.0.1.7, Zeitstempel: 0x52b18509
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xtempttv.exe0
Pfad der fehlerhaften Anwendung: tempttv.exe1
Pfad des fehlerhaften Moduls: tempttv.exe2
Berichtskennung: tempttv.exe3
Error: (12/18/2013 05:07:36 PM) (Source: ESENT) (User: )
Description: DllHost (9536) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Mobil Media\AppData\Local\Microsoft\Windows\WebCache\V0100033.log.
Error: (12/13/2013 08:44:32 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
Error: (12/12/2013 09:00:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00118f87
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (12/09/2013 03:18:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (01/07/2014 10:29:03 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (01/07/2014 07:43:20 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMCoreService erreicht.
Error: (01/07/2014 07:16:07 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/07/2014 07:15:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (01/07/2014 01:04:32 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/07/2014 01:04:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (01/07/2014 01:00:24 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/07/2014 01:00:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (01/07/2014 00:56:04 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (01/07/2014 00:55:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Microsoft Office Sessions:
=========================
Error: (01/06/2014 00:46:43 PM) (Source: Application Hang)(User: )
Description: Acrobat.exe8.1.0.137168c01cf0ad482e08ce947D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe1ac25d07-76c8-11e3-9a51-e89a8fafb3f6
Error: (01/06/2014 10:29:52 AM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c00000050039d9f0ef001cf0a2b59eb2769C:\Windows\SysWOW64\rundll32.exeunknown1809edf4-76b5-11e3-9a51-e89a8fafb3f6
Error: (01/01/2014 01:22:54 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.18247521ea8e7c00000050002e3bef5401cf05979ae645dbC:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW6 4\ntdll.dll700be93a-72df-11e3-abc7-e89a8fafb3f6
Error: (12/28/2013 10:44:55 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c0000005003e71e0190401cf01c794d36e1aC:\Windows\SysWOW64\rundll32.exeunknown4960b34f-7009-11e3-abff-e89a8fafb3f6
Error: (12/26/2013 00:38:00 AM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8190801cf01c81575d71aD:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\Program Files (x86)\Mozilla Firefox\xul.dll965bdbfc-6dbd-11e3-abff-e89a8fafb3f6
Error: (12/26/2013 00:13:26 AM) (Source: Application Error)(User: )
Description: tempttv.exe1.0.1.752b18509KERNELBASE.dll6.1.7601.1822951fb1677e0434f4d000000000000940d
Error: (12/18/2013 05:07:36 PM) (Source: ESENT)(User: )
Description: DllHost9536WebCacheLocal: C:\Users\Mobil Media\AppData\Local\Microsoft\Windows\WebCache\V0100033.log-1811
Error: (12/13/2013 08:44:32 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
Error: (12/12/2013 09:00:03 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87178001cef5dd8c3ac296D:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\Program Files (x86)\Mozilla Firefox\xul.dllfceb68f7-6367-11e3-a9c2-00059a3c7a00
Error: (12/09/2013 03:18:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\SetACL64.exe
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 7782.67 MB
Available physical RAM: 5782.66 MB
Total Pagefile: 15563.52 MB
Available Pagefile: 13232.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:3.08 GB) NTFS
Drive d: (Volume) (Fixed) (Total:63.48 GB) (Free:57.75 GB) NTFS
Drive e: (Volume) (Fixed) (Total:120.58 GB) (Free:60.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: D310D26E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=63 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=121 GB) - (Type=OF Extended)
==================== End Of Log ============================ und hier die GMER:
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-07 12:17:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0AB0Q 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MOBILM~1\AppData\Local\Temp\fgdyikow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76]
.text C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76]
.text ... * 2
.text C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe[2708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76]
.text C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe[2708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76]
.text C:\Windows\SysWOW64\rundll32.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76]
.text ... * 2
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4240:4816] 000007fefb3e2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4240:3484] 000007fee9834830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4240:5424] 000007fef4935124
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{00AEBB00-C179-46DF-B8FB-8C01C144198F}\Connection@Name isatap.{049507F4-4A02-4053-BDC1-9ADE6A7807AF}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{266FF6A0-EB5B-4885-A3FB-42F888A56362}?\Device\{00AEBB00-C179-46DF-B8FB-8C01C144198F}?\Device\{401C1179-8507-48A6-AB67-7DB40167A28F}?\Device\{1ADA3D80-0370-4D7B-9FA7-9BD87AF52A0D}?\Device\{B472DFAD-C9B8-4DA4-AB78-06B0109BA304}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{266FF6A0-EB5B-4885-A3FB-42F888A56362}"?"{00AEBB00-C179-46DF-B8FB-8C01C144198F}"?"{401C1179-8507-48A6-AB67-7DB40167A28F}"?"{1ADA3D80-0370-4D7B-9FA7-9BD87AF52A0D}"?"{B472DFAD-C9B8-4DA4-AB78-06B0109BA304}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{266FF6A0-EB5B-4885-A3FB-42F888A56362}?\Device\TCPIP6TUNNEL_{00AEBB00-C179-46DF-B8FB-8C01C144198F}?\Device\TCPIP6TUNNEL_{401C1179-8507-48A6-AB67-7DB40167A28F}?\Device\TCPIP6TUNNEL_{1ADA3D80-0370-4D7B-9FA7-9BD87AF52A0D}?\Device\TCPIP6TUNNEL_{B472DFAD-C9B8-4DA4-AB78-06B0109BA304}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{00AEBB00-C179-46DF-B8FB-8C01C144198F}@InterfaceName isatap.{049507F4-4A02-4053-BDC1-9ADE6A7807AF}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{00AEBB00-C179-46DF-B8FB-8C01C144198F}@ReusableType 0
---- EOF - GMER 2.1 ----
--- --- ---
Ich hoffe das hilft für den Anfang.
Schonmal vorab besten Dan und Grüße
Jan |
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
