| jojoba100 | 09.02.2014 21:02 |
Windows 7: Amazon Phishing-Mail Link angeklickt
Liebes Forum,
ich habe heute leider aus einer Panikreaktion einen E-Mail Link einer gefälschten Amazon E-Mail angeklickt. Ich habe in weitere Folge keine Daten in den geöffenten Link eingegeben, nur habe ich Angst, dass ich mir eine Schadsoftware durch das Anklicken eingefangen habe.
System: Windows 7, 64-bit
Anbei meine Log-files:
defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:38 on 09/02/2014 (Jojo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 02
Ran by Jojo (administrator) on JOJO-HP on 09-02-2014 20:39:36
Running from C:\Users\Jojo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [576568 2011-11-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-10-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3069365654-3097842970-2988167597-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3069365654-3097842970-2988167597-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3069365654-3097842970-2988167597-1000\...\Policies\system: [DisableChangePassword] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://www.ebay.at/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM - {FC72E323-8AB9-4A2B-8146-CBE5C53853C4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://www.ebay.at/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {FC72E323-8AB9-4A2B-8146-CBE5C53853C4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://www.ebay.at/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {FC72E323-8AB9-4A2B-8146-CBE5C53853C4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\v3oxlxut.default
FF Homepage: hxxp://www.austriansoccerboard.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\v3oxlxut.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Hola Unblocker - C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\v3oxlxut.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-02-07]
FF Extension: DuckDuckGo Plus - C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\v3oxlxut.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-07-15]
FF Extension: Tab Mix Plus - C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\v3oxlxut.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-09-24]
FF Extension: Adblock Edge - C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\v3oxlxut.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-16]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-09 20:39 - 2014-02-09 20:39 - 02170880 _____ (Farbar) C:\Users\Jojo\Desktop\FRST64.exe
2014-02-09 20:39 - 2014-02-09 20:39 - 00017550 _____ () C:\Users\Jojo\Desktop\FRST.txt
2014-02-09 20:39 - 2014-02-09 20:39 - 00000000 ____D () C:\FRST
2014-02-09 20:38 - 2014-02-09 20:38 - 00000470 _____ () C:\Users\Jojo\Desktop\defogger_disable.log
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 _____ () C:\Users\Jojo\defogger_reenable
2014-02-09 20:37 - 2014-02-09 20:37 - 00050477 _____ () C:\Users\Jojo\Desktop\Defogger.exe
2014-02-09 20:09 - 2014-02-09 20:11 - 00000000 ____D () C:\AdwCleaner
2014-02-09 20:09 - 2014-02-09 20:09 - 01166132 _____ () C:\Users\Jojo\Desktop\adwcleaner.exe
2014-02-09 20:06 - 2014-02-09 20:06 - 00080382 _____ () C:\Users\Jojo\Desktop\Extras.Txt
2014-02-09 20:05 - 2014-02-09 20:05 - 00080534 _____ () C:\Users\Jojo\Desktop\OTL.Txt
2014-02-09 19:58 - 2014-02-09 19:58 - 00602112 _____ (OldTimer Tools) C:\Users\Jojo\Desktop\OTL.exe
2014-02-09 18:16 - 2014-02-09 18:16 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 18:16 - 2014-02-09 18:16 - 00000000 ____D () C:\Users\Jojo\AppData\Roaming\Malwarebytes
2014-02-09 18:16 - 2014-02-09 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 18:16 - 2014-02-09 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 18:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-09 18:15 - 2014-02-09 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jojo\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-18 17:54 - 2014-01-18 18:05 - 00000000 ____D () C:\Users\Jojo\Desktop\niki
2014-01-18 10:27 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 10:27 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 10:27 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 10:27 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 10:27 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 10:27 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 10:27 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 10:27 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 10:27 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-09 20:39 - 2014-02-09 20:39 - 02170880 _____ (Farbar) C:\Users\Jojo\Desktop\FRST64.exe
2014-02-09 20:39 - 2014-02-09 20:39 - 00017550 _____ () C:\Users\Jojo\Desktop\FRST.txt
2014-02-09 20:39 - 2014-02-09 20:39 - 00000000 ____D () C:\FRST
2014-02-09 20:38 - 2014-02-09 20:38 - 00000470 _____ () C:\Users\Jojo\Desktop\defogger_disable.log
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 _____ () C:\Users\Jojo\defogger_reenable
2014-02-09 20:38 - 2012-09-24 12:37 - 00000000 ____D () C:\Users\Jojo
2014-02-09 20:37 - 2014-02-09 20:37 - 00050477 _____ () C:\Users\Jojo\Desktop\Defogger.exe
2014-02-09 20:37 - 2012-09-24 12:37 - 01303246 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 20:35 - 2013-04-30 15:11 - 00000000 ____D () C:\Users\Jojo\AppData\Roaming\Skype
2014-02-09 20:35 - 2012-09-24 14:05 - 00000000 ____D () C:\Users\Jojo\FH
2014-02-09 20:33 - 2012-09-24 18:58 - 00000000 ___RD () C:\Users\Jojo\Google Drive
2014-02-09 20:31 - 2012-09-24 18:57 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 20:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 20:31 - 2009-07-14 05:51 - 00086863 _____ () C:\Windows\setupact.log
2014-02-09 20:11 - 2014-02-09 20:09 - 00000000 ____D () C:\AdwCleaner
2014-02-09 20:09 - 2014-02-09 20:09 - 01166132 _____ () C:\Users\Jojo\Desktop\adwcleaner.exe
2014-02-09 20:06 - 2014-02-09 20:06 - 00080382 _____ () C:\Users\Jojo\Desktop\Extras.Txt
2014-02-09 20:05 - 2014-02-09 20:05 - 00080534 _____ () C:\Users\Jojo\Desktop\OTL.Txt
2014-02-09 20:02 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 20:02 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 19:58 - 2014-02-09 19:58 - 00602112 _____ (OldTimer Tools) C:\Users\Jojo\Desktop\OTL.exe
2014-02-09 19:53 - 2010-11-21 04:47 - 00641014 _____ () C:\Windows\PFRO.log
2014-02-09 19:26 - 2012-09-24 18:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 19:15 - 2012-02-12 17:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 18:16 - 2014-02-09 18:16 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 18:16 - 2014-02-09 18:16 - 00000000 ____D () C:\Users\Jojo\AppData\Roaming\Malwarebytes
2014-02-09 18:16 - 2014-02-09 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 18:16 - 2014-02-09 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 18:15 - 2014-02-09 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jojo\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-09 12:15 - 2012-02-12 17:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-09 12:15 - 2012-02-12 17:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-09 12:15 - 2012-02-12 17:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-09 11:53 - 2012-09-24 12:42 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{58330FC5-0250-4B86-9934-22CB0C1ED92A}
2014-02-09 11:47 - 2012-10-09 10:16 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJojo.job
2014-02-08 22:35 - 2012-10-09 10:16 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJojo
2014-02-07 17:41 - 2013-04-04 19:32 - 00000000 ____D () C:\Users\Jojo\AppData\Roaming\vlc
2014-02-07 16:57 - 2012-09-25 14:14 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-07 16:56 - 2013-01-22 10:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-02 17:07 - 2014-01-07 20:47 - 00000000 ____D () C:\Users\Jojo\Desktop\USA neu
2014-02-02 13:56 - 2012-02-13 01:55 - 00657910 _____ () C:\Windows\system32\perfh007.dat
2014-02-02 13:56 - 2012-02-13 01:55 - 00131250 _____ () C:\Windows\system32\perfc007.dat
2014-02-02 13:56 - 2009-07-14 06:13 - 01507342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-28 18:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-25 12:06 - 2013-10-22 09:07 - 00019300 _____ () C:\Users\Jojo\Desktop\Kalkulation.xlsx
2014-01-22 20:51 - 2012-10-16 16:21 - 00003336 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3069365654-3097842970-2988167597-1000
2014-01-22 20:51 - 2012-10-16 16:21 - 00003200 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3069365654-3097842970-2988167597-1000
2014-01-22 20:10 - 2009-07-14 05:45 - 00413624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-21 19:59 - 2012-09-24 13:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-21 19:58 - 2013-07-25 07:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-21 19:56 - 2013-01-10 20:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 18:05 - 2014-01-18 17:54 - 00000000 ____D () C:\Users\Jojo\Desktop\niki
2014-01-18 10:46 - 2014-01-05 16:36 - 00000000 ____D () C:\Users\Jojo\Desktop\Unilever
2014-01-12 11:45 - 2013-06-01 09:23 - 00000000 ____D () C:\Users\Jojo\Documents\telering
Some content of TEMP:
====================
C:\Users\Jojo\AppData\Local\Temp\AskSLib.dll
C:\Users\Jojo\AppData\Local\Temp\avgnt.exe
C:\Users\Jojo\AppData\Local\Temp\Extract.exe
C:\Users\Jojo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Jojo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jojo\AppData\Local\Temp\sp58915.exe
C:\Users\Jojo\AppData\Local\Temp\SRLDetectionLibrary8259153755837218410.dll
C:\Users\Jojo\AppData\Local\Temp\stubhelper.dll
C:\Users\Jojo\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Jojo\AppData\Local\Temp\~convert3935720013531946161.exe
C:\Users\Jojo\AppData\Local\Temp\~convert7039413829091640852.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-22 16:43
==================== End Of Log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014 02
Ran by Jojo at 2014-02-09 20:40:02
Running from C:\Users\Jojo\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) MUI (x32 Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0117.2242.40496 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden
ESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2 - Hewlett-Packard)
Google Apps Migration For Microsoft® Exchange 3.0.1300.1843 (x32 Version: 3.0.1300.1843 - Google, Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (x32 Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.6.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (x32 Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.5.4.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (x32 Version: 1.0.6381.0 - IDT)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Luminance HDR 2.3.1 (x32 Version: - Luminance HDR Dev Team)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaCoder 0.8.22.5525 (x32 Version: 0.8.22.5525 - Broad Intelligence)
MEDION NAS TOOL (x32 Version: - MEDION)
Memeo Instant Backup (x32 Version: 4.60.0.7939 - Memeo Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MyPhoneExplorer (x32 Version: 1.8.4 - F.J. Wechselberger)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF24 Creator 4.9.0 (x32 Version: - PDF24.org)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (x32 Version: 3.02.07.0 - Ralink)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.3.27.1 - Synaptics Incorporated)
System Requirements Lab CYRI (x32 Version: 6.0.8.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 17.0 (x32 Version: 17.0.10283 - WinZip Computing, S.L. )
==================== Restore Points =========================
20-12-2013 10:43:37 Windows Update
24-12-2013 13:04:28 Windows Update
27-12-2013 17:37:30 Windows Update
31-12-2013 13:22:52 Windows Update
07-01-2014 17:49:12 Windows Update
12-01-2014 10:47:56 Windows Update
18-01-2014 09:27:12 Windows Update
21-01-2014 18:55:50 Windows Update
25-01-2014 10:03:39 Windows Update
01-02-2014 13:16:12 Windows Update
07-02-2014 15:55:31 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {5332D7D4-4C84-4030-A43A-D8B685F397A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {5463D2AB-29C1-4949-BF79-1AA798EDC993} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-09] (Adobe Systems Incorporated)
Task: {7B82AAAF-99C3-4B1F-BAD6-6F1748F3AFCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {7FAECEB5-B713-4EE2-96EB-407FF0ED9FD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {89350CDF-BD36-4B4F-9057-267F31F43DAF} - System32\Tasks\HPCeeScheduleForJojo => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8B42CB0C-FEE4-430E-9669-E3001479495D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3069365654-3097842970-2988167597-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {9C4AA00F-5704-4165-8B25-F6DF45809C30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {9D2355DE-4D86-4083-AFE6-80EEC6863F58} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3069365654-3097842970-2988167597-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {AB2828EB-8D2D-4D51-A5EC-A2616F514C5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {B8B7A2D2-9E4B-4BF1-A39B-849C9C7867D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {BB915682-0EFE-40A0-931C-5BE56AE6EE96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D8D13895-8A98-4E9B-8082-B656092769E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {E052EB03-50E5-48EA-9782-DECD15BAA3B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E6C4913C-175B-44B9-9CA2-8CCCC810EE9B} - System32\Tasks\{4A4E9472-5584-429C-A070-9B665C57BD58} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsProgressBar
Task: {FFF7B161-88FC-4202-B14D-291FEFC835F7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJojo.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-01-06 02:24 - 2012-01-06 02:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-17 21:34 - 2012-01-17 21:34 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-26 14:41 - 2011-12-26 14:41 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-08-10 12:32 - 2013-08-10 12:27 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-05-03 01:43 - 2011-12-16 21:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-02-09 20:33 - 2014-02-09 20:33 - 00098816 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32api.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00110080 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pywintypes27.dll
2014-02-09 20:33 - 2014-02-09 20:33 - 00364544 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pythoncom27.dll
2014-02-09 20:33 - 2014-02-09 20:33 - 00044032 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_socket.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 01153024 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_ssl.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00320512 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32com.shell.shell.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00711680 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_hashlib.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 01175040 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._core_.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00805888 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._gdi_.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00811008 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._windows_.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 01062400 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._controls_.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00735232 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._misc_.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00128512 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_elementtree.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00127488 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pyexpat.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00557056 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pysqlite2._sqlite.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00087040 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_ctypes.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00119808 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32file.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00108544 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32security.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00018432 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32event.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00038912 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32inet.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00122368 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._wizard.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00026624 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_multiprocessing.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00070656 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._html2.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00010240 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\select.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00686080 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\unicodedata.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00025600 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32pdh.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00521680 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\windows._lib_cacheinvalidation.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00011264 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32crypt.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00024064 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32pipe.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00035840 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32process.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00017408 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32profile.pyd
2014-02-09 20:33 - 2014-02-09 20:33 - 00022528 _____ () C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32ts.pyd
2013-08-15 21:20 - 2013-08-15 21:20 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-05-03 01:43 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-20 15:13 - 2013-12-20 15:13 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-05-03 01:43 - 2011-12-16 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2014 08:33:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/09/2014 08:31:42 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (02/09/2014 07:55:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/09/2014 07:53:46 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (02/09/2014 11:49:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/09/2014 11:47:38 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (02/07/2014 04:45:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 04:45:05 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (02/02/2014 04:05:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 04:05:32 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
System errors:
=============
Error: (02/09/2014 08:33:45 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (02/09/2014 08:11:38 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/09/2014 07:52:07 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/08/2014 10:53:18 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/07/2014 04:52:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (02/04/2014 07:41:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/02/2014 02:04:11 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/28/2014 09:47:04 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/28/2014 09:46:56 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/28/2014 06:57:32 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (11/28/2013 09:18:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/28/2013 09:17:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1350 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/01/2013 04:59:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30357 seconds with 480 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 6046.36 MB
Available physical RAM: 3950.22 MB
Total Pagefile: 12090.89 MB
Available Pagefile: 9499.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:445.38 GB) (Free:311.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.08 GB) (Free:2.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.69 GB) (Free:0.82 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6992D5EF)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
Gmer Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-09 20:49:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Jojo\AppData\Local\Temp\kwldypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758f1465 2 bytes [8F, 75]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758f14bb 2 bytes [8F, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758f1465 2 bytes [8F, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758f14bb 2 bytes [8F, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3824] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000758f1465 2 bytes [8F, 75]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3824] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000758f14bb 2 bytes [8F, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758f1465 2 bytes [8F, 75]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758f14bb 2 bytes [8F, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1916:1920] 000000000026d1f6
Thread C:\Windows\SysWOW64\ntdll.dll [1916:2440] 000000007372a7e0
Thread C:\Windows\SysWOW64\ntdll.dll [1916:2412] 0000000071c88960
Thread C:\Windows\SysWOW64\ntdll.dll [1916:2692] 0000000071c88960
Thread C:\Windows\SysWOW64\ntdll.dll [1916:2176] 0000000071c88960
Thread C:\Windows\SysWOW64\ntdll.dll [1916:2180] 0000000071c84090
Thread C:\Windows\SysWOW64\ntdll.dll [1916:4660] 0000000073a6e2cb
Thread [2496:2396] 0000000077b22e65
Thread [2496:3572] 0000000077b23e85
Thread C:\Windows\SysWOW64\ntdll.dll [3304:3288] 0000000000146971
Thread C:\Windows\SysWOW64\ntdll.dll [3304:2192] 0000000073fdb89c
Thread C:\Windows\SysWOW64\ntdll.dll [3304:3384] 0000000073fdbaf3
Thread C:\Windows\SysWOW64\ntdll.dll [3304:728] 0000000073fdb3c2
Thread C:\Windows\SysWOW64\ntdll.dll [3304:2612] 000000007419786a
Thread C:\Windows\System32\svchost.exe [5160:6132] 000007feeef29688
---- Processes - GMER 2.1 ----
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824] (Python Core/Python Software Foundation)(2014-02-09 19:33:02) 000000001e000000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001e8c0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 000000001e7a0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 0000000000490000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 0000000000250000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 0000000010000000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001e800000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 0000000002a80000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 0000000002b40000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 19:33:02) 0000000002c70000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 19:33:02) 0000000000500000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 19:33:02) 0000000002e60000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 19:33:02) 0000000003300000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 0000000003df0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 0000000003ec0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 19:33:02) 0000000003540000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 00000000041b0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 00000000042c0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001d100000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 0000000001ff0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 0000000003f90000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 000000001d1a0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001ea10000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001ec80000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001e9b0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 000000001eaa0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 0000000002070000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 00000000020b0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 0000000005350000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 19:33:02) 0000000005380000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 00000000053a0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 0000000005700000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 000000001eb60000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001e980000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 000000001eb90000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:02) 000000001ebf0000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001ec20000
Library C:\Users\Jojo\AppData\Local\Temp\_MEI39842\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3824](2014-02-09 19:33:01) 000000001ed40000
---- EOF - GMER 2.1 ----
MBAM Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.02.09.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jojo :: JOJO-HP [Administrator]
Schutz: Aktiviert
09.02.2014 18:19:45
mbam-log-2014-02-09 (18-19-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 409872
Laufzeit: 1 Stunde(n), 15 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3NGL8ZK\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jojo\Downloads\MyPhoneExplorer_Setup_1.8.4.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Hoffe, die Files stimmen so und ich danke schon mal für die Hilfe :) |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
