Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Werbung Poppt im Browser (Crome) auf Windows 7 64 bit (https://www.trojaner-board.de/155322-werbung-poppt-browser-crome-windows-7-64-bit.html)

dudellocke 16.06.2014 19:22
Werbung Poppt im Browser (Crome) auf Windows 7 64 bit
 
Liebes Team,

seit einigen Tagen poppt immer wieder Werbung in meinem Browser auf. So Zeug wie Jetzt Virus entfernen oder auch Werbung von bekannten Firmen. Meine Sicherheitssoftware hat heute etwas gefunden (habs in Quarantäne verschoben????) Bei Bedarf schicke ich gerne die Logfiles durch.

im Voraus vielen Dank für die Hilfe

Liebe Grüße

Basti

defogger
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:27 on 16/06/2014 (Chrissi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Chrissi (administrator) on CHRISSI-PC on 16-06-2014 18:28:23
Running from C:\Users\Chrissi\Desktop\Virenproblem
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\IBUpdaterService\ibsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIOE.EXE
(Spotify Ltd) C:\Users\Chrissi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe
() C:\Program Files (x86)\webporpoise\bin\webporpoise.BrowserAdapter.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
() C:\Program Files (x86)\webporpoise\bin\webporpoise.PurBrowse64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\webporpoise\updatewebporpoise.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXCodecHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Users\Chrissi\Desktop\Virenproblem\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-03] (Google Inc.)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIOE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [Spotify] => C:\Users\Chrissi\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-23] (Spotify Ltd)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [Spotify Web Helper] => C:\Users\Chrissi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-23] (Spotify Ltd)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {802065cb-9598-11e1-aff5-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {fd07ed82-1d3a-11e2-9b47-685d4304063b} - F:\AutoRun.exe
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {fd07ed90-1d3a-11e2-9b47-685d4304063b} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3F53AEB0-3FFE-4A6F-B1B8-9D26A902E879} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c2c07af0-f034-4b4b-acb2-29428a314640&apn_sauid=77778456-2DD4-4CD2-8CA5-A0D606B2DBA1
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c2c07af0-f034-4b4b-acb2-29428a314640&apn_ptnrs=%5EABT&apn_sauid=77778456-2DD4-4CD2-8CA5-A0D606B2DBA1&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-08-06]
CHR Extension: (Google Wallet) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Chrissi\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [648992 2012-09-07] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-10-24] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 Update webporpoise; C:\Program Files (x86)\webporpoise\updatewebporpoise.exe [317728 2014-06-16] ()
R2 Util webporpoise; C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe [317728 2014-06-16] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-04] (Avira Operations GmbH & Co. KG)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-10-24] (Huawei Technologies Co., Ltd.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}w64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys [61120 2014-06-09] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 18:28 - 2014-06-16 18:28 - 00000000 ____D () C:\FRST
2014-06-16 18:27 - 2014-06-16 18:27 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-16 18:25 - 2014-06-16 18:25 - 02081280 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-16 18:24 - 2014-06-16 18:25 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\{9D27E361-065F-4D9B-8A3C-03BCDB54202C}
2014-06-16 18:21 - 2014-06-16 18:28 - 00000000 ____D () C:\Users\Chrissi\Desktop\Virenproblem
2014-06-10 21:26 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 21:26 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 21:26 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 21:26 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 21:26 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 21:26 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 21:26 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 21:26 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 21:26 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 21:26 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 21:26 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 21:26 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 21:26 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 21:26 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 21:26 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 21:26 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 21:26 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 21:26 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 21:26 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 21:26 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 21:26 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 21:26 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 21:26 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 21:26 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 21:26 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 21:26 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 21:26 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 21:26 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 21:26 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 21:26 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 21:26 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 21:26 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 21:26 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 21:26 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 21:26 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 21:26 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 21:26 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 21:26 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 21:26 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 21:26 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 21:26 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 21:26 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 21:26 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 21:26 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 21:26 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 21:26 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 21:26 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 21:26 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 21:26 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 21:26 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 21:26 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 21:26 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 21:26 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 21:26 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 21:26 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 21:26 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 21:26 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 21:26 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 21:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 21:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 21:26 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 21:26 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 21:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 21:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 21:23 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 21:23 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 21:03 - 2014-06-09 12:16 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys
2014-06-09 20:50 - 2014-06-09 20:50 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\{BBE7BC50-2DC5-4BE1-8C9D-C8FC1DD9A1B1}
2014-06-09 19:55 - 2014-06-09 19:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-09 16:11 - 2014-06-09 16:11 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\Users\Chrissi\.android
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-06-09 16:10 - 2014-06-10 21:14 - 00000000 ____D () C:\Program Files (x86)\webporpoise
2014-06-09 16:09 - 2014-06-09 16:09 - 07080248 _____ () C:\Users\Chrissi\Downloads\MyPhoneExplorer_1.8.5.exe
2014-05-29 22:53 - 2014-05-29 22:53 - 00000000 _____ () C:\Windows\SysWOW64\sho30BA.tmp
2014-05-29 21:58 - 2014-05-29 21:58 - 00000000 ____D () C:\Users\Chrissi\Desktop\SILKYPIX_DS
2014-05-29 21:49 - 2014-06-09 20:51 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Windows Live
2014-05-29 21:49 - 2014-05-29 21:49 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\{24933516-7832-459D-8AF4-26097BC3B0A1}

==================== One Month Modified Files and Folders =======

2014-06-16 18:29 - 2012-05-03 19:46 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Temp
2014-06-16 18:29 - 2009-07-14 06:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 18:29 - 2009-07-14 06:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 18:28 - 2014-06-16 18:28 - 00000000 ____D () C:\FRST
2014-06-16 18:28 - 2014-06-16 18:21 - 00000000 ____D () C:\Users\Chrissi\Desktop\Virenproblem
2014-06-16 18:27 - 2014-06-16 18:27 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-16 18:27 - 2012-05-03 19:46 - 00000000 ____D () C:\Users\Chrissi
2014-06-16 18:27 - 2012-05-03 19:39 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 18:25 - 2014-06-16 18:25 - 02081280 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-16 18:25 - 2014-06-16 18:24 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\{9D27E361-065F-4D9B-8A3C-03BCDB54202C}
2014-06-16 18:06 - 2012-05-03 19:31 - 01105852 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 17:54 - 2013-10-28 21:00 - 00000000 ____D () C:\PFS8.3 PE_TMP
2014-06-16 17:50 - 2012-05-03 19:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-16 17:36 - 2012-02-21 20:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-16 17:36 - 2012-02-21 20:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-16 17:36 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 16:42 - 2012-05-03 19:48 - 00000000 ____D () C:\Users\Chrissi\Documents\Youcam
2014-06-16 16:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-16 16:41 - 2013-02-03 18:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Spotify
2014-06-16 16:41 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-16 16:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-16 16:39 - 2009-07-14 06:51 - 00061146 _____ () C:\Windows\setupact.log
2014-06-11 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:00 - 2014-05-07 13:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 23:46 - 2012-05-03 20:29 - 00000000 __SHD () C:\Users\Chrissi\AppData\Roaming\.#
2014-06-10 23:46 - 2012-05-03 20:29 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-06-10 21:14 - 2014-06-09 16:10 - 00000000 ____D () C:\Program Files (x86)\webporpoise
2014-06-10 21:10 - 2013-08-06 08:27 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-10 21:10 - 2013-08-06 08:27 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-09 21:37 - 2013-02-22 09:14 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\MyPhoneExplorer
2014-06-09 20:51 - 2014-05-29 21:49 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Windows Live
2014-06-09 20:50 - 2014-06-09 20:50 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\{BBE7BC50-2DC5-4BE1-8C9D-C8FC1DD9A1B1}
2014-06-09 19:55 - 2014-06-09 19:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-09 16:11 - 2014-06-09 16:11 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\Users\Chrissi\.android
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-06-09 16:11 - 2013-02-22 09:14 - 00002065 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-06-09 16:11 - 2013-02-22 09:14 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-06-09 16:09 - 2014-06-09 16:09 - 07080248 _____ () C:\Users\Chrissi\Downloads\MyPhoneExplorer_1.8.5.exe
2014-06-09 12:16 - 2014-06-10 21:03 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys
2014-06-08 11:13 - 2014-06-10 21:23 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-10 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-31 08:31 - 2012-12-19 08:45 - 00179200 ___SH () C:\Users\Chrissi\Desktop\Thumbs.db
2014-05-31 07:38 - 2010-11-21 05:47 - 00307382 _____ () C:\Windows\PFRO.log
2014-05-30 12:21 - 2014-06-10 21:26 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-10 21:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-10 21:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-10 21:26 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-10 21:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-10 21:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-10 21:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-10 21:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-10 21:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-10 21:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-10 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-10 21:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-10 21:26 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-10 21:26 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-10 21:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-10 21:26 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-10 21:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-10 21:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-10 21:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-10 21:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-10 21:26 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-10 21:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-10 21:26 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-10 21:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-10 21:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-10 21:26 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-10 21:26 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-10 21:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-10 21:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-10 21:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-10 21:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-10 21:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-10 21:26 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-10 21:26 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-10 21:26 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-10 21:26 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-10 21:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-10 21:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-10 21:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-10 21:26 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-10 21:26 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-10 21:26 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-10 21:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-10 21:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-10 21:26 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-10 21:26 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-10 21:26 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-10 21:26 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-10 21:26 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-10 21:26 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-10 21:26 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-10 21:26 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 22:53 - 2014-05-29 22:53 - 00000000 _____ () C:\Windows\SysWOW64\sho30BA.tmp
2014-05-29 21:58 - 2014-05-29 21:58 - 00000000 ____D () C:\Users\Chrissi\Desktop\SILKYPIX_DS
2014-05-29 21:49 - 2014-05-29 21:49 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\{24933516-7832-459D-8AF4-26097BC3B0A1}
2014-05-25 11:46 - 2012-05-03 19:39 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\Chrissi\AppData\Local\Temp\ABP_InstallChecker.exe
C:\Users\Chrissi\AppData\Local\Temp\ABP_TB0001.exe
C:\Users\Chrissi\AppData\Local\Temp\AskSLib.dll
C:\Users\Chrissi\AppData\Local\Temp\avgnt.exe
C:\Users\Chrissi\AppData\Local\Temp\COMAP.EXE
C:\Users\Chrissi\AppData\Local\Temp\Offer100.exe
C:\Users\Chrissi\AppData\Local\Temp\setup.exe
C:\Users\Chrissi\AppData\Local\Temp\_is58E9.exe
C:\Users\Chrissi\AppData\Local\Temp\_is8E89.exe
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 00:04

==================== End Of Log ============================
Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by Chrissi at 2014-06-16 18:30:11
Running from C:\Users\Chrissi\Desktop\Virenproblem
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ALDI SÜD Mah Jong (HKLM-x32\...\ALDI SÜD Mah Jong) (Version:  - )
AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.2.1.8 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - BabylonToolbar) <==== ATTENTION
BabylonObjectInstaller (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Benutzerhandbuch EPSON XP-30 33 Series (HKLM-x32\...\EPSON XP-30 33 Series Useg) (Version:  - )
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.1.2414a - CyberLink Corp.) Hidden
CyberLink PhotoDirector 2011 (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2430 - CyberLink Corp.)
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3621 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3621 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3622.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3622.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1402 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.1402 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.1.0 - devolo AG)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
EPSON XP-30 33 Series Printer Uninstall (HKLM\...\EPSON XP-30 33 Series) (Version:  - SEIKO EPSON Corporation)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.5.3 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java(TM) 7 Update 2 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myMugle (HKLM-x32\...\myMugle3.0.0.0) (Version: 3.0.0.0 - Computer Business Solutions)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version:  - Markement GmbH)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.209.0 - Tracker Software Products Ltd)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0055 - Pegatron Corporation)
PHOTOfunSTUDIO 8.3 PE (HKLM-x32\...\{5F07A881-4A7F-4F16-AF9E-F2202B504A91}) (Version: 8.03.713 - Panasonic Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.3 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Updater Service (HKLM-x32\...\Updater Service) (Version: 14,12,8,9 - ) <==== ATTENTION
watchmi (HKLM-x32\...\{F0559C5E-7912-4391-B1A0-6B975F0E5064}) (Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
webporpoise (HKLM\...\webporpoise) (Version: 2014.06.06.010533 - webporpoise) <==== ATTENTION
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

03-06-2014 14:00:43 Geplanter Prüfpunkt
10-06-2014 22:11:28 Geplanter Prüfpunkt
11-06-2014 01:00:14 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {183F8C73-8574-4E3F-8D32-BDA5C03C02D1} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-02-02] (CyberLink Corp.)
Task: {8C29780A-0847-43F6-B9F2-69F0BD3C0E83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03] (Google Inc.)
Task: {DF48CC79-AA94-4405-B1E4-10FF615D37B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-22 18:36 - 2009-12-19 01:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2012-02-22 18:36 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2012-09-07 19:41 - 2012-09-07 19:40 - 00648992 _____ () C:\ProgramData\IBUpdaterService\ibsvc.exe
2012-10-24 21:27 - 2012-10-24 21:26 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2012-02-22 20:09 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-02-22 18:36 - 2012-02-07 03:34 - 00823808 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2012-02-22 18:36 - 2010-01-13 03:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-02-22 18:36 - 2010-01-13 03:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2012-01-31 11:24 - 2012-01-31 11:24 - 00070144 _____ () C:\Program Files (x86)\watchmi\TvdService.exe
2012-05-03 19:39 - 2012-05-03 19:39 - 00059904 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\3.0.0.8__f722db7bec59a14b\Tvd.Remote.dll
2012-05-03 19:39 - 2012-05-03 19:39 - 00034304 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Tools\3.0.0.8__f722db7bec59a14b\Tvd.Tools.dll
2012-05-03 19:39 - 2012-05-03 19:39 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\FingerPrint\1.0.0.0__a62e68e935d72fa6\FingerPrint.dll
2012-05-03 19:39 - 2012-05-03 19:39 - 00079360 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Reporting\3.0.0.8__f722db7bec59a14b\Tvd.Reporting.dll
2012-05-03 19:39 - 2012-05-03 19:39 - 00153088 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Aprico\3.0.0.8__f722db7bec59a14b\Tvd.Aprico.dll
2012-02-22 00:09 - 2012-01-06 03:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-22 18:36 - 2012-01-13 03:58 - 00552960 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2012-02-22 18:36 - 2012-01-13 03:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2012-02-22 18:36 - 2011-12-21 01:08 - 03454464 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2014-06-09 19:38 - 2014-06-16 16:40 - 00317728 _____ () C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe
2014-06-09 19:40 - 2014-06-09 21:16 - 00096544 _____ () C:\Program Files (x86)\webporpoise\bin\webporpoise.BrowserAdapter.exe
2012-01-31 11:24 - 2012-01-31 11:24 - 01070592 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2012-01-31 11:24 - 2012-01-31 11:24 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2014-06-10 21:03 - 2014-06-14 22:42 - 00287008 _____ () C:\Program Files (x86)\webporpoise\bin\webporpoise.PurBrowse64.exe
2014-06-06 03:05 - 2014-06-16 16:45 - 00317728 _____ () C:\Program Files (x86)\webporpoise\updatewebporpoise.exe
2014-06-16 18:23 - 2014-06-16 18:23 - 00050477 _____ () C:\Users\Chrissi\Desktop\Virenproblem\Defogger.exe
2012-10-24 21:27 - 2012-10-24 21:26 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2012-10-24 21:27 - 2012-10-24 21:26 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2012-10-24 21:27 - 2012-10-24 21:26 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2012-10-24 21:27 - 2012-10-24 21:26 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2012-10-24 21:27 - 2012-10-24 21:26 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2012-10-24 21:27 - 2012-10-24 21:26 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2012-02-22 18:36 - 2009-12-19 01:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-02-22 18:36 - 2009-12-19 01:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2010-08-04 01:39 - 2010-08-04 01:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 01:39 - 2010-08-04 01:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-26 23:48 - 2014-02-26 23:48 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-02-22 00:36 - 2011-11-30 06:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-02-22 00:21 - 2011-12-16 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-25 11:46 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-25 11:46 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-25 11:46 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-25 11:46 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-25 11:46 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-25 11:46 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2014 04:40:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 04:40:02 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/11/2014 03:20:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 03:19:54 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/10/2014 09:16:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 09:15:05 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/10/2014 09:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.2.183.21, Zeitstempel: 0x4b95e661
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x3b4
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3

Error: (06/09/2014 09:42:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.5, Zeitstempel: 0x5224f76d
Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15, Zeitstempel: 0x4a5bda6c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00093ab4
ID des fehlerhaften Prozesses: 0x24b4
Startzeit der fehlerhaften Anwendung: 0xMyPhoneExplorer.exe0
Pfad der fehlerhaften Anwendung: MyPhoneExplorer.exe1
Pfad des fehlerhaften Moduls: MyPhoneExplorer.exe2
Berichtskennung: MyPhoneExplorer.exe3

Error: (06/09/2014 09:42:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.5, Zeitstempel: 0x5224f76d
Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15, Zeitstempel: 0x4a5bda6c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000ca40e
ID des fehlerhaften Prozesses: 0x24b4
Startzeit der fehlerhaften Anwendung: 0xMyPhoneExplorer.exe0
Pfad der fehlerhaften Anwendung: MyPhoneExplorer.exe1
Pfad des fehlerhaften Moduls: MyPhoneExplorer.exe2
Berichtskennung: MyPhoneExplorer.exe3

Error: (06/05/2014 09:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.2.183.21, Zeitstempel: 0x4b95e661
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1200
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3


System errors:
=============
Error: (06/16/2014 04:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/16/2014 04:40:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (06/16/2014 04:38:47 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Treiber ACPI hat eine ungültige ID für das untergeordnete Gerät (1) zurückgegeben.

Error: (06/11/2014 03:19:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/11/2014 03:19:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (06/11/2014 03:18:31 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: Treiber ACPI hat eine ungültige ID für das untergeordnete Gerät (1) zurückgegeben.

Error: (06/10/2014 09:15:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/10/2014 09:15:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (06/10/2014 09:14:25 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Treiber ACPI hat eine ungültige ID für das untergeordnete Gerät (1) zurückgegeben.

Error: (05/31/2014 07:39:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/16/2014 04:40:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 04:40:02 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/11/2014 03:20:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 03:19:54 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/10/2014 09:16:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 09:15:05 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
  bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
  bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
  --- Ende der internen Ausnahmestapelüberwachung ---
  bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
  bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
  bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.  bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
  bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
  bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (06/10/2014 09:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea8e7c0000005000223e03b401cf84ddd7b41e24C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllb9b88950-f0d2-11e3-9ffb-685d4304063b

Error: (06/09/2014 09:42:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MyPhoneExplorer.exe1.8.0.55224f76dMSVBVM60.DLL6.0.98.154a5bda6cc000000500093ab424b401cf8412fd4d7264C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exeC:\Windows\system32\MSVBVM60.DLL2add02e8-f00e-11e3-9ffb-685d4304063b

Error: (06/09/2014 09:42:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MyPhoneExplorer.exe1.8.0.55224f76dMSVBVM60.DLL6.0.98.154a5bda6cc0000005000ca40e24b401cf8412fd4d7264C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exeC:\Windows\system32\MSVBVM60.DLL25b3fb80-f00e-11e3-9ffb-685d4304063b

Error: (06/05/2014 09:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea8e7c0000005000223e0120001cf80f354aba864C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll8f3d2edd-ece8-11e3-9ffb-685d4304063b


==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8086.48 MB
Available physical RAM: 5357.86 MB
Total Pagefile: 16171.15 MB
Available Pagefile: 12989 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:310.19 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:22.91 GB) NTFS
Drive e: (DLAN-500AV-WRLP) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
Gmer
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-16 19:40:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0011 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Chrissi\AppData\Local\Temp\fxliafod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                  fffff80003002000 76 bytes [00, 00, CE, 00, 54, 63, 70, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                                  fffff8000300204f 7 bytes [00, 60, B2, 67, 07, 80, FA]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\ProgramData\IBUpdaterService\ibsvc.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              00000000754a1465 2 bytes [4A, 75]
.text    C:\ProgramData\IBUpdaterService\ibsvc.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[1512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[1512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                    00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\webporpoise\bin\webporpoise.BrowserAdapter.exe[6796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\webporpoise\bin\webporpoise.BrowserAdapter.exe[6796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
.text    C:\Program Files (x86)\webporpoise\updatewebporpoise.exe[6420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              00000000754a1465 2 bytes [4A, 75]
.text    C:\Program Files (x86)\webporpoise\updatewebporpoise.exe[6420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000754a14bb 2 bytes [4A, 75]
.text    ...                                                                                                                                                                  * 2
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2832](2012-10-24 19:27:05)        000000006fbc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2832](2012-10-24 19:27:05)  000000006e940000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2832](2012-10-24 19:27:05)        000000006a1c0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2832](2012-10-24 19:27:05)      000000006ff00000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2832](2012-10-24 19:27:05)  000000006efc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2832](2012-10-24 19:27:05)          000000006ed40000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00150084d3f6                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d430211f0                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d4304063b                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d4304063b@d0176a9cc94a                                                                            0x78 0x12 0x14 0x81 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d4304063b@380a94a11d94                                                                            0x63 0xDA 0x91 0xF0 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d4304063b@c488e5a12ad0                                                                            0xA5 0xC8 0x78 0x41 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d4304063b@f06bcaac229e                                                                            0x43 0x06 0x16 0x3B ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d4304063b@6cf373c3af70                                                                            0xBD 0xCF 0x41 0x9B ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00150084d3f6 (not active ControlSet)                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d430211f0 (not active ControlSet)                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d4304063b (not active ControlSet)                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d4304063b@d0176a9cc94a                                                                                0x78 0x12 0x14 0x81 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d4304063b@380a94a11d94                                                                                0x63 0xDA 0x91 0xF0 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d4304063b@c488e5a12ad0                                                                                0xA5 0xC8 0x78 0x41 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d4304063b@f06bcaac229e                                                                                0x43 0x06 0x16 0x3B ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d4304063b@6cf373c3af70                                                                                0xBD 0xCF 0x41 0x9B ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 16.06.2014 20:57
hi,

Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

dudellocke 16.06.2014 22:44
Hallo Schrauber,

zuerst mal Danke für die schnelle Antwort!
Habe alles wie gewünscht ausgeführt hier die Ergebnisse!
Bin schon gespannt, es ploppt schon nichts mehr auf.
Vielleicht hast du mir noch nen Tipp, wie ich soetwas in Zukunft vermeiden kann.

Liebe Grüße


Code:
# AdwCleaner v3.212 - Bericht erstellt am 16/06/2014 um 23:17:21
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Chrissi - CHRISSI-PC
# Gestartet von : C:\Users\Chrissi\Desktop\Virenproblem\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Chrissi\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Chrissi\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Chrissi\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Chrissi\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Chrissi\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Gast\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\BabylonToolbar
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c2c07af0-f034-4b4b-acb2-29428a314640&apn_ptnrs=%5EABT&apn_sauid=77778456-2DD4-4CD2-8CA5-A0D606B2DBA1&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.dihk.de/isuche?SearchableText={searchTerms}&x=0&y=0&facet=true&facet.field=kategorie&facet.field=dokumentart
Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_lcl&s=web&rlz=0&sd=1&as=3&ac=0
Gelöscht [Homepage] : hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
Gelöscht [Extension] : dhkplhfnhceodhffomolpfigojocbpcb

[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4555 octets] - [16/06/2014 23:16:00]
AdwCleaner[S0].txt - [4355 octets] - [16/06/2014 23:17:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4415 octets] ##########
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Chrissi (administrator) on CHRISSI-PC on 16-06-2014 23:38:32
Running from C:\Users\Chrissi\Desktop\Virenproblem
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIOE.EXE
(Spotify Ltd) C:\Users\Chrissi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-03] (Google Inc.)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIOE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [Spotify] => C:\Users\Chrissi\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-23] (Spotify Ltd)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [Spotify Web Helper] => C:\Users\Chrissi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-23] (Spotify Ltd)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {802065cb-9598-11e1-aff5-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {fd07ed82-1d3a-11e2-9b47-685d4304063b} - F:\AutoRun.exe
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {fd07ed90-1d3a-11e2-9b47-685d4304063b} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=c2c07af0-f034-4b4b-acb2-29428a314640&apn_ptnrs=%5EABT&apn_sauid=77778456-2DD4-4CD2-8CA5-A0D606B2DBA1&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-10-24] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-04] (Avira Operations GmbH & Co. KG)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-10-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}w64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys [61120 2014-06-09] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 23:32 - 2014-06-16 23:32 - 00002897 _____ () C:\Users\Chrissi\Desktop\JRT.txt
2014-06-16 23:25 - 2014-06-16 23:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 23:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-16 23:13 - 2014-06-16 23:17 - 00000000 ____D () C:\AdwCleaner
2014-06-16 22:32 - 2014-06-16 23:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 22:31 - 2014-06-16 22:31 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 22:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 22:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 22:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-16 22:21 - 2014-06-16 22:21 - 00001272 _____ () C:\Users\Chrissi\Desktop\Revo Uninstaller.lnk
2014-06-16 22:21 - 2014-06-16 22:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95.exe
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95 (1).exe
2014-06-16 19:57 - 2014-06-16 19:57 - 01110476 _____ () C:\Users\Chrissi\Downloads\7z920.exe
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-16 18:28 - 2014-06-16 23:38 - 00000000 ____D () C:\FRST
2014-06-16 18:27 - 2014-06-16 18:27 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-16 18:25 - 2014-06-16 18:25 - 02081280 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-16 18:21 - 2014-06-16 23:38 - 00000000 ____D () C:\Users\Chrissi\Desktop\Virenproblem
2014-06-10 21:26 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 21:26 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 21:26 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 21:26 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 21:26 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 21:26 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 21:26 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 21:26 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 21:26 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 21:26 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 21:26 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 21:26 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 21:26 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 21:26 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 21:26 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 21:26 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 21:26 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 21:26 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 21:26 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 21:26 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 21:26 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 21:26 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 21:26 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 21:26 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 21:26 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 21:26 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 21:26 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 21:26 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 21:26 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 21:26 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 21:26 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 21:26 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 21:26 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 21:26 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 21:26 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 21:26 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 21:26 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 21:26 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 21:26 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 21:26 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 21:26 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 21:26 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 21:26 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 21:26 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 21:26 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 21:26 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 21:26 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 21:26 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 21:26 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 21:26 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 21:26 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 21:26 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 21:26 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 21:26 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 21:26 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 21:26 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 21:26 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 21:26 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 21:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 21:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 21:26 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 21:26 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 21:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 21:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 21:23 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 21:23 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 21:03 - 2014-06-09 12:16 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys
2014-06-09 19:55 - 2014-06-09 19:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-09 16:11 - 2014-06-09 16:11 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\Users\Chrissi\.android
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-06-09 16:09 - 2014-06-09 16:09 - 07080248 _____ () C:\Users\Chrissi\Downloads\MyPhoneExplorer_1.8.5.exe
2014-05-29 21:58 - 2014-05-29 21:58 - 00000000 ____D () C:\Users\Chrissi\Desktop\SILKYPIX_DS
2014-05-29 21:49 - 2014-06-09 20:51 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2014-06-16 23:39 - 2012-05-03 19:46 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Temp
2014-06-16 23:38 - 2014-06-16 18:28 - 00000000 ____D () C:\FRST
2014-06-16 23:38 - 2014-06-16 18:21 - 00000000 ____D () C:\Users\Chrissi\Desktop\Virenproblem
2014-06-16 23:32 - 2014-06-16 23:32 - 00002897 _____ () C:\Users\Chrissi\Desktop\JRT.txt
2014-06-16 23:28 - 2009-07-14 06:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 23:28 - 2009-07-14 06:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 23:27 - 2012-05-03 19:39 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 23:27 - 2012-02-21 20:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-16 23:27 - 2012-02-21 20:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-16 23:27 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 23:25 - 2014-06-16 23:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 23:22 - 2014-06-16 22:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 23:22 - 2012-05-03 19:48 - 00000000 ____D () C:\Users\Chrissi\Documents\Youcam
2014-06-16 23:21 - 2013-02-03 18:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Spotify
2014-06-16 23:19 - 2012-05-03 19:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-16 23:18 - 2010-11-21 05:47 - 00318846 _____ () C:\Windows\PFRO.log
2014-06-16 23:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-16 23:18 - 2009-07-14 06:51 - 00061370 _____ () C:\Windows\setupact.log
2014-06-16 23:17 - 2014-06-16 23:13 - 00000000 ____D () C:\AdwCleaner
2014-06-16 23:17 - 2012-09-07 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 23:17 - 2012-05-03 19:31 - 01132808 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 22:31 - 2014-06-16 22:31 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 22:29 - 2012-05-03 19:39 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 22:21 - 2014-06-16 22:21 - 00001272 _____ () C:\Users\Chrissi\Desktop\Revo Uninstaller.lnk
2014-06-16 22:21 - 2014-06-16 22:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95.exe
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95 (1).exe
2014-06-16 22:16 - 2012-05-03 20:29 - 00000000 __SHD () C:\Users\Chrissi\AppData\Roaming\.#
2014-06-16 21:17 - 2012-05-03 20:29 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-06-16 19:57 - 2014-06-16 19:57 - 01110476 _____ () C:\Users\Chrissi\Downloads\7z920.exe
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-16 19:57 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-16 18:27 - 2014-06-16 18:27 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-16 18:27 - 2012-05-03 19:46 - 00000000 ____D () C:\Users\Chrissi
2014-06-16 18:25 - 2014-06-16 18:25 - 02081280 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-16 17:54 - 2013-10-28 21:00 - 00000000 ____D () C:\PFS8.3 PE_TMP
2014-06-16 16:42 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-11 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:00 - 2014-05-07 13:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 21:10 - 2013-08-06 08:27 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-10 21:10 - 2013-08-06 08:27 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-09 21:37 - 2013-02-22 09:14 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\MyPhoneExplorer
2014-06-09 20:51 - 2014-05-29 21:49 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Windows Live
2014-06-09 19:55 - 2014-06-09 19:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-09 16:11 - 2014-06-09 16:11 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\Users\Chrissi\.android
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-06-09 16:11 - 2013-02-22 09:14 - 00002065 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-06-09 16:11 - 2013-02-22 09:14 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-06-09 16:09 - 2014-06-09 16:09 - 07080248 _____ () C:\Users\Chrissi\Downloads\MyPhoneExplorer_1.8.5.exe
2014-06-09 12:16 - 2014-06-10 21:03 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys
2014-06-08 11:13 - 2014-06-10 21:23 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-10 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-31 08:31 - 2012-12-19 08:45 - 00179200 ___SH () C:\Users\Chrissi\Desktop\Thumbs.db
2014-05-30 12:21 - 2014-06-10 21:26 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-10 21:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-10 21:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-10 21:26 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-10 21:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-10 21:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-10 21:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-10 21:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-10 21:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-10 21:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-10 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-10 21:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-10 21:26 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-10 21:26 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-10 21:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-10 21:26 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-10 21:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-10 21:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-10 21:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-10 21:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-10 21:26 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-10 21:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-10 21:26 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-10 21:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-10 21:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-10 21:26 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-10 21:26 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-10 21:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-10 21:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-10 21:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-10 21:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-10 21:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-10 21:26 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-10 21:26 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-10 21:26 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-10 21:26 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-10 21:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-10 21:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-10 21:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-10 21:26 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-10 21:26 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-10 21:26 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-10 21:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-10 21:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-10 21:26 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-10 21:26 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-10 21:26 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-10 21:26 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-10 21:26 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-10 21:26 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-10 21:26 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-10 21:26 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 21:58 - 2014-05-29 21:58 - 00000000 ____D () C:\Users\Chrissi\Desktop\SILKYPIX_DS

Some content of TEMP:
====================
C:\Users\Chrissi\AppData\Local\Temp\ABP_InstallChecker.exe
C:\Users\Chrissi\AppData\Local\Temp\ABP_TB0001.exe
C:\Users\Chrissi\AppData\Local\Temp\AskSLib.dll
C:\Users\Chrissi\AppData\Local\Temp\avgnt.exe
C:\Users\Chrissi\AppData\Local\Temp\COMAP.EXE
C:\Users\Chrissi\AppData\Local\Temp\Offer100.exe
C:\Users\Chrissi\AppData\Local\Temp\Quarantine.exe
C:\Users\Chrissi\AppData\Local\Temp\setup.exe
C:\Users\Chrissi\AppData\Local\Temp\_is58E9.exe
C:\Users\Chrissi\AppData\Local\Temp\_is8E89.exe
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 00:04

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chrissi on 16.06.2014 at 23:25:54,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3F53AEB0-3FFE-4A6F-B1B8-9D26A902E879}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho30BA.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{0AD09C3B-B7BE-4472-840C-14B667EB848D}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{0DB5D0D4-5377-43A1-A424-F2768D25632A}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{0E1B3D2D-17B4-4EFF-9D5B-E637043CC23B}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{0EE545FE-A719-4A77-AA34-D2E58974BCFC}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{24933516-7832-459D-8AF4-26097BC3B0A1}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{45B08FD7-16FA-43FD-95CB-A9E7105CD5D7}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{79A532E1-914A-4334-BB5A-EFA806E68524}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{9D27E361-065F-4D9B-8A3C-03BCDB54202C}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{AB191304-4853-41B8-AF9D-DCB9E10F435E}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{ACBA64AB-99F9-4BF5-B05F-72D6A4554009}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{BBE7BC50-2DC5-4BE1-8C9D-C8FC1DD9A1B1}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{BFDF70C9-1E4A-4A48-AEF2-87140364F336}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{D90BBE0F-215B-46EB-B1EE-335949D97507}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{E257C4E0-9215-4678-8D57-87307310A19E}
Successfully deleted: [Empty Folder] C:\Users\Chrissi\appdata\local\{F2C951DC-C62D-420F-B66A-3CDC16A0041C}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Chrissi\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.06.2014 at 23:32:27,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.06.2014
Suchlauf-Zeit: 22:35:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.16.07
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Chrissi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 321388
Verstrichene Zeit: 14 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 6
PUP.BundleInstaller.IB, C:\ProgramData\IBUpdaterService\ibsvc.exe, 2320, Löschen bei Neustart, [da4d93e6413a2016583ca30ed72927d9]
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\updatewebporpoise.exe, 3804, Löschen bei Neustart, [6bbcde9b0e6df046f12477faf50cf808]
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe, 4500, Löschen bei Neustart, [d15626531e5d082eef268de48c75fd03]
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\webporpoise.BrowserAdapter.exe, 2056, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d]
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\webporpoise.PurBrowse64.exe, 4804, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d]
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\ibsvc.exe, 2320, Löschen bei Neustart, [f03791e82e4df244dbdce3cf07fc2bd5]

Module: 3
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\webporpoiseBAApp.dll, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\{572f484b-455f-44b0-9d6a-da3ad2071365}.dll, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\{572f484b-455f-44b0-9d6a-da3ad2071365}.dll, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],

Registrierungsschlüssel: 63
PUP.BundleInstaller.IB, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService, In Quarantäne, [da4d93e6413a2016583ca30ed72927d9],
PUP.BundleInstaller.IB, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service, In Quarantäne, [da4d93e6413a2016583ca30ed72927d9],
PUP.Optional.Webporpoise.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update webporpoise, In Quarantäne, [6bbcde9b0e6df046f12477faf50cf808],
PUP.Optional.Webporpoise.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util webporpoise, In Quarantäne, [d15626531e5d082eef268de48c75fd03],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [bf682e4be794ad89936cee89a45ea45c],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [bf682e4be794ad89936cee89a45ea45c],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [bf682e4be794ad89936cee89a45ea45c],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [bf682e4be794ad89936cee89a45ea45c],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [4cdbed8cf9824aecec4bd6a110f25ca4],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [4cdbed8cf9824aecec4bd6a110f25ca4],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, In Quarantäne, [90971d5c4c2fc0760af46413689ab54b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [90971d5c4c2fc0760af46413689ab54b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [90971d5c4c2fc0760af46413689ab54b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [90971d5c4c2fc0760af46413689ab54b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [90971d5c4c2fc0760af46413689ab54b],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, In Quarantäne, [8a9d483184f73df9679be98f778bc937],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, In Quarantäne, [8a9d483184f73df9679be98f778bc937],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, In Quarantäne, [8a9d483184f73df9679be98f778bc937],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [7bac7dfccbb0b284bd43a5d338ca2dd3],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [35f25b1eb4c7e74fe120780042c0c63a],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webporpoise, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
Adware.InstallBrain, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService, In Quarantäne, [f03791e82e4df244dbdce3cf07fc2bd5],
Adware.InstallBrain, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service, In Quarantäne, [f03791e82e4df244dbdce3cf07fc2bd5],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, In Quarantäne, [7daa1a5f5f1c8ea8d4a2a634e122f10f],
PUP.Optional.Webporpoise.A, HKLM\SOFTWARE\WOW6432NODE\webporpoise, In Quarantäne, [a87fed8ccead77bf6be843714bb723dd],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-4082896914-2718785484-2584533709-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Löschen bei Neustart, [5fc8df9a0576a690e3b217c529daaf51],
PUP.Optional.Webporpoise.A, HKU\S-1-5-21-4082896914-2718785484-2584533709-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\webporpoise, Löschen bei Neustart, [4ddafd7c87f472c41d352e86887a5ca4],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 8
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\plugins, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\TEMP, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService, Löschen bei Neustart, [2ff81f5a5f1c84b2bdfb9a18679c5ca4],
PUP.Optional.BabylonToolbar.A, C:\Users\Chrissi\AppData\Local\Temp\mt_ffx\BabylonToolbar, In Quarantäne, [2304d0a90873072f9bdc93f7b84af40c],
PUP.Optional.BabylonToolbar.A, C:\Users\Chrissi\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar, In Quarantäne, [2304d0a90873072f9bdc93f7b84af40c],
PUP.Optional.BabylonToolbar.A, C:\Users\Chrissi\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.6.9.12, In Quarantäne, [2304d0a90873072f9bdc93f7b84af40c],

Dateien: 32
PUP.BundleInstaller.IB, C:\ProgramData\IBUpdaterService\ibsvc.exe, Löschen bei Neustart, [da4d93e6413a2016583ca30ed72927d9],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\updatewebporpoise.exe, Löschen bei Neustart, [6bbcde9b0e6df046f12477faf50cf808],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe, Löschen bei Neustart, [d15626531e5d082eef268de48c75fd03],
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe, In Quarantäne, [bf682e4be794ad89936cee89a45ea45c],
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarEng.dll, In Quarantäne, [8a9d483184f73df9679be98f778bc937],
PUP.BundleInstaller.IB, C:\Users\Chrissi\Downloads\DriverPerformer.exe, In Quarantäne, [41e62a4f512a5dd91e761a97b14fe51b],
PUP.Optional.OpenCandy, C:\Users\Chrissi\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, In Quarantäne, [cd5a5a1fa0db91a5d4bb7b225da7a060],
PUP.Optional.Babylon.A, C:\Users\Chrissi\AppData\Roaming\BabMaint.exe, In Quarantäne, [35f25920b9c263d3885c069fc53d4cb4],
PUP.Optional.Babylon.A, C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, In Quarantäne, [65c28fea205b87afbc2904a10ff3ad53],
PUP.Optional.Babylon.A, C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, In Quarantäne, [e443f8814932a88e26bf673eba4841bf],
PUP.Optional.Superfish.A, C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [0c1ba6d3f982f24465a7d3d7e22056aa],
PUP.Optional.Superfish.A, C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [d156bebb19620d29a06c07a3b052d62a],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\webporpoise.ico, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\0, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\7za.exe, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\updatewebporpoise.InstallState, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\webporpoiseUninstall.exe, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\7za.exe, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\BrowserAdapterS.7z, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.InstallState, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\webporpoise.BrowserAdapter.exe, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\webporpoise.PurBrowse.zip, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\webporpoise.PurBrowse64.exe, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\webporpoiseBAApp.dll, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\{572f484b-455f-44b0-9d6a-da3ad2071365}.dll, Löschen bei Neustart, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\plugins\webporpoise.Bromon.dll, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\plugins\webporpoise.BroStats.dll, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\plugins\webporpoise.BrowserAdapterS.dll, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\plugins\webporpoise.CompatibilityChecker.dll, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
PUP.Optional.Webporpoise.A, C:\Program Files (x86)\webporpoise\bin\plugins\webporpoise.PurBrowse.dll, In Quarantäne, [8d9abfbad3a88ea8f859c0f48d75936d],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\ibsvc.exe, Löschen bei Neustart, [f03791e82e4df244dbdce3cf07fc2bd5],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [2ff81f5a5f1c84b2bdfb9a18679c5ca4],

Physische Sektoren: 0
(No malicious items detected)


(end)

schrauber 17.06.2014 10:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

dudellocke 18.06.2014 20:18
Hallo Schrauber,

habe erneut alles ausgeführt hier die LOGs

Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 7 Update 2 
 Java version out of Date!
  Adobe Flash Player 11.1.102.62 Flash Player out of Date! 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Google Chrome 35.0.1916.114 
 Google Chrome 35.0.1916.153 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Mobile Partner OnlineUpdate ouc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=f970ce029aa15a4b9f4c7a47b09bc23b
# engine=18762
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-17 08:52:59
# local_time=2014-06-17 10:52:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 7361 147590557 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 29411358 154668229 0 0
# scanned=192396
# found=11
# cleaned=0
# scan_time=5717
sh=656680913303F56C2ED51C02A62F3EF817AFD93E ft=1 fh=c701ece1573d7829 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chrissi\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=F77C9AB69FA9FCA61F147952E3946EABC2F2347B ft=1 fh=1fa843dc9ed2f897 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Temp\bus128C\BabMaint.x"
sh=A40BF4CD7679625A45C95905C1E023335BC880FC ft=1 fh=bd318a65c3a97181 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Temp\bus128C\BUSolution.x"
sh=F77C9AB69FA9FCA61F147952E3946EABC2F2347B ft=1 fh=1fa843dc9ed2f897 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Temp\bus8D40\BabMaint.x"
sh=A40BF4CD7679625A45C95905C1E023335BC880FC ft=1 fh=bd318a65c3a97181 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Temp\bus8D40\BUSolution.x"
sh=020FCD9F92900EEDA7B6F24AD63B3B61F31B78B8 ft=1 fh=822edc5fee5ddb7e vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Temp\busABD9\BabMaint.x"
sh=656680913303F56C2ED51C02A62F3EF817AFD93E ft=1 fh=c701ece1573d7829 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Temp\busABD9\BUSolution.x"
sh=DF4FB1B2D51A6D5F64FA31858598711134756D63 ft=1 fh=e80bf87c095f43cc vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\AppData\Local\Temp\ibtmp9d3c207\component_532.decrpt"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Chrissi\Downloads\MyPhoneExplorer_1.8.5.exe"
sh=6A859B87A0320253D474441D76A966AA85F25AE0 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\21dc0a1.msi"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe"

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Chrissi (administrator) on CHRISSI-PC on 17-06-2014 23:25:17
Running from C:\Users\Chrissi\Desktop\Virenproblem
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIOE.EXE
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Spotify Ltd) C:\Users\Chrissi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-03] (Google Inc.)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIOE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [Spotify] => C:\Users\Chrissi\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-23] (Spotify Ltd)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\Run: [Spotify Web Helper] => C:\Users\Chrissi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-23] (Spotify Ltd)
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {802065cb-9598-11e1-aff5-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {fd07ed82-1d3a-11e2-9b47-685d4304063b} - F:\AutoRun.exe
HKU\S-1-5-21-4082896914-2718785484-2584533709-1000\...\MountPoints2: {fd07ed90-1d3a-11e2-9b47-685d4304063b} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-10-24] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-04] (Avira Operations GmbH & Co. KG)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-10-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}w64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys [61120 2014-06-09] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 23:32 - 2014-06-16 23:32 - 00002897 _____ () C:\Users\Chrissi\Desktop\JRT.txt
2014-06-16 23:25 - 2014-06-16 23:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 23:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-16 23:13 - 2014-06-16 23:17 - 00000000 ____D () C:\AdwCleaner
2014-06-16 22:32 - 2014-06-17 23:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 22:31 - 2014-06-16 22:31 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 22:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 22:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 22:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-16 22:21 - 2014-06-16 22:21 - 00001272 _____ () C:\Users\Chrissi\Desktop\Revo Uninstaller.lnk
2014-06-16 22:21 - 2014-06-16 22:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95.exe
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95 (1).exe
2014-06-16 19:57 - 2014-06-16 19:57 - 01110476 _____ () C:\Users\Chrissi\Downloads\7z920.exe
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-16 18:28 - 2014-06-17 23:25 - 00000000 ____D () C:\FRST
2014-06-16 18:27 - 2014-06-16 18:27 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-16 18:25 - 2014-06-16 18:25 - 02081280 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-16 18:21 - 2014-06-17 23:25 - 00000000 ____D () C:\Users\Chrissi\Desktop\Virenproblem
2014-06-10 21:26 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 21:26 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 21:26 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 21:26 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 21:26 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 21:26 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 21:26 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 21:26 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 21:26 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 21:26 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 21:26 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 21:26 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 21:26 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 21:26 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 21:26 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 21:26 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 21:26 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 21:26 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 21:26 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 21:26 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 21:26 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 21:26 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 21:26 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 21:26 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 21:26 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 21:26 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 21:26 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 21:26 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 21:26 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 21:26 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 21:26 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 21:26 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 21:26 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 21:26 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 21:26 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 21:26 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 21:26 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 21:26 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 21:26 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 21:26 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 21:26 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 21:26 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 21:26 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 21:26 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 21:26 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 21:26 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 21:26 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 21:26 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 21:26 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 21:26 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 21:26 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 21:26 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 21:26 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 21:26 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 21:26 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 21:26 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 21:26 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 21:26 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 21:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 21:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 21:26 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 21:26 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 21:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 21:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 21:23 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 21:23 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 21:03 - 2014-06-09 12:16 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys
2014-06-09 19:55 - 2014-06-09 19:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-09 16:11 - 2014-06-09 16:11 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\Users\Chrissi\.android
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-06-09 16:09 - 2014-06-09 16:09 - 07080248 _____ () C:\Users\Chrissi\Downloads\MyPhoneExplorer_1.8.5.exe
2014-05-29 21:58 - 2014-05-29 21:58 - 00000000 ____D () C:\Users\Chrissi\Desktop\SILKYPIX_DS
2014-05-29 21:49 - 2014-06-09 20:51 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2014-06-17 23:25 - 2014-06-16 18:28 - 00000000 ____D () C:\FRST
2014-06-17 23:25 - 2014-06-16 18:21 - 00000000 ____D () C:\Users\Chrissi\Desktop\Virenproblem
2014-06-17 23:25 - 2012-05-03 19:46 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Temp
2014-06-17 23:15 - 2014-06-16 22:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 22:28 - 2012-05-03 20:29 - 00000000 __SHD () C:\Users\Chrissi\AppData\Roaming\.#
2014-06-17 22:27 - 2012-05-03 19:39 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 22:23 - 2012-05-03 20:29 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-06-17 21:11 - 2012-05-03 19:31 - 01150393 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 20:53 - 2009-07-14 06:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 20:53 - 2009-07-14 06:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 20:50 - 2012-02-21 20:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 20:50 - 2012-02-21 20:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 20:50 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 20:47 - 2012-05-03 19:48 - 00000000 ____D () C:\Users\Chrissi\Documents\Youcam
2014-06-17 20:47 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-17 20:46 - 2013-02-03 18:34 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\Spotify
2014-06-17 20:44 - 2012-05-03 19:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 20:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 20:43 - 2009-07-14 06:51 - 00061426 _____ () C:\Windows\setupact.log
2014-06-16 23:32 - 2014-06-16 23:32 - 00002897 _____ () C:\Users\Chrissi\Desktop\JRT.txt
2014-06-16 23:25 - 2014-06-16 23:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 23:18 - 2010-11-21 05:47 - 00318846 _____ () C:\Windows\PFRO.log
2014-06-16 23:17 - 2014-06-16 23:13 - 00000000 ____D () C:\AdwCleaner
2014-06-16 23:17 - 2012-09-07 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 22:31 - 2014-06-16 22:31 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 22:31 - 2014-06-16 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 22:29 - 2012-05-03 19:39 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 22:21 - 2014-06-16 22:21 - 00001272 _____ () C:\Users\Chrissi\Desktop\Revo Uninstaller.lnk
2014-06-16 22:21 - 2014-06-16 22:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95.exe
2014-06-16 22:20 - 2014-06-16 22:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chrissi\Downloads\revosetup95 (1).exe
2014-06-16 19:57 - 2014-06-16 19:57 - 01110476 _____ () C:\Users\Chrissi\Downloads\7z920.exe
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-16 19:57 - 2014-06-16 19:57 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-16 19:57 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-16 18:27 - 2014-06-16 18:27 - 00000000 _____ () C:\Users\Chrissi\defogger_reenable
2014-06-16 18:27 - 2012-05-03 19:46 - 00000000 ____D () C:\Users\Chrissi
2014-06-16 18:25 - 2014-06-16 18:25 - 02081280 _____ (Farbar) C:\Users\Chrissi\Downloads\FRST64.exe
2014-06-16 17:54 - 2013-10-28 21:00 - 00000000 ____D () C:\PFS8.3 PE_TMP
2014-06-11 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:00 - 2014-05-07 13:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 21:10 - 2013-08-06 08:27 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-10 21:10 - 2013-08-06 08:27 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-09 21:37 - 2013-02-22 09:14 - 00000000 ____D () C:\Users\Chrissi\AppData\Roaming\MyPhoneExplorer
2014-06-09 20:51 - 2014-05-29 21:49 - 00000000 ____D () C:\Users\Chrissi\AppData\Local\Windows Live
2014-06-09 19:55 - 2014-06-09 19:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-09 16:11 - 2014-06-09 16:11 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\Users\Chrissi\.android
2014-06-09 16:11 - 2014-06-09 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-06-09 16:11 - 2013-02-22 09:14 - 00002065 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-06-09 16:11 - 2013-02-22 09:14 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-06-09 16:09 - 2014-06-09 16:09 - 07080248 _____ () C:\Users\Chrissi\Downloads\MyPhoneExplorer_1.8.5.exe
2014-06-09 12:16 - 2014-06-10 21:03 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}w64.sys
2014-06-08 11:13 - 2014-06-10 21:23 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-10 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-31 08:31 - 2012-12-19 08:45 - 00179200 ___SH () C:\Users\Chrissi\Desktop\Thumbs.db
2014-05-30 12:21 - 2014-06-10 21:26 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-10 21:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-10 21:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-10 21:26 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-10 21:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-10 21:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-10 21:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-10 21:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-10 21:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-10 21:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-10 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-10 21:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-10 21:26 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-10 21:26 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-10 21:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-10 21:26 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-10 21:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-10 21:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-10 21:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-10 21:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-10 21:26 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-10 21:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-10 21:26 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-10 21:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-10 21:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-10 21:26 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-10 21:26 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-10 21:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-10 21:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-10 21:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-10 21:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-10 21:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-10 21:26 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-10 21:26 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-10 21:26 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-10 21:26 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-10 21:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-10 21:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-10 21:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-10 21:26 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-10 21:26 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-10 21:26 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-10 21:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-10 21:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-10 21:26 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-10 21:26 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-10 21:26 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-10 21:26 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-10 21:26 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-10 21:26 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-10 21:26 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-10 21:26 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 21:58 - 2014-05-29 21:58 - 00000000 ____D () C:\Users\Chrissi\Desktop\SILKYPIX_DS

Some content of TEMP:
====================
C:\Users\Chrissi\AppData\Local\Temp\ABP_InstallChecker.exe
C:\Users\Chrissi\AppData\Local\Temp\ABP_TB0001.exe
C:\Users\Chrissi\AppData\Local\Temp\AskSLib.dll
C:\Users\Chrissi\AppData\Local\Temp\avgnt.exe
C:\Users\Chrissi\AppData\Local\Temp\COMAP.EXE
C:\Users\Chrissi\AppData\Local\Temp\Offer100.exe
C:\Users\Chrissi\AppData\Local\Temp\Quarantine.exe
C:\Users\Chrissi\AppData\Local\Temp\setup.exe
C:\Users\Chrissi\AppData\Local\Temp\_is58E9.exe
C:\Users\Chrissi\AppData\Local\Temp\_is8E89.exe
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 00:04

==================== End Of Log ============================
--- --- ---


Bin schon auf die Antwort gespannt.

Liebe Grüße

schrauber 19.06.2014 16:37
Java, FLash und Adobe updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

dudellocke 19.06.2014 20:26
Hallo Schrauber,

iwie war ich der Meinung Firefox zu installieren und chrome zu löschen bevor ich alles mach.
Kann es sein dass sich die fixlog nicht mehr erstellen lässt deswegen???

Sonst passt alles super!

Du warst mir eine riesen Hilfe geb mein Statement noch offiziell ab.

Gut dass es so eine Seite für PC nix versteher gibt :-)

Liebe Grüße

schrauber 20.06.2014 19:48
Delfix löscht die fixlog :)

Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131