Nach der Installation von Windows 7 öffnen sich immer öfters popups erst in chrome nun auch in firefox

geiche · 03.06.2014, 09:07

nach dem Durchsehen bei den Programmen ; es haben sich mehrere Programme installiert , Avira meldet öfter Virus erkannt , selbst jetzt beim schreiben ständig werde ich unterbrochen von sich öffnenden Fenster , wäre sehr froh wenn sich jemand meiner Probleme annimmt
VG Günter

aharonov · 03.06.2014, 09:48

Hallo Günter,

mach bitte einen FRST-Scan:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

geiche · 03.06.2014, 10:39

wie lade ich hier etwas hoch , finde keunen Hinweis

aharonov · 03.06.2014, 11:38

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

geiche · 03.06.2014, 13:39

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014
Ran by geiche (administrator) on GEICHE-PC on 03-06-2014 08:45:22
Running from C:\Users\geiche\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Adobe Systems) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\Users\geiche\AppData\Roaming\VOPackage\VOsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Avira) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
() C:\Users\geiche\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5388904 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-04-30] (RealNetworks, Inc.)
HKLM\...\Run: [LGODDFU] =>  blrun
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\geiche\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5036600 2014-02-25] (Avira)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [Google Update] => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-12] (Google Inc.)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-30] (Google Inc.)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => c:\progra~1\optimi~1\optpro~1.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=B44B6C626DA6205A&affID=127867&tsp=5185
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9420946AEBA4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/MCM_WCP
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375&q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317933&octid=EB_ORIGINAL_CTID&ISID=M5C4AEAD7-FB9D-4B80-88BE-EA48B0105E41&SearchSource=58&CUI=&UM=5&UP=SPFFAEB514-F225-437E-9F29-D5D333DFA2DB&q={searchTerms}&SSPV=
SearchScopes: HKCU - 05AB6182894D4DD7AC11256188C77F71 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=aw0202ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0AyCtBtDyD0A0A0F0DtBtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDzzzz0F0BtDzytGzz0A0D0BtGyDtCtBtDtGzy0EtC0FtGyBzzyD0DtB0F0ByByEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzztB0A0A0A0F0AtG0BtC0A0CtGzyyB0DzytG0ByDzz0DtGtDyCtDtDzz0BtCzztD0DtDyB2Q&cr=1317572961&ir=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=B44B6C626DA6205A&affID=127867&tsp=5185
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394389641&from=tugs&uid=WDCXWD10EZEX-00ZF5A0_WD-WCC1S133137531375&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317933&octid=EB_ORIGINAL_CTID&ISID=M5C4AEAD7-FB9D-4B80-88BE-EA48B0105E41&SearchSource=58&CUI=&UM=5&UP=SPFFAEB514-F225-437E-9F29-D5D333DFA2DB&q={searchTerms}&SSPV=
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\geiche\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
BHO: Shopping Suggestion - {F6C07882-D703-4DD5-905A-2C4E815A5066} - C:\Users\geiche\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll (WW3, LLC)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 83.169.184.33 83.169.184.97

FireFox:
========
FF ProfilePath: C:\Users\geiche\AppData\Roaming\Mozilla\Firefox\Profiles\n1fi0cva.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\geiche\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\geiche\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\geiche\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\geiche\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\geiche\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\geiche\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Freeven pro 1.2 - C:\Users\geiche\AppData\Roaming\Mozilla\Firefox\Profiles\n1fi0cva.default\Extensions\2ab9302c-551a-4804-9971-9932d6d5b0f9@2bfa4cf8-298a-4792-80d5-75352ee81de1.com [2014-05-13]
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-30]
FF HKLM\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
FF Extension: Free Games (4357) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2013-12-25]
FF HKLM\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKLM\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha5797.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ff [2014-03-04]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-30]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1699.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ff [2014-03-15]
FF HKLM\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
FF Extension: Free Games (4357) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2013-12-25]
FF HKCU\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]

Chrome: 
=======
CHR HomePage: hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=B44B6C626DA6205A&affID=127867&tsp=5185
CHR StartupUrls: "hxxp://www.doko-search.com/?babsrc=HP_ss_mib2&mntrId=B44B6C626DA6205A&affID=127867&tsp=5185"
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2014-02-17]
CHR Extension: (Buenosearch Toolbar) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-03-14]
CHR Extension: (Google Docs) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google-Suche) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Freeven pro 1.2) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb [2014-05-13]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdpkbcmjnfljchemkboibfloaojemka [2014-03-21]
CHR Extension: (Avira Browser Safety) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-22]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-03-24]
CHR Extension: (Plus-HD-1.3) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl [2014-02-25]
CHR Extension: (RealPlayer Downloader) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-03]
CHR Extension: (PowerGamesBar V1) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf [2014-02-17]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonemdmpddldgdippnlndobchdjfhgbp [2014-03-04]
CHR Extension: (VLC Links) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihecgifecjdmjjmkgnobfpladefgige [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Google Mail) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\geiche\AppData\Roaming\BabSolution\CR\bueno.crx [2014-03-14]
CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [2014-03-14]
CHR HKLM\...\Chrome\Extension: [ehdpkbcmjnfljchemkboibfloaojemka] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ch\MediaViewV1alpha1699.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [kejlhopdgiicmagejpikgcinmicololf] - C:\Users\geiche\AppData\Local\CRE\kejlhopdgiicmagejpikgcinmicololf.crx [2013-12-18]
CHR HKLM\...\Chrome\Extension: [lonemdmpddldgdippnlndobchdjfhgbp] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ch\MediaViewV1alpha5797.crx [2014-02-27]
CHR HKLM\...\Chrome\Extension: [mihecgifecjdmjjmkgnobfpladefgige] - C:\Users\geiche\AppData\Local\VLC Links\extension.crx [2013-05-21]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-09]
CHR HKCU\...\Chrome\Extension: [kejlhopdgiicmagejpikgcinmicololf] - C:\Users\geiche\AppData\Local\CRE\kejlhopdgiicmagejpikgcinmicololf.crx [2013-12-18]

========================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] ()
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-16] (globalUpdate)
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-16] (globalUpdate)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-30] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-03-05] (SaveSense)
S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-03-05] (SaveSense)
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
R2 vosr; C:\Users\geiche\AppData\Roaming\VOPackage\VOsrv.exe [51712 2014-05-16] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-09] (Cherished Technololgy LIMITED)
S2 Adobe Version Cue CS2; "c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 MSI_DVD_010507; C:\Program Files\MSI\Live Update 5\DVDSYS32_100507.sys [22328 2010-05-10] (Your Corporation)
R3 MSI_MSIBIOS_010507; C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [25912 2010-05-10] (Your Corporation)
R3 MSI_VGASYS_010507; C:\Program Files\MSI\Live Update 5\VGASYS32_100507.sys [16696 2010-05-10] ()
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [60800 2010-07-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [140672 2010-07-27] (Renesas Electronics Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14856 2010-05-21] ()
S3 cpuz134; \??\C:\Users\geiche\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 08:44 - 2014-06-03 08:45 - 00000000 ____D () C:\FRST
2014-06-03 08:43 - 2014-06-03 08:43 - 00000474 _____ () C:\Users\geiche\Downloads\defogger_disable.log
2014-06-03 08:43 - 2014-06-03 08:43 - 00000000 _____ () C:\Users\geiche\defogger_reenable
2014-06-03 08:40 - 2014-06-03 08:40 - 00050477 _____ () C:\Users\geiche\Downloads\Defogger.exe
2014-06-01 20:04 - 2014-06-03 05:30 - 00175656 _____ () C:\Windows\setupact.log
2014-06-01 20:04 - 2014-06-01 20:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 18:54 - 2014-06-02 22:31 - 00042855 _____ () C:\Windows\IE10_main.log
2014-06-01 10:25 - 2014-06-01 10:25 - 00942584 _____ () C:\Users\geiche\Downloads\Malwarebytes.exe
2014-06-01 09:51 - 2014-06-03 08:45 - 00029850 _____ () C:\Users\geiche\Downloads\FRST.txt
2014-06-01 09:51 - 2014-06-01 09:52 - 00033672 _____ () C:\Users\geiche\Downloads\Addition.txt
2014-06-01 09:48 - 2014-06-01 09:48 - 01057792 _____ (Farbar) C:\Users\geiche\Downloads\FRST.exe
2014-05-26 13:27 - 2014-05-26 13:27 - 00000000 ____D () C:\Program Files\Serif
2014-05-17 19:48 - 2014-05-17 19:48 - 00001144 _____ () C:\Users\geiche\Desktop\PortraitPro 12 Test.lnk
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Local\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 12 Test
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Program Files\PortraitPro 12 Test
2014-05-17 19:44 - 2014-05-17 19:44 - 76888904 _____ (Anthropics Technology Ltd. ) C:\Users\geiche\Downloads\PortraitProTrialSetup.exe
2014-05-16 13:50 - 2014-05-19 13:50 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-05-16 13:50 - 2014-05-17 05:36 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-05-16 13:50 - 2014-05-16 14:10 - 00000368 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-05-16 13:48 - 2014-05-16 13:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Optimizer Elite Max
2014-05-16 13:44 - 2014-06-03 07:49 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-16 13:44 - 2014-06-03 05:30 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-16 13:44 - 2014-05-17 05:45 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Activeris
2014-05-16 13:44 - 2014-05-16 13:44 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nsj8BDF.tmp
2014-05-16 13:44 - 2014-05-16 13:44 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\VOPackage
2014-05-16 13:44 - 2014-05-16 13:44 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-16 13:43 - 2014-05-16 13:43 - 00000000 ____D () C:\Program Files\Fpro1.2
2014-05-15 05:48 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 05:48 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 05:47 - 2014-05-05 20:39 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 05:47 - 2014-05-05 20:39 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 05:47 - 2014-05-05 17:50 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 05:47 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 05:47 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 05:47 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 05:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 05:47 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 05:47 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 05:47 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 05:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 05:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 05:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 05:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 05:47 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:53 - 2014-05-14 20:53 - 00000000 ____D () C:\Users\geiche\AppData\Local\com
2014-05-13 19:44 - 2014-06-03 06:00 - 00001057 _____ () C:\Users\geiche\Desktop\Continue VuuPC Installation.lnk
2014-05-13 14:24 - 2014-06-03 08:24 - 00002140 _____ () C:\Windows\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-4.job
2014-05-13 14:23 - 2014-06-03 08:23 - 00003446 _____ () C:\Windows\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-3.job
2014-05-13 14:23 - 2014-06-02 11:00 - 00000290 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-05-13 14:23 - 2014-05-16 13:49 - 00000290 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-05-13 14:23 - 2014-05-16 13:43 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-13 14:23 - 2014-05-13 14:23 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nspB31F.tmp
2014-05-13 14:23 - 2014-05-13 14:23 - 00000000 ____D () C:\Users\geiche\AppData\Local\globalUpdate
2014-05-13 14:22 - 2014-05-13 14:22 - 00000000 ____D () C:\Users\geiche\AppData\Local\SearchProtect
2014-05-11 13:04 - 2014-05-11 13:04 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-11 13:03 - 2014-04-11 10:39 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys
2014-05-11 13:03 - 2014-04-11 10:39 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-11 13:03 - 2014-04-11 10:39 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-05-11 13:01 - 2014-05-11 13:01 - 00000000 ____D () C:\Program Files\MarkAny
2014-05-11 13:00 - 2014-05-11 13:00 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\Documents\samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Local\Samsung
2014-05-11 12:38 - 2014-05-13 21:12 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-05-11 12:38 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-11 12:38 - 2014-01-23 18:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-05-11 12:38 - 2014-01-23 18:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-05-11 12:37 - 2014-05-11 12:39 - 00000000 ____D () C:\Program Files\Samsung
2014-05-11 12:37 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-11 12:37 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-05-11 12:34 - 2014-05-11 12:34 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\geiche\Downloads\KiesSetup.exe
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 16:33 - 2014-05-16 05:38 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-03 08:45 - 2014-06-03 08:44 - 00000000 ____D () C:\FRST
2014-06-03 08:45 - 2014-06-01 09:51 - 00029850 _____ () C:\Users\geiche\Downloads\FRST.txt
2014-06-03 08:45 - 2014-02-16 14:10 - 00000000 ____D () C:\Users\geiche\AppData\Local\Temp
2014-06-03 08:43 - 2014-06-03 08:43 - 00000474 _____ () C:\Users\geiche\Downloads\defogger_disable.log
2014-06-03 08:43 - 2014-06-03 08:43 - 00000000 _____ () C:\Users\geiche\defogger_reenable
2014-06-03 08:43 - 2014-02-16 14:10 - 00000000 ____D () C:\Users\geiche
2014-06-03 08:40 - 2014-06-03 08:40 - 00050477 _____ () C:\Users\geiche\Downloads\Defogger.exe
2014-06-03 08:40 - 2013-08-30 06:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 08:24 - 2014-05-13 14:24 - 00002140 _____ () C:\Windows\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-4.job
2014-06-03 08:23 - 2014-05-13 14:23 - 00003446 _____ () C:\Windows\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-3.job
2014-06-03 08:20 - 2013-09-12 14:48 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000UA.job
2014-06-03 08:18 - 2013-08-30 06:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 08:17 - 2014-03-05 16:12 - 00000920 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-06-03 08:15 - 2014-02-12 07:15 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-06-03 08:12 - 2014-03-05 16:12 - 00000296 _____ () C:\Windows\Tasks\SaveSense.job
2014-06-03 07:49 - 2014-05-16 13:44 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-06-03 07:20 - 2013-09-12 14:48 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000Core.job
2014-06-03 07:18 - 2014-04-11 14:10 - 00856192 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 07:18 - 2013-08-30 06:38 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 07:04 - 2013-11-13 20:04 - 00001286 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job
2014-06-03 07:04 - 2013-11-13 20:03 - 00001088 _____ () C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2014-06-03 07:03 - 2013-11-13 20:03 - 00001884 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2014-06-03 07:03 - 2013-11-13 20:03 - 00001808 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2014-06-03 07:03 - 2013-11-13 20:03 - 00001188 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2014-06-03 06:00 - 2014-05-13 19:44 - 00001057 _____ () C:\Users\geiche\Desktop\Continue VuuPC Installation.lnk
2014-06-03 05:37 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 05:37 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 05:34 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 05:30 - 2014-06-01 20:04 - 00175656 _____ () C:\Windows\setupact.log
2014-06-03 05:30 - 2014-05-16 13:44 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-03 05:30 - 2014-03-14 21:48 - 00000000 ___RD () C:\Users\geiche\Google Drive
2014-06-03 05:30 - 2014-03-05 16:12 - 00000916 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-06-03 05:30 - 2014-02-16 14:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 05:30 - 2013-12-20 11:39 - 00000360 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-06-03 05:30 - 2013-12-20 11:39 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\newnext.me
2014-06-03 05:30 - 2013-11-14 11:47 - 00000326 _____ () C:\Windows\Tasks\spmonitor.job
2014-06-03 05:30 - 2013-11-14 11:47 - 00000248 _____ () C:\Windows\Tasks\SpeedUpMyPC.job
2014-06-03 05:30 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 22:31 - 2014-06-01 18:54 - 00042855 _____ () C:\Windows\IE10_main.log
2014-06-02 13:39 - 2014-03-13 15:12 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\XnView
2014-06-02 11:00 - 2014-05-13 14:23 - 00000290 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-06-01 20:04 - 2014-06-01 20:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 10:25 - 2014-06-01 10:25 - 00942584 _____ () C:\Users\geiche\Downloads\Malwarebytes.exe
2014-06-01 09:52 - 2014-06-01 09:51 - 00033672 _____ () C:\Users\geiche\Downloads\Addition.txt
2014-06-01 09:48 - 2014-06-01 09:48 - 01057792 _____ (Farbar) C:\Users\geiche\Downloads\FRST.exe
2014-05-27 12:16 - 2013-11-15 21:00 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 12:16 - 2013-11-15 21:00 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 13:27 - 2014-05-26 13:27 - 00000000 ____D () C:\Program Files\Serif
2014-05-25 16:19 - 2014-02-17 13:10 - 00002335 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 05:22 - 2013-09-10 15:04 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Mozilla
2014-05-19 13:50 - 2014-05-16 13:50 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-05-19 07:57 - 2013-12-19 21:13 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\vlc
2014-05-17 19:48 - 2014-05-17 19:48 - 00001144 _____ () C:\Users\geiche\Desktop\PortraitPro 12 Test.lnk
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Local\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 12 Test
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Program Files\PortraitPro 12 Test
2014-05-17 19:44 - 2014-05-17 19:44 - 76888904 _____ (Anthropics Technology Ltd. ) C:\Users\geiche\Downloads\PortraitProTrialSetup.exe
2014-05-17 05:45 - 2014-05-16 13:44 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Activeris
2014-05-17 05:36 - 2014-05-16 13:50 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-05-16 14:10 - 2014-05-16 13:50 - 00000368 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-05-16 13:49 - 2014-05-13 14:23 - 00000290 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-05-16 13:48 - 2014-05-16 13:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Optimizer Elite Max
2014-05-16 13:46 - 2014-04-16 09:39 - 00000324 _____ () C:\Users\geiche\AppData\Roaming\aps.uninstall.scan.results
2014-05-16 13:44 - 2014-05-16 13:44 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nsj8BDF.tmp
2014-05-16 13:44 - 2014-05-16 13:44 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\VOPackage
2014-05-16 13:44 - 2014-05-16 13:44 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-16 13:43 - 2014-05-16 13:43 - 00000000 ____D () C:\Program Files\Fpro1.2
2014-05-16 13:43 - 2014-05-13 14:23 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-16 06:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 06:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 05:43 - 2013-09-02 07:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 05:38 - 2014-05-06 16:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 05:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 21:59 - 2014-03-22 15:02 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 05:46 - 2013-08-30 19:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 20:53 - 2014-05-14 20:53 - 00000000 ____D () C:\Users\geiche\AppData\Local\com
2014-05-14 15:40 - 2013-08-30 06:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 15:40 - 2013-08-30 06:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:16 - 2014-04-26 08:57 - 00000000 ____D () C:\Program Files\MediaBuzzV1
2014-05-13 21:12 - 2014-05-11 12:38 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-05-13 19:42 - 2014-01-30 09:46 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 14:23 - 2014-05-13 14:23 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nspB31F.tmp
2014-05-13 14:23 - 2014-05-13 14:23 - 00000000 ____D () C:\Users\geiche\AppData\Local\globalUpdate
2014-05-13 14:22 - 2014-05-13 14:22 - 00000000 ____D () C:\Users\geiche\AppData\Local\SearchProtect
2014-05-13 14:22 - 2013-10-05 11:09 - 00000000 _____ () C:\END
2014-05-11 13:04 - 2014-05-11 13:04 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-11 13:01 - 2014-05-11 13:01 - 00000000 ____D () C:\Program Files\MarkAny
2014-05-11 13:00 - 2014-05-11 13:00 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\Documents\samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Local\Samsung
2014-05-11 12:39 - 2014-05-11 12:37 - 00000000 ____D () C:\Program Files\Samsung
2014-05-11 12:38 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-11 12:38 - 2014-05-11 12:37 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-11 12:37 - 2013-08-29 20:49 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-11 12:36 - 2013-12-16 23:11 - 00000000 ____D () C:\Users\geiche\AppData\Local\Downloaded Installations
2014-05-11 12:34 - 2014-05-11 12:34 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\geiche\Downloads\KiesSetup.exe
2014-05-11 06:06 - 2014-04-29 19:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 10:09 - 2013-11-13 20:03 - 00000000 ____D () C:\Program Files\Plus-HD-1.3
2014-05-09 09:06 - 2014-05-15 05:48 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 05:48 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 06:19 - 2014-03-14 21:39 - 00002006 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00002004 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00001994 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 05:44 - 2009-07-14 06:33 - 02323952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 20:39 - 2014-05-15 05:47 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:39 - 2014-05-15 05:47 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 17:50 - 2014-05-15 05:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 15:29 - 2014-02-16 15:08 - 00780808 _____ () C:\Users\geiche\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\geiche\AppData\Local\Temp\avgnt.exe
C:\Users\geiche\AppData\Local\Temp\f.exe
C:\Users\geiche\AppData\Local\Temp\?odec Performer804128.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 05:47] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 08:18

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-06-2014
Ran by geiche at 2014-06-03 08:45:48
Running from C:\Users\geiche\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
DaisyTrail Butterfly Collection Digikit (HKLM\...\{26299175-6A74-443E-ABAD-8A1E00BAF384}) (Version: 1.0.2.033 - Serif (Europe) Ltd)
DMUninstaller (HKLM\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Fpro1.2 (HKLM\...\Fpro1.2) (Version: 1.34.5.12 - Freeven) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Update Helper (Version: 1.3.25.0 - Google Inc.) Hidden
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version:  - )
Lollipop (HKCU\...\lollipop_11290912) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PortraitPro 12.2 Test (HKLM\...\PortraitPro12Trial_is1) (Version: 12.2 - Anthropics Technology Ltd.)
RealDownloader (Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version:  - )
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION

==================== Restore Points  =========================

28-05-2014 19:37:34 Windows Update
29-05-2014 05:42:41 Windows Update
29-05-2014 19:55:16 Windows Update
30-05-2014 01:42:26 Windows Update
30-05-2014 20:34:03 Windows Update
31-05-2014 19:21:38 Windows Update
01-06-2014 03:34:36 Windows Update
01-06-2014 05:53:47 Windows Update
01-06-2014 16:54:29 Windows Update
01-06-2014 18:41:58 Installed Microsoft Fix it 50123
01-06-2014 18:55:40 Windows Update
02-06-2014 07:19:34 Windows Update
02-06-2014 17:26:26 Windows Update
02-06-2014 20:30:30 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {11219C32-A2FA-45EA-B685-08E6E8EA4266} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
Task: {180564B6-D534-4671-A453-3D506F2D2765} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {1EFEA14E-0A60-44CC-9AF2-30D68F8472A5} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2014-03-05] (SaveSense) <==== ATTENTION
Task: {1F0E72DC-0CE0-4A5C-B986-9D7A73DEEBBB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {22FF5665-BC64-4A50-931D-580E1A10675E} - System32\Tasks\AdobeAAMUpdater-1.0-geiche-PC-geiche => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {23739D6D-F47D-4403-8E57-EEB743777D51} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {27E1B123-A886-4763-AAC7-F91143F29E14} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-16] (globalUpdate) <==== ATTENTION
Task: {2CC26BBC-7CBD-4C3F-AD64-33B46BEF2C2C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {30E22539-00CD-4742-B295-760F379CE9B0} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: {38759EDC-D86E-4F1D-BFF3-9FDAA0754B32} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: {38D7B799-7886-410B-B9C6-B77F51D6BBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {3AE58C83-52E2-4705-BC48-B496C1FA8DF2} - System32\Tasks\SpeedUpMyPC => C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: {3E50A2B4-81EF-4511-9027-925F18B7E933} - System32\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-3 => C:\Program Files\Freeven pro 1.2\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-3.exe <==== ATTENTION
Task: {41A99BE3-403E-4D6C-BCA4-23D23A1186E9} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4F9F35AB-E7F9-4F75-BDD8-A311AAED744E} - System32\Tasks\Digital Sites => C:\Users\geiche\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {52813618-A255-461C-B61A-D7DECA4EAEC3} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {5C9C6C9E-9397-4875-B688-B4A460813664} - System32\Tasks\spmonitor => C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
Task: {6120F42A-BFA4-49F9-B755-110AA65335CC} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: {66DB6DC1-CE22-43E0-BCF8-E558EE6EEA01} - System32\Tasks\PCHelpers1st => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {7F61FA5A-306B-4EC2-89F9-59B71E499809} - System32\Tasks\SaveSense => C:\Users\geiche\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {80A5D4CB-E22D-4C14-AE88-D99617B8CA23} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: {8176EFA1-98D2-4C05-9F9C-8C4BD7805BB4} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-16] (globalUpdate) <==== ATTENTION
Task: {82BEBE28-0FA0-48BD-894F-9B08CF1FAD78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {882D80F2-CDDF-4C23-8E03-BA9E02984009} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2014-03-05] (SaveSense) <==== ATTENTION
Task: {88C77924-BF0E-4E69-AB7B-F362772DE252} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\geiche\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {8FE6DDC8-354F-45E2-9140-C7B299A87CFA} - System32\Tasks\MetaCrawler => C:\Users\geiche\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {957A93B5-AE07-43DF-9099-78AD9E69AA56} - System32\Tasks\AmiUpdXp => C:\Users\geiche\AppData\Local\SwvUpdater\Updater.exe [2013-12-20] (Amonetizé Ltd) <==== ATTENTION
Task: {9C352B4B-218F-44E2-8A36-08E41B17FA70} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A963965F-CD92-48A1-99CC-43410DBD68B9} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-02-25] (Avira)
Task: {A9B09AF7-C9CF-4D85-8F7E-1B095E0C54C6} - System32\Tasks\EPUpdater => C:\Users\geiche\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {ABC16338-BA9D-4BD4-ACAE-1161D9C83D90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {BACE59E9-9222-46E5-93C6-350D4D6157A5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {C610656D-DFD9-49A5-B4DD-E798A6DA6083} - System32\Tasks\PCHelpers_period => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {C7F72C00-FD87-4919-9FFD-5A3F54833A28} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D51094D8-8342-4037-ADF2-54E8F8165A64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000UA => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {DB4EF594-744D-405D-AEA5-D0F1FAA0F506} - System32\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-4 => C:\Program Files\Freeven pro 1.2\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-4.exe <==== ATTENTION
Task: {E5EBCB1B-EBF3-455D-9C11-75097FE18E67} - System32\Tasks\DealPly => C:\Users\geiche\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F25DE5B9-C0B6-4845-BB0B-0927E00E1C82} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F843C37C-64E6-4E94-AB82-CFEC116BA05F} - System32\Tasks\DigitalSite => C:\Users\geiche\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FCA44118-3DFA-4914-B8E4-49BCC3079435} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000Core => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {FF7C544F-C908-41DB-92C0-D583496F904D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-3.job => C:\Program Files\Freeven pro 1.2\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-4.job => C:\Program Files\Freeven pro 1.2\9cdcc58c-4ea0-46f9-97ff-4e4807fe74e0-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\geiche\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\geiche\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\geiche\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000Core.job => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000UA.job => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MetaCrawler.job => C:\Users\geiche\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\geiche\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: C:\Windows\Tasks\spmonitor.job => C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe

==================== Loaded Modules (whitelisted) =============

2014-02-16 14:09 - 2013-10-23 09:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-02-16 14:24 - 2014-02-16 14:24 - 00911872 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-30 05:38 - 2014-04-30 05:38 - 00859224 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-03-02 12:39 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-05-16 13:39 - 2014-05-16 13:39 - 00051712 _____ () C:\Users\geiche\AppData\Roaming\VOPackage\VOsrv.exe
2013-08-30 07:47 - 2004-09-16 11:05 - 00069632 _____ () C:\Program Files\ashampoo\Urlaubsfoto Alleskönner 2\IlluminatorShellExt.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-05-11 13:43 - 2014-05-11 13:43 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\a582b120f0f9a84fd0eea5a7424742bd\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-05-11 13:44 - 2014-05-11 13:44 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c095a4ffb52174ad1336a3ecca907990\Kies.Theme.ni.dll
2014-05-11 13:43 - 2014-05-11 13:43 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\690097cb9aed434418f07b9f39cf7038\Kies.UI.ni.dll
2014-05-11 13:43 - 2014-05-11 13:43 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\f7703916255cb923db9ed1a3842af473\Kies.MVVM.ni.dll
2014-05-11 12:40 - 2014-05-11 12:40 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2014-06-03 05:30 - 2014-06-03 05:30 - 00098816 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32api.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00110080 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\pywintypes27.dll
2014-06-03 05:30 - 2014-06-03 05:30 - 00364544 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\pythoncom27.dll
2014-06-03 05:30 - 2014-06-03 05:30 - 00045568 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\_socket.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 01159680 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\_ssl.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00320512 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32com.shell.shell.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00713216 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\_hashlib.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 01175040 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._core_.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00805888 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._gdi_.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00811008 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._windows_.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 01062400 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._controls_.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00735232 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._misc_.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00128512 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\_elementtree.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00127488 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\pyexpat.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00557056 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\pysqlite2._sqlite.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00087552 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\_ctypes.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00119808 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32file.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00108544 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32security.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00018432 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32event.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00038912 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32inet.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00070656 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._html2.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00167936 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32gui.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00011264 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32crypt.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00027136 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\_multiprocessing.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00122368 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._wizard.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00010240 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\select.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00024064 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32pipe.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00686080 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\unicodedata.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00025600 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32pdh.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00525640 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\windows._lib_cacheinvalidation.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00035840 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32process.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00017408 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32profile.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00022528 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\win32ts.pyd
2014-06-03 05:30 - 2014-06-03 05:30 - 00078336 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI31722\wx._animate.pyd
2009-12-15 14:46 - 2009-12-15 14:46 - 00619816 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 14:49 - 2009-12-15 14:49 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-10 11:16 - 2014-05-10 11:16 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-30 05:38 - 2014-04-30 05:38 - 00572504 _____ () c:\program files\real\realplayer\RPDS\Lib\r1api.dll
2014-05-14 15:40 - 2014-05-14 15:40 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
2014-06-03 08:40 - 2014-06-03 08:40 - 00050477 _____ () C:\Users\geiche\Downloads\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Tv-Plug-In => "C:\Program Files\Tv-Plug-In\Tv-Plug-In.exe" nogui
MSCONFIG\startupreg: vspdfprsrv.exe => C:\Program Files\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe --background

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 07:22:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/03/2014 05:31:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001699
ID des fehlerhaften Prozesses: 0x1134
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/03/2014 05:31:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 08:15:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000084f2
ID des fehlerhaften Prozesses: 0xa74
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/02/2014 08:14:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 07:32:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000084f2
ID des fehlerhaften Prozesses: 0x8f0
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/02/2014 07:31:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 00:16:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/02/2014 11:01:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001699
ID des fehlerhaften Prozesses: 0xfb4
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/02/2014 11:01:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2014 05:30:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/03/2014 05:30:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Version Cue CS2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/02/2014 10:31:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7

Error: (06/02/2014 08:13:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/02/2014 08:13:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Version Cue CS2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/02/2014 08:13:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎06.‎2014 um 20:07:30 unerwartet heruntergefahren.

Error: (06/02/2014 07:30:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/02/2014 07:29:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Version Cue CS2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/02/2014 07:27:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7

Error: (06/02/2014 02:59:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (06/03/2014 07:22:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/03/2014 05:31:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049LU5.exe5.0.46.04cb43049c000000500001699113401cf7edc594bf502C:\Program Files\MSI\Live Update 5\LU5.exeC:\Program Files\MSI\Live Update 5\LU5.exe991ab43a-eacf-11e3-90f1-6c626da6205a

Error: (06/03/2014 05:31:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 08:15:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049KERNELBASE.dll6.1.7601.18409531599f6c0000005000084f2a7401cf7e8ea22aff61C:\Program Files\MSI\Live Update 5\LU5.exeC:\Windows\system32\KERNELBASE.dlle376c73d-ea81-11e3-9b9d-6c626da6205a

Error: (06/02/2014 08:14:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 07:32:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049KERNELBASE.dll6.1.7601.18409531599f6c0000005000084f28f001cf7e888e1ed783C:\Program Files\MSI\Live Update 5\LU5.exeC:\Windows\system32\KERNELBASE.dllce4d9273-ea7b-11e3-82d2-6c626da6205a

Error: (06/02/2014 07:31:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 00:16:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/02/2014 11:01:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049LU5.exe5.0.46.04cb43049c000000500001699fb401cf7e414457c94dC:\Program Files\MSI\Live Update 5\LU5.exeC:\Program Files\MSI\Live Update 5\LU5.exe83a3c20b-ea34-11e3-9023-6c626da6205a

Error: (06/02/2014 11:01:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3062.71 MB
Available physical RAM: 1671.19 MB
Total Pagefile: 6123.72 MB
Available Pagefile: 4238.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.88 MB

==================== Drives ================================

Drive c: (Boot13) (Fixed) (Total:292.97 GB) (Free:185.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Festpl13) (Fixed) (Total:292.97 GB) (Free:114.33 GB) NTFS
Drive e: (Festpl2) (Fixed) (Total:345.56 GB) (Free:337.18 GB) NTFS
Drive n: (hitachi) (Fixed) (Total:931.51 GB) (Free:106.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6011F41A)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=639 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: E6E66822)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aharonov · 03.06.2014, 14:01

ok.

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
DMUninstaller
Fpro1.2
Lollipop
VO Package
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Starte noch einmal FRST.

Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

geiche · 03.06.2014, 18:59

das DMUnistaller sehe ich nicht in den Programmen , soll ich unbedingt die Reihenfolge einhalten ?
VG Günter

aharonov · 03.06.2014, 19:22

Wenn du ein Programm nicht findest oder nicht deinstallieren kannst, dann mach einfach mit dem nächsten weiter.

geiche · 04.06.2014, 05:39

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by geiche at 2014-06-04 06:35:24
Running from C:\Users\geiche\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
DaisyTrail Butterfly Collection Digikit (HKLM\...\{26299175-6A74-443E-ABAD-8A1E00BAF384}) (Version: 1.0.2.033 - Serif (Europe) Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Update Helper (Version: 1.3.25.0 - Google Inc.) Hidden
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version:  - )
Lollipop (HKCU\...\lollipop_11290912) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PortraitPro 12.2 Test (HKLM\...\PortraitPro12Trial_is1) (Version: 12.2 - Anthropics Technology Ltd.)
RealDownloader (Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version:  - )
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden

==================== Restore Points  =========================

28-05-2014 19:37:34 Windows Update
29-05-2014 05:42:41 Windows Update
29-05-2014 19:55:16 Windows Update
30-05-2014 01:42:26 Windows Update
30-05-2014 20:34:03 Windows Update
31-05-2014 19:21:38 Windows Update
01-06-2014 03:34:36 Windows Update
01-06-2014 05:53:47 Windows Update
01-06-2014 16:54:29 Windows Update
01-06-2014 18:41:58 Installed Microsoft Fix it 50123
01-06-2014 18:55:40 Windows Update
02-06-2014 07:19:34 Windows Update
02-06-2014 17:26:26 Windows Update
02-06-2014 20:30:30 Windows Update
03-06-2014 19:24:51 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F0E72DC-0CE0-4A5C-B986-9D7A73DEEBBB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {22FF5665-BC64-4A50-931D-580E1A10675E} - System32\Tasks\AdobeAAMUpdater-1.0-geiche-PC-geiche => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {38D7B799-7886-410B-B9C6-B77F51D6BBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {82BEBE28-0FA0-48BD-894F-9B08CF1FAD78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {90BEA5D4-0D55-4995-AA10-D35EC9D5ABF9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A8A20EC0-86EB-48F2-B00A-52CAF2FE4351} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A963965F-CD92-48A1-99CC-43410DBD68B9} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-02-25] (Avira)
Task: {ABC16338-BA9D-4BD4-ACAE-1161D9C83D90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {BACE59E9-9222-46E5-93C6-350D4D6157A5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {D51094D8-8342-4037-ADF2-54E8F8165A64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000UA => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {F25DE5B9-C0B6-4845-BB0B-0927E00E1C82} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FCA44118-3DFA-4914-B8E4-49BCC3079435} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000Core => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {FF7C544F-C908-41DB-92C0-D583496F904D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2917435617-3823699889-1472500709-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000Core.job => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000UA.job => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-16 14:09 - 2013-10-23 09:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-30 05:38 - 2014-04-30 05:38 - 00859224 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-03-02 12:39 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2011-03-04 13:02 - 2011-03-04 13:02 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-05-11 13:43 - 2014-05-11 13:43 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\a582b120f0f9a84fd0eea5a7424742bd\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-05-11 13:44 - 2014-05-11 13:44 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c095a4ffb52174ad1336a3ecca907990\Kies.Theme.ni.dll
2014-05-11 13:43 - 2014-05-11 13:43 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\690097cb9aed434418f07b9f39cf7038\Kies.UI.ni.dll
2014-05-11 13:43 - 2014-05-11 13:43 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\f7703916255cb923db9ed1a3842af473\Kies.MVVM.ni.dll
2014-05-11 12:40 - 2014-05-11 12:40 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2014-06-04 06:27 - 2014-06-04 06:27 - 00098816 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32api.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00110080 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\pywintypes27.dll
2014-06-04 06:27 - 2014-06-04 06:27 - 00364544 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\pythoncom27.dll
2014-06-04 06:27 - 2014-06-04 06:27 - 00045568 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\_socket.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 01159680 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\_ssl.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00320512 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32com.shell.shell.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00713216 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\_hashlib.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 01175040 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._core_.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00805888 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._gdi_.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00811008 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._windows_.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 01062400 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._controls_.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00735232 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._misc_.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00128512 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\_elementtree.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00127488 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\pyexpat.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00557056 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\pysqlite2._sqlite.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00087552 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\_ctypes.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00119808 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32file.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00108544 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32security.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00018432 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32event.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00038912 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32inet.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00070656 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._html2.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00167936 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32gui.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00011264 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32crypt.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00027136 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\_multiprocessing.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00122368 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._wizard.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00010240 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\select.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00024064 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32pipe.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00686080 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\unicodedata.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00025600 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32pdh.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00525640 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\windows._lib_cacheinvalidation.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00035840 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32process.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00017408 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32profile.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00022528 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\win32ts.pyd
2014-06-04 06:27 - 2014-06-04 06:27 - 00078336 _____ () C:\Users\geiche\AppData\Local\Temp\_MEI28642\wx._animate.pyd
2013-08-30 07:47 - 2000-04-02 09:38 - 00472064 _____ () C:\Program Files\ashampoo\Urlaubsfoto Alleskönner 2\Ml42ND50.bpl
2013-08-30 07:47 - 2000-11-11 18:13 - 00145920 _____ () C:\Program Files\ashampoo\Urlaubsfoto Alleskönner 2\GifImageLib.bpl
2013-08-30 07:47 - 2003-11-20 10:51 - 00798208 _____ () C:\Program Files\ashampoo\Urlaubsfoto Alleskönner 2\ECTNTCAP.DLL
2013-08-30 18:10 - 2013-08-30 18:10 - 00054784 _____ () C:\Program Files\IrfanView\Languages\DEUTSCH.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Tv-Plug-In => "C:\Program Files\Tv-Plug-In\Tv-Plug-In.exe" nogui
MSCONFIG\startupreg: vspdfprsrv.exe => C:\Program Files\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe --background

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 06:28:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 06:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000084f2
ID des fehlerhaften Prozesses: 0x1174
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/04/2014 06:27:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_system_speedup.exe, Version: 1.2.1.9900, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: avira_system_speedup.exe, Version: 1.2.1.9900, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000070b9
ID des fehlerhaften Prozesses: 0x1014
Startzeit der fehlerhaften Anwendung: 0xavira_system_speedup.exe0
Pfad der fehlerhaften Anwendung: avira_system_speedup.exe1
Pfad des fehlerhaften Moduls: avira_system_speedup.exe2
Berichtskennung: avira_system_speedup.exe3

Error: (06/04/2014 06:25:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000084f2
ID des fehlerhaften Prozesses: 0x1a70
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/04/2014 04:36:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 04:35:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000084f2
ID des fehlerhaften Prozesses: 0x1700
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/03/2014 07:22:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/03/2014 05:31:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001699
ID des fehlerhaften Prozesses: 0x1134
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3

Error: (06/03/2014 05:31:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 08:15:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LU5.exe, Version: 5.0.46.0, Zeitstempel: 0x4cb43049
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000084f2
ID des fehlerhaften Prozesses: 0xa74
Startzeit der fehlerhaften Anwendung: 0xLU5.exe0
Pfad der fehlerhaften Anwendung: LU5.exe1
Pfad des fehlerhaften Moduls: LU5.exe2
Berichtskennung: LU5.exe3


System errors:
=============
Error: (06/04/2014 06:27:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/04/2014 06:26:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Version Cue CS2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/04/2014 04:34:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/04/2014 04:34:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Version Cue CS2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/03/2014 09:25:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7

Error: (06/03/2014 03:49:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (06/03/2014 05:30:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (06/03/2014 05:30:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Version Cue CS2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/02/2014 10:31:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7

Error: (06/02/2014 08:13:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (06/04/2014 06:28:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 06:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049KERNELBASE.dll6.1.7601.18409531599f6c0000005000084f2117401cf7fad511f4844C:\Program Files\MSI\Live Update 5\LU5.exeC:\Windows\system32\KERNELBASE.dll9593ac28-eba0-11e3-b2be-6c626da6205a

Error: (06/04/2014 06:27:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avira_system_speedup.exe1.2.1.99002a425e19avira_system_speedup.exe1.2.1.99002a425e19c0000005000070b9101401cf7fad495b3322C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exeC:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe923ea84b-eba0-11e3-b2be-6c626da6205a

Error: (06/04/2014 06:25:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049KERNELBASE.dll6.1.7601.18409531599f6c0000005000084f21a7001cf7facf9e96e53C:\Program Files\MSI\Live Update 5\LU5.exeC:\Windows\system32\KERNELBASE.dll38e040f2-eba0-11e3-ab67-6c626da6205a

Error: (06/04/2014 04:36:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 04:35:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049KERNELBASE.dll6.1.7601.18409531599f6c0000005000084f2170001cf7f9da2999742C:\Program Files\MSI\Live Update 5\LU5.exeC:\Windows\system32\KERNELBASE.dlle237a8d4-eb90-11e3-ab67-6c626da6205a

Error: (06/03/2014 07:22:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/03/2014 05:31:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049LU5.exe5.0.46.04cb43049c000000500001699113401cf7edc594bf502C:\Program Files\MSI\Live Update 5\LU5.exeC:\Program Files\MSI\Live Update 5\LU5.exe991ab43a-eacf-11e3-90f1-6c626da6205a

Error: (06/03/2014 05:31:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 08:15:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LU5.exe5.0.46.04cb43049KERNELBASE.dll6.1.7601.18409531599f6c0000005000084f2a7401cf7e8ea22aff61C:\Program Files\MSI\Live Update 5\LU5.exeC:\Windows\system32\KERNELBASE.dlle376c73d-ea81-11e3-9b9d-6c626da6205a


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3062.71 MB
Available physical RAM: 2022.08 MB
Total Pagefile: 6123.72 MB
Available Pagefile: 4826.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.27 MB

==================== Drives ================================

Drive c: (Boot13) (Fixed) (Total:292.97 GB) (Free:184.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Festpl13) (Fixed) (Total:292.97 GB) (Free:114.33 GB) NTFS
Drive e: (Festpl2) (Fixed) (Total:345.56 GB) (Free:337.18 GB) NTFS
Drive k: (SAMSUNG) (Fixed) (Total:2794.51 GB) (Free:2112.5 GB) NTFS
Drive n: (hitachi) (Fixed) (Total:931.51 GB) (Free:106.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6011F41A)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=639 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: E6E66822)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by geiche (administrator) on GEICHE-PC on 04-06-2014 06:34:43
Running from C:\Users\geiche\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Adobe Systems) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(ashampoo GmbH & Co. KG) C:\Program Files\ashampoo\Urlaubsfoto Alleskönner 2\plug_SnapYa! Wizard.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Irfan Skiljan) C:\Program Files\IrfanView\i_view32.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5388904 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-04-30] (RealNetworks, Inc.)
HKLM\...\Run: [LGODDFU] =>  blrun
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5036600 2014-02-25] (Avira)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [Google Update] => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-12] (Google Inc.)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-30] (Google Inc.)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9420946AEBA4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/MCM_WCP
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - 05AB6182894D4DD7AC11256188C77F71 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=aw0202ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0AyCtBtDyD0A0A0F0DtBtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDzzzz0F0BtDzytGzz0A0D0BtGyDtCtBtDtGzy0EtC0FtGyBzzyD0DtB0F0ByByEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzztB0A0A0A0F0AtG0BtC0A0CtGzyyB0DzytG0ByDzz0DtGtDyCtDtDzz0BtCzztD0DtDyB2Q&cr=1317572961&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 83.169.184.33 83.169.184.97

FireFox:
========
FF ProfilePath: C:\Users\geiche\AppData\Roaming\Mozilla\Firefox\Profiles\n1fi0cva.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\geiche\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\geiche\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\geiche\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\geiche\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\geiche\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\geiche\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-30]
FF HKLM\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKLM\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha5797.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ff
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-30]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1699.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ff
FF HKLM\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2014-02-17]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-03-14]
CHR Extension: (Google Docs) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google-Suche) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb [2014-05-13]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdpkbcmjnfljchemkboibfloaojemka [2014-03-21]
CHR Extension: (Avira Browser Safety) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-22]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-03-24]
CHR Extension: (RealPlayer Downloader) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-03]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf [2014-02-17]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonemdmpddldgdippnlndobchdjfhgbp [2014-03-04]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihecgifecjdmjjmkgnobfpladefgige [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Google Mail) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [ehdpkbcmjnfljchemkboibfloaojemka] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ch\MediaViewV1alpha1699.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [lonemdmpddldgdippnlndobchdjfhgbp] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ch\MediaViewV1alpha5797.crx [2014-04-06]

========================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] ()
S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-30] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S2 Adobe Version Cue CS2; "c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 MSI_DVD_010507; C:\Program Files\MSI\Live Update 5\DVDSYS32_100507.sys [22328 2010-05-10] (Your Corporation)
R3 MSI_MSIBIOS_010507; C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [25912 2010-05-10] (Your Corporation)
R3 MSI_VGASYS_010507; C:\Program Files\MSI\Live Update 5\VGASYS32_100507.sys [16696 2010-05-10] ()
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [60800 2010-07-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [140672 2010-07-27] (Renesas Electronics Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14856 2010-05-21] ()
S3 cpuz134; \??\C:\Users\geiche\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 06:34 - 2014-06-04 06:35 - 00020911 _____ () C:\Users\geiche\Downloads\FRST.txt
2014-06-04 06:33 - 2014-06-04 06:33 - 00000000 ____D () C:\Users\geiche\Downloads\FRST-OlderVersion
2014-06-04 06:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-04 06:20 - 2014-06-04 06:23 - 00000000 ____D () C:\AdwCleaner
2014-06-04 06:19 - 2014-06-04 06:20 - 01327971 _____ () C:\Users\geiche\Downloads\adwcleaner_3.211.exe
2014-06-04 04:34 - 2014-06-04 06:26 - 00058552 _____ () C:\Windows\setupact.log
2014-06-04 04:34 - 2014-06-04 06:26 - 00001730 _____ () C:\Windows\PFRO.log
2014-06-04 04:34 - 2014-06-04 04:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-03 21:25 - 2014-06-03 21:25 - 00008571 _____ () C:\Windows\IE10_main.log
2014-06-03 08:48 - 2014-06-03 08:48 - 00380416 _____ () C:\Users\geiche\Downloads\Gmer-19357.exe
2014-06-03 08:44 - 2014-06-04 06:34 - 00000000 ____D () C:\FRST
2014-06-03 08:40 - 2014-06-03 08:40 - 00050477 _____ () C:\Users\geiche\Downloads\Defogger.exe
2014-06-01 10:25 - 2014-06-01 10:25 - 00942584 _____ () C:\Users\geiche\Downloads\Malwarebytes.exe
2014-06-01 09:48 - 2014-06-04 06:33 - 01059840 _____ (Farbar) C:\Users\geiche\Downloads\FRST.exe
2014-05-26 13:27 - 2014-05-26 13:27 - 00000000 ____D () C:\Program Files\Serif
2014-05-17 19:48 - 2014-05-17 19:48 - 00001144 _____ () C:\Users\geiche\Desktop\PortraitPro 12 Test.lnk
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Local\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 12 Test
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Program Files\PortraitPro 12 Test
2014-05-17 19:44 - 2014-05-17 19:44 - 76888904 _____ (Anthropics Technology Ltd. ) C:\Users\geiche\Downloads\PortraitProTrialSetup.exe
2014-05-16 13:44 - 2014-05-16 13:44 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nsj8BDF.tmp
2014-05-15 05:48 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 05:48 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 05:47 - 2014-05-05 20:39 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 05:47 - 2014-05-05 20:39 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 05:47 - 2014-05-05 17:50 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 05:47 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 05:47 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 05:47 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 05:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 05:47 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 05:47 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 05:47 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 05:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 05:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 05:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 05:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 05:47 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:53 - 2014-05-14 20:53 - 00000000 ____D () C:\Users\geiche\AppData\Local\com
2014-05-13 14:23 - 2014-05-13 14:23 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nspB31F.tmp
2014-05-11 13:04 - 2014-05-11 13:04 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-11 13:03 - 2014-04-11 10:39 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys
2014-05-11 13:03 - 2014-04-11 10:39 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-11 13:03 - 2014-04-11 10:39 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-05-11 13:01 - 2014-05-11 13:01 - 00000000 ____D () C:\Program Files\MarkAny
2014-05-11 13:00 - 2014-05-11 13:00 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\Documents\samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Local\Samsung
2014-05-11 12:38 - 2014-05-13 21:12 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-05-11 12:38 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-11 12:38 - 2014-01-23 18:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-05-11 12:38 - 2014-01-23 18:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-05-11 12:37 - 2014-05-11 12:39 - 00000000 ____D () C:\Program Files\Samsung
2014-05-11 12:37 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-11 12:37 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-05-11 12:34 - 2014-05-11 12:34 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\geiche\Downloads\KiesSetup.exe
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 16:33 - 2014-05-16 05:38 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-04 06:35 - 2014-06-04 06:34 - 00020911 _____ () C:\Users\geiche\Downloads\FRST.txt
2014-06-04 06:35 - 2014-02-16 14:10 - 00000000 ____D () C:\Users\geiche\AppData\Local\Temp
2014-06-04 06:34 - 2014-06-03 08:44 - 00000000 ____D () C:\FRST
2014-06-04 06:34 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 06:34 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 06:33 - 2014-06-04 06:33 - 00000000 ____D () C:\Users\geiche\Downloads\FRST-OlderVersion
2014-06-04 06:33 - 2014-06-01 09:48 - 01059840 _____ (Farbar) C:\Users\geiche\Downloads\FRST.exe
2014-06-04 06:33 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 06:30 - 2014-04-11 14:10 - 00942429 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 06:27 - 2014-03-14 21:48 - 00000000 ___RD () C:\Users\geiche\Google Drive
2014-06-04 06:27 - 2013-08-30 06:38 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 06:26 - 2014-06-04 04:34 - 00058552 _____ () C:\Windows\setupact.log
2014-06-04 06:26 - 2014-06-04 04:34 - 00001730 _____ () C:\Windows\PFRO.log
2014-06-04 06:26 - 2014-02-16 14:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-04 06:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 06:23 - 2014-06-04 06:20 - 00000000 ____D () C:\AdwCleaner
2014-06-04 06:22 - 2014-02-17 13:10 - 00001246 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-04 06:22 - 2014-02-17 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-04 06:22 - 2014-02-16 14:10 - 00000000 ____D () C:\Users\geiche
2014-06-04 06:20 - 2014-06-04 06:19 - 01327971 _____ () C:\Users\geiche\Downloads\adwcleaner_3.211.exe
2014-06-04 06:20 - 2013-09-12 14:48 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000UA.job
2014-06-04 06:18 - 2013-08-30 06:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 05:40 - 2013-08-30 06:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 04:34 - 2014-06-04 04:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-03 21:25 - 2014-06-03 21:25 - 00008571 _____ () C:\Windows\IE10_main.log
2014-06-03 08:48 - 2014-06-03 08:48 - 00380416 _____ () C:\Users\geiche\Downloads\Gmer-19357.exe
2014-06-03 08:40 - 2014-06-03 08:40 - 00050477 _____ () C:\Users\geiche\Downloads\Defogger.exe
2014-06-03 07:20 - 2013-09-12 14:48 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000Core.job
2014-06-02 13:39 - 2014-03-13 15:12 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\XnView
2014-06-01 10:25 - 2014-06-01 10:25 - 00942584 _____ () C:\Users\geiche\Downloads\Malwarebytes.exe
2014-05-27 12:16 - 2013-11-15 21:00 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 12:16 - 2013-11-15 21:00 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 13:27 - 2014-05-26 13:27 - 00000000 ____D () C:\Program Files\Serif
2014-05-21 05:22 - 2013-09-10 15:04 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Mozilla
2014-05-19 07:57 - 2013-12-19 21:13 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\vlc
2014-05-17 19:48 - 2014-05-17 19:48 - 00001144 _____ () C:\Users\geiche\Desktop\PortraitPro 12 Test.lnk
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Local\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 12 Test
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Program Files\PortraitPro 12 Test
2014-05-17 19:44 - 2014-05-17 19:44 - 76888904 _____ (Anthropics Technology Ltd. ) C:\Users\geiche\Downloads\PortraitProTrialSetup.exe
2014-05-16 13:44 - 2014-05-16 13:44 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nsj8BDF.tmp
2014-05-16 06:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 06:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 05:43 - 2013-09-02 07:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 05:38 - 2014-05-06 16:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 05:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 21:59 - 2014-03-22 15:02 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 05:46 - 2013-08-30 19:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 20:53 - 2014-05-14 20:53 - 00000000 ____D () C:\Users\geiche\AppData\Local\com
2014-05-14 15:40 - 2013-08-30 06:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 15:40 - 2013-08-30 06:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:16 - 2014-04-26 08:57 - 00000000 ____D () C:\Program Files\MediaBuzzV1
2014-05-13 21:12 - 2014-05-11 12:38 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-05-13 19:42 - 2014-01-30 09:46 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 14:23 - 2014-05-13 14:23 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nspB31F.tmp
2014-05-11 13:04 - 2014-05-11 13:04 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-11 13:01 - 2014-05-11 13:01 - 00000000 ____D () C:\Program Files\MarkAny
2014-05-11 13:00 - 2014-05-11 13:00 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\Documents\samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Local\Samsung
2014-05-11 12:39 - 2014-05-11 12:37 - 00000000 ____D () C:\Program Files\Samsung
2014-05-11 12:38 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-11 12:38 - 2014-05-11 12:37 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-11 12:37 - 2013-08-29 20:49 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-11 12:36 - 2013-12-16 23:11 - 00000000 ____D () C:\Users\geiche\AppData\Local\Downloaded Installations
2014-05-11 12:34 - 2014-05-11 12:34 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\geiche\Downloads\KiesSetup.exe
2014-05-11 06:06 - 2014-04-29 19:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-15 05:48 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 05:48 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 06:19 - 2014-03-14 21:39 - 00002006 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00002004 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00001994 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 05:44 - 2009-07-14 06:33 - 02323952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 20:39 - 2014-05-15 05:47 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:39 - 2014-05-15 05:47 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 17:50 - 2014-05-15 05:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 15:29 - 2014-02-16 15:08 - 00780808 _____ () C:\Users\geiche\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\geiche\AppData\Local\Temp\avgnt.exe
C:\Users\geiche\AppData\Local\Temp\Quarantine.exe
C:\Users\geiche\AppData\Local\Temp\?odec Performer804128.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 08:18

==================== End Of Log ============================

--- --- ---

--- --- ---

aharonov · 04.06.2014, 08:56

Ok. Wie läuft der Rechner nach folgenden Schritten?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - 05AB6182894D4DD7AC11256188C77F71 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=aw0202ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0AyCtBtDyD0A0A0F0DtBtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDzzzz0F0BtDzytGzz0A0D0BtGyDtCtBtDtGzy0EtC0FtGyBzzyD0DtB0F0ByByEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzztB0A0A0A0F0AtG0BtC0A0CtGzyyB0DzytG0ByDzz0DtGtDyCtDtDzz0BtCzztD0DtDyB2Q&cr=1317572961&ir=
FF HKLM\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKLM\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha5797.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1699.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ff
FF HKCU\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdpkbcmjnfljchemkboibfloaojemka [2014-03-21]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf [2014-02-17]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonemdmpddldgdippnlndobchdjfhgbp [2014-03-04]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihecgifecjdmjjmkgnobfpladefgige [2014-02-17]
CHR HKLM\...\Chrome\Extension: [ehdpkbcmjnfljchemkboibfloaojemka] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ch\MediaViewV1alpha1699.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [lonemdmpddldgdippnlndobchdjfhgbp] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ch\MediaViewV1alpha5797.crx [2014-04-06]
2014-05-13 21:16 - 2014-04-26 08:57 - 00000000 ____D () C:\Program Files\MediaBuzzV1
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb [2014-05-13]
Reboot:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von FRST
Log von MBAM
Log von ESET
Log von FRST

geiche · 04.06.2014, 12:44

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
Ran by geiche at 2014-06-04 12:23:34 Run:1
Running from C:\Users\geiche\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - 05AB6182894D4DD7AC11256188C77F71 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=aw0202ch&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0AyCtBtDyD0A0A0F0DtBtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDzzzz0F0BtDzytGzz0A0D0BtGyDtCtBtDtGzy0EtC0FtGyBzzyD0DtB0F0ByByEzzyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzztB0A0A0A0F0AtG0BtC0A0CtGzyyB0DzytG0ByDzz0DtGtDyCtDtDzz0BtCzztD0DtDyB2Q&cr=1317572961&ir=
FF HKLM\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKLM\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha5797.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1699.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ff
FF HKCU\...\Firefox\Extensions: [speedtest4350@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers
FF Extension: Speed Test (4350) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers [2013-10-27]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-12-25]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdpkbcmjnfljchemkboibfloaojemka [2014-03-21]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf [2014-02-17]
CHR Extension: (Media View) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonemdmpddldgdippnlndobchdjfhgbp [2014-03-04]
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihecgifecjdmjjmkgnobfpladefgige [2014-02-17]
CHR HKLM\...\Chrome\Extension: [ehdpkbcmjnfljchemkboibfloaojemka] - C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ch\MediaViewV1alpha1699.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [lonemdmpddldgdippnlndobchdjfhgbp] - C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ch\MediaViewV1alpha5797.crx [2014-04-06]
2014-05-13 21:16 - 2014-04-26 08:57 - 00000000 ____D () C:\Program Files\MediaBuzzV1
CHR Extension: (No Name) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb [2014-05-13]
Reboot:
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\05AB6182894D4DD7AC11256188C77F71 => Key deleted successfully.
HKCR\Wow6432Node\CLSID\05AB6182894D4DD7AC11256188C77F71 => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\speedtest4350@BestOffers => Value deleted successfully.
C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\speedtest4354@BestOffers => Value deleted successfully.
C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha5797.net => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha1699.net => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\speedtest4350@BestOffers => Value deleted successfully.
C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4350@BestOffers => not found.
HKCU\Software\Mozilla\Firefox\Extensions\\speedtest4354@BestOffers => Value deleted successfully.
C:\Users\geiche\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers => not found.
C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdpkbcmjnfljchemkboibfloaojemka directory not found.
C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf directory not found.
C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonemdmpddldgdippnlndobchdjfhgbp directory not found.
C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihecgifecjdmjjmkgnobfpladefgige directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehdpkbcmjnfljchemkboibfloaojemka => Key deleted successfully.
"C:\Program Files\MediaViewV1\MediaViewV1alpha1699\ch\MediaViewV1alpha1699.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\lonemdmpddldgdippnlndobchdjfhgbp => Key deleted successfully.
"C:\Program Files\MediaViewV1\MediaViewV1alpha5797\ch\MediaViewV1alpha5797.crx" => File/Directory not found.
C:\Program Files\MediaBuzzV1 => Moved successfully.
C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb directory not found.


The system needed a reboot.

Hallo Leo , hatte gerade einen total crash beim scannen mit Malwarebytes habe dummerweise versucht einen screenshot zu machen .
War es das jetzt , oder kann man da noch was machen . Bin jetzt online mit meinen XP Windows auf einer anderen Festplatte.

Hallo Leo , habe gerade einen total crash mit windows 7 gehabt beim scannen mit malwarebytes , habe dummerweise versucht einen screenshot zu machen , danach ging nichts mehr . War es dann das oder läßt sich da noch was machen . Bin jetzt mit einer anderen Festplatte und XP online .
VG Günter

aharonov · 04.06.2014, 13:12

Was heisst total Crash? Kannst du Win7 nicht mehr starten? Was passiert genau?

geiche · 04.06.2014, 14:06

zunächst ist die seite eingefroren , keine Reaktion , dieses Rad das sich beim scannen dreht steht sill , wenn ich mit dem Mauszeiger über Schaltstellen gehe und klicke - keine Reaktion . Nach einiger Zeit habe ich Tasten alt /Strgund Entf gedrückt daraufhin war der Monitor schwarz dann kam eine Meldung die ich nicht mehr genau weiß
Boot .... irgend eine Taste drücken , wenn ich das gemacht habe kam die gleiche Meldung wieder dann kam diese Meldung von allein kontinuirlich , dann habe den PC am Hauptschalter ausgestellt nach einger Zeit wieder an aber er bleibt schwarz nur ein Cursor blinkt.
VG Günter

so nach erneutem Versuch mit Windows 7 bin wieder drin , mache jetzt weiter mit dem scannen

aharonov · 04.06.2014, 14:26

Zitat:

so nach erneutem Versuch mit Windows 7 bin wieder drin , mache jetzt weiter mit dem scannen

Alles klar. Schwer zu sagen, was da passiert ist. Aber wenns jetzt wieder läuft, machen wir mal weiter..

geiche · 04.06.2014, 15:01

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.06.2014
Suchlauf-Zeit: 15:10:22
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.04.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: geiche

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333334
Verstrichene Zeit: 7 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 14
PUP.Optional.SaveSense.A, HKU\S-1-5-21-2917435617-3823699889-1472500709-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{71e129ff-6c2a-4984-818c-7e2c998b8d99}, Löschen bei Neustart, [f5802c4846352a0c8ea461d7d82a60a0], 
PUP.Optional.SpeedTest.A, HKU\S-1-5-21-2917435617-3823699889-1472500709-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0A44F337-EFC8-44BC-891F-4A2FA57995D9}, Löschen bei Neustart, [2253e391285362d447b4b97d08fa12ee], 
PUP.Optional.BestToolbars, HKU\S-1-5-21-2917435617-3823699889-1472500709-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}, Löschen bei Neustart, [a4d1b6be93e876c04c5c85eb847ef60a], 
PUP.Optional.BestToolbars, HKU\S-1-5-21-2917435617-3823699889-1472500709-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}, Löschen bei Neustart, [a4d1b6be93e876c04c5c85eb847ef60a], 
PUP.Optional.MediaView.A, HKLM\SOFTWARE\MediaViewV1alpha1699, In Quarantäne, [a1d46e060d6ef34399a6347905fd0bf5], 
PUP.Optional.MediaView.A, HKLM\SOFTWARE\MediaViewV1alpha5797, In Quarantäne, [6c09443093e88aac7bc4327b62a001ff], 
PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test (4354).BackgroundHostObject, In Quarantäne, [21544b29d6a5dd59cd2e189d877b3ec2], 
PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test (4354).BackgroundHostObject.1, In Quarantäne, [2e4734408af1c4726b90575e8d75c937], 
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, Löschen bei Neustart, [e78ecba966155fd747631f91c33f35cb], 
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\freeven, Löschen bei Neustart, [245186ee007b57df83f489225da5d42c], 
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2, Löschen bei Neustart, [2d484f250378bb7b5d9aedaa82806b95], 
PUP.Optional.MediaEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\media enhance, Löschen bei Neustart, [35407bf992e944f216a45d43ce346898], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, Löschen bei Neustart, [8aebec8834476bcb1551961226dc12ee], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2917435617-3823699889-1472500709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Löschen bei Neustart, [3b3a3a3af586a98d68666e71986b22de], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 6
PUP.Optional.Snapdo, HKU\S-1-5-21-2917435617-3823699889-1472500709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013),Löschen bei Neustart,[92e3ef858eed0234b8b82147ba4a7888]
PUP.Optional.Snapdo, HKU\S-1-5-21-2917435617-3823699889-1472500709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013),Löschen bei Neustart,[04713f352f4c0b2b036eee7a30d43bc5]
PUP.Optional.Snapdo, HKU\S-1-5-21-2917435617-3823699889-1472500709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=hp&installDate=14/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=hp&installDate=14/11/2013),Löschen bei Neustart,[5d18472d2d4eae880f630d5b58ac718f]
PUP.Optional.Snapdo, HKU\S-1-5-21-2917435617-3823699889-1472500709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013),Löschen bei Neustart,[7ef713616516989e660d07618f750bf5]
PUP.Optional.Snapdo, HKU\S-1-5-21-2917435617-3823699889-1472500709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013),Löschen bei Neustart,[d99c7ff5f88387af95df3d2b60a401ff]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2917435617-3823699889-1472500709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=99c3ef05-9edb-44e5-fd92-b5bb599b4209&searchtype=ds&q={searchTerms}&installDate=14/11/2013),Löschen bei Neustart,[3a3b3d375427b482868638275da7629e]

Ordner: 25
PUP.Optional.FreeGames.A, C:\Users\geiche\AppData\Roaming\freegames4357, In Quarantäne, [d3a2b0c4b8c3af87ab634f347a8814ec], 
PUP.Optional.SpeedTest.A, C:\Users\geiche\AppData\Roaming\speedtest4350, In Quarantäne, [f77efa7a1f5c9d99c8494a39a2605ba5], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\bin, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\Logs, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\rep, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\bin, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\Logs, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\rep, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\bin, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\bubble, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\libs, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\protection, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\settings, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\uninstall, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\rep, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dmgpbjjcdccinnndjdgmegndbmhbgglb_0, In Quarantäne, [4c29e39198e31a1c95d6ed9bc33f7c84], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0, In Quarantäne, [e194650fdba08ea858af5931738f7090], 

Dateien: 103
PUP.Optional.InstallBrain.A, C:\Users\geiche\AppData\Local\Temp\Ð¡odec Performer804128.exe, In Quarantäne, [88ed5420fa819e98e2ccb98a5ea333cd], 
PUP.Optional.InstallBrain.A, C:\Users\geiche\Downloads\CodecPerformerSetup.exe, In Quarantäne, [88ed4232c9b2bd79e2cc91b28c75aa56], 
PUP.Optional.Domalq, C:\Users\geiche\Downloads\Java7.exe, In Quarantäne, [aec752220873a98dcc68f2397b8558a8], 
PUP.Optional.Outbrowse, C:\Users\geiche\Downloads\Malwarebytes.exe, In Quarantäne, [2c4951234239063083e9dea148b97888], 
PUP.Optional.BundleInstaller.A, C:\Users\geiche\Downloads\VideoPerformerSetup_v6e2769.exe, In Quarantäne, [0a6bbeb60477aa8c1a8044f3e51f9e62], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0.localstorage, In Quarantäne, [70050173f9826dc94cd8446113efe41c], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0.localstorage-journal, In Quarantäne, [41343044fe7dc373c4603b6a9c66ba46], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmgpbjjcdccinnndjdgmegndbmhbgglb_0.localstorage, In Quarantäne, [076eed87700b1c1ae0ba3e6944be38c8], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmgpbjjcdccinnndjdgmegndbmhbgglb_0.localstorage-journal, In Quarantäne, [caab8ee6cdae4ee8aaf0e3c48b7732ce], 
PUP.Optional.FreeGames.A, C:\Users\geiche\AppData\Roaming\freegames4357\freegames4357.crx, In Quarantäne, [d3a2b0c4b8c3af87ab634f347a8814ec], 
PUP.Optional.FreeGames.A, C:\Users\geiche\AppData\Roaming\freegames4357\freegames4357DeskTopIcon.ico, In Quarantäne, [d3a2b0c4b8c3af87ab634f347a8814ec], 
PUP.Optional.FreeGames.A, C:\Users\geiche\AppData\Roaming\freegames4357\install_helper.exe, In Quarantäne, [d3a2b0c4b8c3af87ab634f347a8814ec], 
PUP.Optional.SpeedTest.A, C:\Users\geiche\AppData\Roaming\speedtest4350\DeskTopIcon.ico, In Quarantäne, [f77efa7a1f5c9d99c8494a39a2605ba5], 
PUP.Optional.SpeedTest.A, C:\Users\geiche\AppData\Roaming\speedtest4350\install_helper.exe, In Quarantäne, [f77efa7a1f5c9d99c8494a39a2605ba5], 
PUP.Optional.SpeedTest.A, C:\Users\geiche\AppData\Roaming\speedtest4350\speedtest4350.crx, In Quarantäne, [f77efa7a1f5c9d99c8494a39a2605ba5], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\EULA.txt, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\bin\CltMngSvc.exe, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\bin\SPTool.dll, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\bin\SPtool.dll_1387965383656, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\bin\SPtool.dll_1389595566291, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\bin\uninstall.exe, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\Main\rep\SystemRepository.dat, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\bin\cltmng.exe, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\bin\SPTool64.exe, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\bin\SPVC32.dll, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\bin\SPVC64.dll, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\bin\cltmngui.exe, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\settings.html, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\style.css, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\bubble\bubble.css, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\bubble\bubble.html, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\bubble\bubble.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\bubble\defaults.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\Apply-default.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\bg.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\bgNotif.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\bgSettings.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\btnBlue.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\btnClose.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\btnSilver.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\checkbox.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\close-win-def.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\gray-bg.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\hez-def.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\hez-selected.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\hez.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\icon-win.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\info-icon.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\menu-selected.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\radio-button.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\radio-button2.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\text-field.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\v.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\Images\x.png, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\libs\defaults.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\libs\json2.min.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\libs\main.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\protection\defaults.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\protection\protection.css, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\protection\protection.html, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\protection\protection.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\settings\defaults.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\settings\settings.css, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\settings\settings.html, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\settings\settings.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\uninstall\defaults.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect3506262\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [afc67ef67605e94dda7bb1d6c93921df], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dmgpbjjcdccinnndjdgmegndbmhbgglb_0\19, In Quarantäne, [4c29e39198e31a1c95d6ed9bc33f7c84], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb\000102.ldb, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb\000105.log, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb\CURRENT, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb\LOCK, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb\LOG, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb\LOG.old, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmgpbjjcdccinnndjdgmegndbmhbgglb\MANIFEST-000103, In Quarantäne, [a6cf34402556270f5c1bc2c6ef13ff01], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\002348.ldb, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\002362.ldb, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\002365.ldb, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\002366.log, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\CURRENT, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOCK, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOG, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOG.old, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\MANIFEST-002364, In Quarantäne, [3441acc8ec8f1c1ae6209eec986a01ff], 
PUP.Optional.CrossRider.A, C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0\1, In Quarantäne, [e194650fdba08ea858af5931738f7090], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=19ab1fd83fc6c941a57d20f56dabcc73
# engine=18552
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-04 01:50:07
# local_time=2014-06-04 03:50:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 33869 153520998 0 0
# scanned=11323
# found=37
# cleaned=0
# scan_time=472
sh=EA91A7B4AB2DE640BBDAE944E5F91E6C479DCDDF ft=1 fh=9996c0ea4bfd5a76 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\avira_free_antivirus_de.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\$WINDOWS.~Q\DATA\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
sh=E44D062204C9698F5C95651F2E424D37A31F5B15 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\$WINDOWS.~Q\DATA\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=567F7670AC05037B3D666088C2B25036098F2AA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\$WINDOWS.~Q\DATA\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z"
sh=709DDDA530C3B99D0D3A168A13C659E6E33B5E6F ft=1 fh=347b57a574be47ba vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchApp.dll.vir"
sh=103D4108A2DB9D2A9807AFE325277819FE9C8210 ft=1 fh=9ba40ad0f3418667 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchEng.dll.vir"
sh=7161DEDF77F089EC9F18D938578539604E3D19BA ft=1 fh=51e69ad137bde36c vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchsrv.exe.vir"
sh=0C507C8C521AD1F2DC2DDA05455A4C067DDDA0D6 ft=1 fh=d7b118d85c3c98f0 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll.vir"
sh=D4E496762425903D89311B727FCEC3B4DF7153E7 ft=1 fh=4d575f89f4e859f5 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\buenosearch LTD\buenosearch\1.8.28.7\uninstall.exe.vir"
sh=19C476FABB1B7C06079DF1E7A023EE556A0D8BAF ft=1 fh=53f848299ef89fdb vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll.vir"
sh=934580F56C6D22F48EB975648C3DB6485870938E ft=1 fh=1dee43825ec78b5e vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha1699\uninstall.exe.vir"
sh=8E412C3173F26AA13DE956CD7F214E3867DC6D6B ft=1 fh=d116909f5ec78b5e vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha5797\uninstall.exe.vir"
sh=6BB87322CC04A1DE85408C4B3BECB03356230BE3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-1.3\31257.crx.vir"
sh=D329A6E239ACD37CDE0407F88BC1F98386447CD6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Plus-HD-1.3\31257.xpi.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\SaveSenseLive.exe.vir"
sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir"
sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir"
sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir"
sh=189FC4DEFBF3AF52775F7A922789A0CA6A8FF6F8 ft=1 fh=4ed2a41f68ba7620 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=A57A0DBBB1F4509E15617380DE4A0D02B2751622 ft=1 fh=c71c001135f763b4 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=7747A4AF95D60CB0E9636E483BBED8D1E94A3BCD ft=1 fh=d5b93855013f06e6 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Conduit\Chrome\CT3317491\CHUninstaller.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\genienext\nengine.dll.vir"
sh=8CE29B8AB884C4365F82A7A8AFB62B296781C051 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb\1.26.28_0\extensionData\plugins\91.js.vir"
sh=723D315206A52C4CE6BE51080EAE93F13ACDBD86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.26.196_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=8F399BFA81BF493FF5FE7D4CD69A7C44E8EF1A6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.26.196_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=A7920DCAE31CAB7E2BAA6D10C4B2C540F5D87CF0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.26.196_0\extensionData\plugins\208_gam_manager.js.vir"
sh=0F33FFF12F6552F1790D3825DBB1B7A0D359EA56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.26.196_0\extensionData\plugins\217_similar_products_m.js.vir"
sh=932A0B84A1EE5590D4311A71FEE071A08166963C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.26.196_0\extensionData\plugins\221_icm_downloads_m.js.vir"
sh=DC790DFB6D4E0C15D927A3B20EFC147F44D4F5E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.26.196_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=82375A6153BE4F1F134E2E0A6077B67597E7F382 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.26.196_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=1DA36F2CEBBB8BACCE6B13E4438FEEBCD11B284C ft=1 fh=72b5baba16092778 vn="Win32/Conduit.SearchProtect evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf\10.31.0.526_0\APISupport\APISupport.dll.vir"
sh=119B91098847A205621FA7388C8B4A2FC134F0EB ft=1 fh=a4ebcb24189af321 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=8E6270F9DA8ECE45F03149274B3DBD370FF2F404 ft=1 fh=141990a027dc0992 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejlhopdgiicmagejpikgcinmicololf\10.31.0.526_0\plugins\ChromeApiPlugin.dll.vir"

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by geiche (administrator) on GEICHE-PC on 04-06-2014 16:00:18
Running from C:\Users\geiche\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Adobe Systems) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Avira) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5388904 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-04-30] (RealNetworks, Inc.)
HKLM\...\Run: [LGODDFU] =>  blrun
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5036600 2014-02-25] (Avira)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [Google Update] => C:\Users\geiche\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-12] (Google Inc.)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-30] (Google Inc.)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-2917435617-3823699889-1472500709-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9420946AEBA4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/MCM_WCP
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 83.169.184.33 83.169.184.97

FireFox:
========
FF ProfilePath: C:\Users\geiche\AppData\Roaming\Mozilla\Firefox\Profiles\n1fi0cva.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\geiche\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\geiche\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\geiche\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\geiche\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\geiche\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\geiche\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-30]
FF HKLM\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2014-02-17]
CHR Extension: (Google Docs) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google-Suche) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Avira Browser Safety) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-22]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-03-24]
CHR Extension: (RealPlayer Downloader) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-03]
CHR Extension: (Google Wallet) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Google Mail) - C:\Users\geiche\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

========================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] ()
S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-30] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S2 Adobe Version Cue CS2; "c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 MSI_DVD_010507; C:\Program Files\MSI\Live Update 5\DVDSYS32_100507.sys [22328 2010-05-10] (Your Corporation)
R3 MSI_MSIBIOS_010507; C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [25912 2010-05-10] (Your Corporation)
R3 MSI_VGASYS_010507; C:\Program Files\MSI\Live Update 5\VGASYS32_100507.sys [16696 2010-05-10] ()
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [60800 2010-07-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [140672 2010-07-27] (Renesas Electronics Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14856 2010-05-21] ()
S3 cpuz134; \??\C:\Users\geiche\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 15:34 - 2014-06-04 15:34 - 02347384 _____ (ESET) C:\Users\geiche\Downloads\esetsmartinstaller_deu.exe
2014-06-04 15:22 - 2014-06-04 15:22 - 00037684 _____ () C:\Windows\PFRO.log
2014-06-04 15:01 - 2014-06-04 15:23 - 00058552 _____ () C:\Windows\setupact.log
2014-06-04 15:01 - 2014-06-04 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 14:31 - 2014-06-04 14:35 - 00402944 ___SH () C:\Users\geiche\Downloads\Thumbs.db
2014-06-04 12:40 - 2014-06-04 15:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 12:40 - 2014-06-04 15:08 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-04 12:40 - 2014-06-04 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-04 12:40 - 2014-06-04 15:08 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-04 12:40 - 2014-06-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 12:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 12:40 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 12:40 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-04 12:30 - 2014-06-04 12:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\geiche\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 12:28 - 2014-06-04 15:21 - 00054028 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 06:35 - 2014-06-04 14:37 - 00064942 _____ () C:\Users\geiche\Downloads\Addition.txt
2014-06-04 06:34 - 2014-06-04 16:00 - 00019313 _____ () C:\Users\geiche\Downloads\FRST.txt
2014-06-04 06:33 - 2014-06-04 06:33 - 00000000 ____D () C:\Users\geiche\Downloads\FRST-OlderVersion
2014-06-04 06:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-04 06:20 - 2014-06-04 06:23 - 00000000 ____D () C:\AdwCleaner
2014-06-04 06:19 - 2014-06-04 06:20 - 01327971 _____ () C:\Users\geiche\Downloads\adwcleaner_3.211.exe
2014-06-03 08:48 - 2014-06-03 08:48 - 00380416 _____ () C:\Users\geiche\Downloads\Gmer-19357.exe
2014-06-03 08:44 - 2014-06-04 16:00 - 00000000 ____D () C:\FRST
2014-06-03 08:40 - 2014-06-03 08:40 - 00050477 _____ () C:\Users\geiche\Downloads\Defogger.exe
2014-06-01 09:48 - 2014-06-04 06:33 - 01059840 _____ (Farbar) C:\Users\geiche\Downloads\FRST.exe
2014-05-26 13:27 - 2014-05-26 13:27 - 00000000 ____D () C:\Program Files\Serif
2014-05-17 19:48 - 2014-05-17 19:48 - 00001144 _____ () C:\Users\geiche\Desktop\PortraitPro 12 Test.lnk
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Local\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 12 Test
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Program Files\PortraitPro 12 Test
2014-05-17 19:44 - 2014-05-17 19:44 - 76888904 _____ (Anthropics Technology Ltd. ) C:\Users\geiche\Downloads\PortraitProTrialSetup.exe
2014-05-16 13:44 - 2014-05-16 13:44 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nsj8BDF.tmp
2014-05-15 05:48 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 05:48 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 05:47 - 2014-05-05 20:39 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 05:47 - 2014-05-05 20:39 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 05:47 - 2014-05-05 17:50 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 05:47 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 05:47 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 05:47 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 05:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 05:47 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 05:47 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 05:47 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 05:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 05:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 05:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 05:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 05:47 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 05:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 20:53 - 2014-05-14 20:53 - 00000000 ____D () C:\Users\geiche\AppData\Local\com
2014-05-13 14:23 - 2014-05-13 14:23 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nspB31F.tmp
2014-05-11 13:04 - 2014-05-11 13:04 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-11 13:03 - 2014-04-11 10:39 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys
2014-05-11 13:03 - 2014-04-11 10:39 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-11 13:03 - 2014-04-11 10:39 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-05-11 13:01 - 2014-05-11 13:01 - 00000000 ____D () C:\Program Files\MarkAny
2014-05-11 13:00 - 2014-05-11 13:00 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\Documents\samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Local\Samsung
2014-05-11 12:38 - 2014-05-13 21:12 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-05-11 12:38 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-11 12:38 - 2014-01-23 18:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-05-11 12:38 - 2014-01-23 18:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-05-11 12:37 - 2014-05-11 12:39 - 00000000 ____D () C:\Program Files\Samsung
2014-05-11 12:37 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-11 12:37 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-05-11 12:34 - 2014-05-11 12:34 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\geiche\Downloads\KiesSetup.exe
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 16:33 - 2014-05-16 05:38 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-04 16:00 - 2014-06-04 06:34 - 00019313 _____ () C:\Users\geiche\Downloads\FRST.txt
2014-06-04 16:00 - 2014-06-03 08:44 - 00000000 ____D () C:\FRST
2014-06-04 16:00 - 2014-02-16 14:10 - 00000000 ____D () C:\Users\geiche\AppData\Local\Temp
2014-06-04 15:40 - 2013-08-30 06:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 15:38 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 15:34 - 2014-06-04 15:34 - 02347384 _____ (ESET) C:\Users\geiche\Downloads\esetsmartinstaller_deu.exe
2014-06-04 15:31 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:31 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:28 - 2014-06-04 12:28 - 00054028 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 15:25 - 2014-06-04 12:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 15:25 - 2014-03-14 21:48 - 00000000 ___RD () C:\Users\geiche\Google Drive
2014-06-04 15:24 - 2013-08-30 06:38 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 15:23 - 2014-06-04 15:01 - 00058552 _____ () C:\Windows\setupact.log
2014-06-04 15:23 - 2014-02-16 14:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-04 15:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 15:22 - 2014-06-04 15:22 - 00037684 _____ () C:\Windows\PFRO.log
2014-06-04 15:21 - 2011-04-12 03:29 - 00000000 ____D () C:\Windows\DigitalLocker
2014-06-04 15:20 - 2013-09-12 14:48 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000UA.job
2014-06-04 15:18 - 2013-08-30 06:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 15:08 - 2014-06-04 12:40 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-04 15:08 - 2014-06-04 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-04 15:08 - 2014-06-04 12:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-04 15:01 - 2014-06-04 15:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 14:37 - 2014-06-04 06:35 - 00064942 _____ () C:\Users\geiche\Downloads\Addition.txt
2014-06-04 14:35 - 2014-06-04 14:31 - 00402944 ___SH () C:\Users\geiche\Downloads\Thumbs.db
2014-06-04 12:40 - 2014-06-04 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 12:30 - 2014-06-04 12:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\geiche\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 12:25 - 2014-01-30 09:46 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-04 12:23 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-04 07:20 - 2013-09-12 14:48 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917435617-3823699889-1472500709-1000Core.job
2014-06-04 06:33 - 2014-06-04 06:33 - 00000000 ____D () C:\Users\geiche\Downloads\FRST-OlderVersion
2014-06-04 06:33 - 2014-06-01 09:48 - 01059840 _____ (Farbar) C:\Users\geiche\Downloads\FRST.exe
2014-06-04 06:23 - 2014-06-04 06:20 - 00000000 ____D () C:\AdwCleaner
2014-06-04 06:22 - 2014-02-17 13:10 - 00001246 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-04 06:22 - 2014-02-17 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-04 06:22 - 2014-02-16 14:10 - 00000000 ____D () C:\Users\geiche
2014-06-04 06:20 - 2014-06-04 06:19 - 01327971 _____ () C:\Users\geiche\Downloads\adwcleaner_3.211.exe
2014-06-03 08:48 - 2014-06-03 08:48 - 00380416 _____ () C:\Users\geiche\Downloads\Gmer-19357.exe
2014-06-03 08:40 - 2014-06-03 08:40 - 00050477 _____ () C:\Users\geiche\Downloads\Defogger.exe
2014-06-02 13:39 - 2014-03-13 15:12 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\XnView
2014-05-27 12:16 - 2013-11-15 21:00 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 12:16 - 2013-11-15 21:00 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 13:27 - 2014-05-26 13:27 - 00000000 ____D () C:\Program Files\Serif
2014-05-21 05:22 - 2013-09-10 15:04 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Mozilla
2014-05-19 07:57 - 2013-12-19 21:13 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\vlc
2014-05-17 19:48 - 2014-05-17 19:48 - 00001144 _____ () C:\Users\geiche\Desktop\PortraitPro 12 Test.lnk
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Users\geiche\AppData\Local\Anthropics
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 12 Test
2014-05-17 19:48 - 2014-05-17 19:48 - 00000000 ____D () C:\Program Files\PortraitPro 12 Test
2014-05-17 19:44 - 2014-05-17 19:44 - 76888904 _____ (Anthropics Technology Ltd. ) C:\Users\geiche\Downloads\PortraitProTrialSetup.exe
2014-05-16 13:44 - 2014-05-16 13:44 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nsj8BDF.tmp
2014-05-16 06:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 06:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 05:43 - 2013-09-02 07:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 05:38 - 2014-05-06 16:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 05:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 21:59 - 2014-03-22 15:02 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 05:46 - 2013-08-30 19:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 20:53 - 2014-05-14 20:53 - 00000000 ____D () C:\Users\geiche\AppData\Local\com
2014-05-14 15:40 - 2013-08-30 06:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 15:40 - 2013-08-30 06:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:12 - 2014-05-11 12:38 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-05-13 14:23 - 2014-05-13 14:23 - 01746032 _____ (AnyProtect.com) C:\Users\geiche\AppData\Local\nspB31F.tmp
2014-05-12 07:26 - 2014-06-04 12:40 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-04 12:40 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-04 12:40 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 13:04 - 2014-05-11 13:04 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-11 13:01 - 2014-05-11 13:01 - 00000000 ____D () C:\Program Files\MarkAny
2014-05-11 13:00 - 2014-05-11 13:00 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\Documents\samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Roaming\Samsung
2014-05-11 13:00 - 2014-05-11 13:00 - 00000000 ____D () C:\Users\geiche\AppData\Local\Samsung
2014-05-11 12:39 - 2014-05-11 12:37 - 00000000 ____D () C:\Program Files\Samsung
2014-05-11 12:38 - 2014-05-11 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-11 12:38 - 2014-05-11 12:37 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-11 12:37 - 2013-08-29 20:49 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-11 12:36 - 2013-12-16 23:11 - 00000000 ____D () C:\Users\geiche\AppData\Local\Downloaded Installations
2014-05-11 12:34 - 2014-05-11 12:34 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\geiche\Downloads\KiesSetup.exe
2014-05-11 06:06 - 2014-04-29 19:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 09:06 - 2014-05-15 05:48 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 05:48 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-09 06:19 - 2014-03-14 21:39 - 00002006 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00002004 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00001994 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-09 06:19 - 2014-03-14 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 05:44 - 2009-07-14 06:33 - 02323952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 20:39 - 2014-05-15 05:47 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:39 - 2014-05-15 05:47 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 17:50 - 2014-05-15 05:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 15:29 - 2014-02-16 15:08 - 00780808 _____ () C:\Users\geiche\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\geiche\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 08:18

==================== End Of Log ============================

--- --- ---

--- --- ---

03.06.2014, 19:22	#8
aharonov /// TB-Ausbilder	Nach der Installation von Windows 7 öffnen sich immer öfters popups erst in chrome nun auch in firefox Wenn du ein Programm nicht findest oder nicht deinstallieren kannst, dann mach einfach mit dem nächsten weiter. __________________ cheers, Leo

04.06.2014, 13:12	#12
aharonov /// TB-Ausbilder	Nach der Installation von Windows 7 öffnen sich immer öfters popups erst in chrome nun auch in firefox Was heisst total Crash? Kannst du Win7 nicht mehr starten? Was passiert genau? __________________ cheers, Leo

Nach der Installation von Windows 7 öffnen sich immer öfters popups erst in chrome nun auch in firefox

Plagegeister aller Art und deren Bekämpfung: Nach der Installation von Windows 7 öffnen sich immer öfters popups erst in chrome nun auch in firefox