Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Banner rvzr-a.akamaihd.net wird ständig gestartet. (https://www.trojaner-board.de/151316-banner-rvzr-a-akamaihd-net-staendig-gestartet.html)

Harzfuchs 21.03.2014 17:23
Banner rvzr-a.akamaihd.net wird ständig gestartet.
 
Sehr geehrtes Forum,

seit einiger Zeit (es wurde der Adobe Flash Player installiert)
erscheinen diverse Banner, aber meist der rvzr-a.akamaihd.net

Der Virenscanner Kaspersky Internet Security unterdrückt zwar die Banner,
aber es bleibt ein schwarzer Bildschirm.
Ich verwende Firefox als Browser und Betriebsystem ist Windows 7.

Kann Kaspersky den oder die Banner löschen?

Ratlose Grüße

Volker

schrauber 21.03.2014 17:25
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Harzfuchs 22.03.2014 07:33
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Gaby (administrator) on GABY-PC on 22-03-2014 07:21:16
Running from C:\Users\Gaby\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Ulead Systems, Inc.) C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13797992 2009-09-01] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [674336 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CanonQuickMenu] - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-15] (Microsoft Corporation)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner.exe [4505368 2014-02-20] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~1\Amazon\AMAZON~1\\AMAZON~1.DLL => C:\PROGRA~1\Amazon\AMAZON~1\\AMAZON~1.DLL File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=208ca7f10000000000000025d394bde0
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=208C0025D394BDE0&affID=125035&tsp=5029
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=3219913727_67194_208CA7F1&ts=1381220070
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=3219913727_67194_208CA7F1&ts=1381220070&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=3219913727_67194_208CA7F1&ts=1381220070&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-ie-21&tbrId=v1_abb-channel-23_3fdd927070c144789c5d11887294a099_39_1006_20140302_DE_ie_ds_sbinstall2&query={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=208C0025D394BDE0&affID=125035&tsp=5029
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=3219913727_67194_208CA7F1&ts=1381220070&type=default&q={searchTerms}
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=208ca7f10000000000000025d394bde0&r=498
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-ie-21&tbrId=v1_abb-channel-23_3fdd927070c144789c5d11887294a099_39_1006_20140302_DE_ie_ds_sbinstall2&query={searchTerms}
BHO: Plus-HD-7.7 - {11111111-1111-1111-1111-110511071180} - C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-bho.dll (Plus HD)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\pyn4vgnp.default-1395041153501
FF Homepage: https://www.google.de/|https://my.screenname.aol.com/_cqr/login/login.psp?authLev=0&lang=de&locale=de&sitedomain=www.aol.de&siteState=OrigUrl%3Dhttp%253A%252F%252Fwww.aol.de%252F
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-7.7 - C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\pyn4vgnp.default-1395041153501\Extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com [2014-03-19]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-11]

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [546112 2014-01-27] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-02-25] ()

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-11] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576096 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 07:21 - 2014-03-22 07:22 - 00016255 _____ () C:\Users\Gaby\Downloads\FRST.txt
2014-03-22 07:20 - 2014-03-22 07:21 - 00000000 ____D () C:\FRST
2014-03-22 07:18 - 2014-03-22 07:19 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(3).exe
2014-03-22 07:11 - 2014-03-22 07:11 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(2).exe
2014-03-22 07:08 - 2014-03-22 07:08 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(1).exe
2014-03-22 07:05 - 2014-03-22 07:05 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST.exe
2014-03-22 06:57 - 2014-03-22 06:57 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-20 14:58 - 2014-03-22 06:57 - 00000000 ____D () C:\Users\Gaby\Documents\Mein Steuer-Sparbuch Heute
2014-03-19 17:59 - 2014-03-19 17:59 - 00002045 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-03-19 17:59 - 2014-03-19 17:59 - 00000080 _____ () C:\Windows\wiso.ini
2014-03-19 17:59 - 2014-03-19 17:59 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Buhl
2014-03-19 17:46 - 2014-03-19 17:46 - 00000000 ____D () C:\Program Files\WISO
2014-03-19 17:44 - 2014-03-19 17:59 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-18 13:14 - 2014-03-18 13:31 - 00000000 ____D () C:\Users\Gaby\Desktop\Bewerbung Halle
2014-03-16 16:29 - 2014-03-16 19:15 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\vlc
2014-03-16 16:29 - 2014-03-16 16:29 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-16 16:29 - 2014-03-16 16:29 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\dvdcss
2014-03-16 16:28 - 2014-03-16 16:28 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-16 16:26 - 2014-03-16 16:27 - 24677393 _____ () C:\Users\Gaby\Desktop\vlc-2.1.3-win32.exe
2014-03-13 08:37 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 08:37 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 08:37 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 08:37 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 08:37 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 08:37 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 08:37 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 08:37 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 08:37 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 08:37 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 08:37 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 08:37 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 08:37 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 08:37 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 08:37 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 08:37 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 08:37 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 08:37 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 08:37 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 08:37 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 08:37 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 08:37 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 08:37 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:37 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:37 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:37 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:36 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-05 16:53 - 2014-03-05 16:53 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-03-02 14:29 - 2014-03-02 14:29 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-02 14:29 - 2014-03-02 14:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-02 14:28 - 2014-03-02 14:28 - 04765152 _____ (Piriform Ltd) C:\Users\Gaby\Downloads\ccsetup411.exe
2014-03-02 14:24 - 2014-03-02 14:24 - 00000000 ____D () C:\Users\Gaby\AppData\Local\CrashRpt
2014-03-02 13:52 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\Systweak Support Dock
2014-03-02 13:10 - 2014-03-22 07:10 - 00001494 _____ () C:\Windows\Tasks\Plus-HD-7.7-updater.job
2014-03-02 13:09 - 2014-03-22 07:14 - 00002300 _____ () C:\Windows\Tasks\Plus-HD-7.7-firefoxinstaller.job
2014-03-02 13:09 - 2014-03-22 07:09 - 00002378 _____ () C:\Windows\Tasks\Plus-HD-7.7-validator.job
2014-03-02 13:09 - 2014-03-22 07:09 - 00001450 _____ () C:\Windows\Tasks\Plus-HD-7.7-codedownloader.job
2014-03-02 13:09 - 2014-03-22 07:09 - 00001348 _____ () C:\Windows\Tasks\Plus-HD-7.7-enabler.job
2014-03-02 13:09 - 2014-03-02 14:23 - 00000000 ____D () C:\Program Files\System Speedup
2014-03-02 13:09 - 2014-03-02 13:52 - 00000000 ____D () C:\Program Files\Advanced System Protector
2014-03-02 13:09 - 2014-03-02 13:51 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-02 13:08 - 2014-03-02 13:10 - 00000000 ____D () C:\Program Files\Plus-HD-7.7
2014-03-02 13:08 - 2014-03-02 13:08 - 00000368 _____ () C:\Windows\wininit.ini
2014-03-02 13:07 - 2014-03-02 13:07 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-02 13:06 - 2014-03-02 13:06 - 00293608 _____ (Setup·process) C:\Users\Gaby\Downloads\Adobe%20Flash%20Player%2011.exe
2014-03-01 14:56 - 2014-03-01 14:56 - 00872165 _____ () C:\Users\Gaby\Desktop\sigvis.zip

==================== One Month Modified Files and Folders =======

2014-03-22 07:22 - 2014-03-22 07:21 - 00016255 _____ () C:\Users\Gaby\Downloads\FRST.txt
2014-03-22 07:21 - 2014-03-22 07:20 - 00000000 ____D () C:\FRST
2014-03-22 07:19 - 2014-03-22 07:18 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(3).exe
2014-03-22 07:14 - 2014-03-02 13:09 - 00002300 _____ () C:\Windows\Tasks\Plus-HD-7.7-firefoxinstaller.job
2014-03-22 07:14 - 2013-12-10 19:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-22 07:11 - 2014-03-22 07:11 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(2).exe
2014-03-22 07:10 - 2014-03-02 13:10 - 00001494 _____ () C:\Windows\Tasks\Plus-HD-7.7-updater.job
2014-03-22 07:09 - 2014-03-02 13:09 - 00002378 _____ () C:\Windows\Tasks\Plus-HD-7.7-validator.job
2014-03-22 07:09 - 2014-03-02 13:09 - 00001450 _____ () C:\Windows\Tasks\Plus-HD-7.7-codedownloader.job
2014-03-22 07:09 - 2014-03-02 13:09 - 00001348 _____ () C:\Windows\Tasks\Plus-HD-7.7-enabler.job
2014-03-22 07:08 - 2014-03-22 07:08 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(1).exe
2014-03-22 07:05 - 2014-03-22 07:05 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST.exe
2014-03-22 07:05 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 07:05 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 07:01 - 2013-10-08 08:36 - 01102487 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 06:57 - 2014-03-22 06:57 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-22 06:57 - 2014-03-20 14:58 - 00000000 ____D () C:\Users\Gaby\Documents\Mein Steuer-Sparbuch Heute
2014-03-22 06:57 - 2013-10-08 08:37 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
2014-03-22 06:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 17:34 - 2013-12-19 17:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 17:10 - 2013-10-09 14:42 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Skype
2014-03-20 17:10 - 2009-09-22 11:31 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 17:59 - 2014-03-19 17:59 - 00002045 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-03-19 17:59 - 2014-03-19 17:59 - 00000080 _____ () C:\Windows\wiso.ini
2014-03-19 17:59 - 2014-03-19 17:59 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Buhl
2014-03-19 17:59 - 2014-03-19 17:44 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-19 17:46 - 2014-03-19 17:46 - 00000000 ____D () C:\Program Files\WISO
2014-03-19 17:46 - 2009-09-22 11:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-18 17:48 - 2013-10-15 07:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 17:44 - 2009-09-22 22:07 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 13:31 - 2014-03-18 13:14 - 00000000 ____D () C:\Users\Gaby\Desktop\Bewerbung Halle
2014-03-16 19:15 - 2014-03-16 16:29 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\vlc
2014-03-16 16:29 - 2014-03-16 16:29 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-16 16:29 - 2014-03-16 16:29 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\dvdcss
2014-03-16 16:28 - 2014-03-16 16:28 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-16 16:27 - 2014-03-16 16:26 - 24677393 _____ () C:\Users\Gaby\Desktop\vlc-2.1.3-win32.exe
2014-03-14 21:28 - 2013-10-08 14:55 - 00000000 ____D () C:\Users\Gaby\1 Gaby Texte
2014-03-13 10:02 - 2009-07-14 05:33 - 00434872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 08:35 - 2013-12-19 17:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 08:35 - 2013-12-19 17:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 21:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-05 16:53 - 2014-03-05 16:53 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-03-05 16:53 - 2013-10-10 15:10 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-04 12:59 - 2013-10-08 09:16 - 00121760 _____ () C:\Users\Gaby\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 12:40 - 2009-09-22 11:49 - 00000000 ____D () C:\Program Files\Cisco
2014-03-04 12:36 - 2013-10-27 11:08 - 00000000 ____D () C:\Program Files\MyFree Codec
2014-03-03 08:00 - 2013-10-17 16:43 - 00000000 ____D () C:\Windows\Minidump
2014-03-03 08:00 - 2009-09-22 21:13 - 00000000 ____D () C:\Windows\Panther
2014-03-02 14:32 - 2013-10-08 09:14 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Systweak
2014-03-02 14:31 - 2014-03-02 13:52 - 00000000 ____D () C:\Program Files\Systweak Support Dock
2014-03-02 14:29 - 2014-03-02 14:29 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-02 14:29 - 2014-03-02 14:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-02 14:28 - 2014-03-02 14:28 - 04765152 _____ (Piriform Ltd) C:\Users\Gaby\Downloads\ccsetup411.exe
2014-03-02 14:24 - 2014-03-02 14:24 - 00000000 ____D () C:\Users\Gaby\AppData\Local\CrashRpt
2014-03-02 14:23 - 2014-03-02 13:09 - 00000000 ____D () C:\Program Files\System Speedup
2014-03-02 13:52 - 2014-03-02 13:09 - 00000000 ____D () C:\Program Files\Advanced System Protector
2014-03-02 13:51 - 2014-03-02 13:09 - 00000000 ____D () C:\Program Files\IminentToolbar
2014-03-02 13:10 - 2014-03-02 13:08 - 00000000 ____D () C:\Program Files\Plus-HD-7.7
2014-03-02 13:09 - 2013-10-08 14:09 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Adobe
2014-03-02 13:08 - 2014-03-02 13:08 - 00000368 _____ () C:\Windows\wininit.ini
2014-03-02 13:07 - 2014-03-02 13:07 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-02 13:06 - 2014-03-02 13:06 - 00293608 _____ (Setup·process) C:\Users\Gaby\Downloads\Adobe%20Flash%20Player%2011.exe
2014-03-01 14:56 - 2014-03-01 14:56 - 00872165 _____ () C:\Users\Gaby\Desktop\sigvis.zip
2014-03-01 05:30 - 2014-03-13 08:37 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-13 08:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-13 08:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-13 08:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-13 08:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 08:37 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-13 08:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 08:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-13 08:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-13 08:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-13 08:37 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-13 08:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-13 08:37 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-13 08:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-13 08:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-13 08:37 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-13 08:37 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 08:37 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 08:37 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-13 08:37 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-13 08:37 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-13 08:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 18:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 08:00

==================== End Of Log ============================
--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Gaby at 2014-03-22 07:22:35
Running from C:\Users\Gaby\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ALDI Foto Service (HKLM\...\ALDI Foto Service D) (Version: 4.5.9.141 - MAGIX AG)
ALDI Nord Foto Manager Free (HKLM\...\ALDI Nord Foto Manager Free D) (Version: 6.0.1.491 - MAGIX AG)
Aldi Nord Fotoservice (HKLM\...\Aldi Nord Fotoservice_is1) (Version:  - )
ALDI Nord Online Druck Service (HKLM\...\ALDI Nord Online Druck Service D) (Version: 4.5.1.0 - MAGIX AG)
Badaboom 1.2.1.40 (HKLM\...\Badaboom) (Version: 1.2.1.40 - Elemental Technologies)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM\...\Canon iP7200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3117 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.1.3117 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6622 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3213 - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3213 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2010 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2010 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2103 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2103 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2104 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2104 - CyberLink Corp.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
MEDION Fotos auf CD & DVD SE Nord (HKLM\...\MEDION Fotos auf CD & DVD SE Nord D) (Version: 8.0.3.4 - MAGIX AG)
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard Edition 2003 (HKLM\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 1.3.59.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Plus-HD-7.7 (HKLM\...\Plus-HD-7.7) (Version: 1.34.2.13 - Plus HD) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5939 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0124 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
Ulead Photo Express 3.0 SE (HKLM\...\Ulead Photo Express 3.0 SE) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WISO Steuer-Sparbuch 2014 (HKLM\...\{A4882879-A03F-4AF1-8152-6AB5CAAC297E}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Restore Points  =========================

25-02-2014 08:57:48 Windows Update
26-02-2014 06:08:18 Windows Update
28-02-2014 16:53:52 Windows Update
02-03-2014 13:06:41 System Speedup So, Mrz 02, 14  14:06
04-03-2014 08:32:55 Windows Update
04-03-2014 11:39:14 Removed Cisco PEAP Module
07-03-2014 15:44:14 Windows Update
11-03-2014 15:49:26 Windows Update
13-03-2014 08:19:34 Windows Update
18-03-2014 08:25:40 Windows Update
18-03-2014 16:44:13 Windows Update
19-03-2014 16:46:30 Installiert WISO Steuer-Sparbuch 2014

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09AE0B71-22EA-42F2-BA65-72348F86D698} - System32\Tasks\Plus-HD-7.7-validator => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-validator.exe [2014-03-02] (Plus HD) <==== ATTENTION
Task: {23EFA8A6-1B2E-481E-82B8-48318528A3DA} - System32\Tasks\Plus-HD-7.7-enabler => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-enabler.exe [2014-03-02] (Plus HD) <==== ATTENTION
Task: {2EAF100D-A6DA-436F-8744-7E7231481678} - System32\Tasks\{B3F2A286-D376-4C2B-AF75-075DD43A367F} => Firefox.exe
Task: {301257A2-370A-49D6-A4E8-4F763D9FA2F1} - System32\Tasks\Plus-HD-7.7-codedownloader => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-codedownloader.exe [2014-03-02] (Plus HD) <==== ATTENTION
Task: {4785A9E5-419A-457C-8918-8D0005A5F4AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {5DA50354-21E5-42F0-9481-7903131D4DE8} - System32\Tasks\Plus-HD-7.7-firefoxinstaller => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-firefoxinstaller.exe [2014-03-02] (Plus HD) <==== ATTENTION
Task: {5EB5456A-C4AB-4F13-B617-D5D7522F992E} - System32\Tasks\Plus-HD-7.7-updater => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-updater.exe [2014-03-02] (Plus HD) <==== ATTENTION
Task: {8C1BB8DF-B49F-4A4B-9661-A4583AF5D21A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {CD2C4AA8-5708-4F14-9E13-B7BA7582207D} - System32\Tasks\{6CBAD26C-99D2-42AE-97DF-291BE1A9A97A} => Firefox.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Plus-HD-7.7-codedownloader.job => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.7-enabler.job => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.7-firefoxinstaller.job => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.7-updater.job => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-7.7-validator.job => C:\Program Files\Plus-HD-7.7\Plus-HD-7.7-validator.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-01-27 21:45 - 2014-01-27 21:45 - 00546112 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
2009-09-25 11:50 - 2009-02-25 08:13 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2003-07-11 01:09 - 2003-07-11 01:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2009-06-03 19:59 - 2009-06-03 19:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 19:59 - 2009-06-03 19:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-28 18:04 - 2014-02-28 18:04 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\7b778d24921453a8669f3c3b9cc0b71e\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-28 18:05 - 2014-02-28 18:05 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\1e35c2da60014113523a116c51f0f03a\Kies.Theme.ni.dll
2014-02-28 18:04 - 2014-02-28 18:04 - 01822208 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\98ab01d97977a8631264ad46875bebb3\Kies.UI.ni.dll
2014-02-28 18:04 - 2014-02-28 18:04 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\713f8aa449d7a7b75bacbce9b9a8a34e\Kies.MVVM.ni.dll
2014-02-28 18:05 - 2014-02-28 18:05 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2014-01-11 16:31 - 1999-09-06 16:33 - 00032768 _____ () C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\u32sn.dll
2014-03-19 17:50 - 2013-10-30 17:45 - 01427024 ____N () C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
2014-03-19 17:47 - 2013-10-30 17:45 - 09572944 ____N () C:\Program Files\WISO\Steuersoftware 2014\wgui14.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 00034896 ____N () C:\Program Files\WISO\Steuersoftware 2014\rsdcom48.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 00308816 ____N () C:\Program Files\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 00321616 ____N () C:\Program Files\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-03-19 17:47 - 2013-10-30 17:46 - 03674192 ____N () C:\Program Files\WISO\Steuersoftware 2014\wcore14.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 00136272 ____N () C:\Program Files\WISO\Steuersoftware 2014\rsodbc48.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 02467408 ____N () C:\Program Files\WISO\Steuersoftware 2014\wfvie14.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01855568 ____N () C:\Program Files\WISO\Steuersoftware 2014\wsteu14.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01904208 ____N () C:\Program Files\WISO\Steuersoftware 2014\wreli14.dll
2014-03-19 17:46 - 2013-10-30 17:45 - 04277840 ____N () C:\Program Files\WISO\Steuersoftware 2014\wauff14.dll
2014-03-19 17:47 - 2013-10-30 17:37 - 01043456 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-core.dll
2014-03-19 17:47 - 2013-10-30 17:37 - 00094720 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-shared.dll
2014-03-19 17:47 - 2013-10-30 17:37 - 00250368 ____N () C:\Program Files\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01396816 ____N () C:\Program Files\WISO\Steuersoftware 2014\wmain14.dll
2014-03-19 17:46 - 2013-10-30 17:45 - 05019728 ____N () C:\Program Files\WISO\Steuersoftware 2014\wbae114.dll
2014-03-19 17:46 - 2013-10-30 17:45 - 01666128 ____N () C:\Program Files\WISO\Steuersoftware 2014\wbae214.dll
2014-03-19 17:46 - 2013-10-30 17:45 - 01786448 ____N () C:\Program Files\WISO\Steuersoftware 2014\wbae314.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01624144 ____N () C:\Program Files\WISO\Steuersoftware 2014\wbae414.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01125456 ____N () C:\Program Files\WISO\Steuersoftware 2014\whau114.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01316944 ____N () C:\Program Files\WISO\Steuersoftware 2014\whau214.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01278544 ____N () C:\Program Files\WISO\Steuersoftware 2014\wwerb14.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 06818384 ____N () C:\Program Files\WISO\Steuersoftware 2014\wkont14.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01266768 ____N () C:\Program Files\WISO\Steuersoftware 2014\wimp14.dll
2014-03-19 17:47 - 2013-10-30 17:45 - 01322064 ____N () C:\Program Files\WISO\Steuersoftware 2014\wfabu14.dll
2014-02-15 08:47 - 2014-02-15 08:47 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-13 08:35 - 2014-03-13 08:35 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 01:55:56 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406) festgestellt.

Error: (03/18/2014 01:22:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1d731
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003a0e0a
ID des fehlerhaften Prozesses: 0x9cc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (03/18/2014 11:20:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/17/2014 09:13:08 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CNQMUPDT.EXE, Version: 2.0.0.0, Zeitstempel: 0x4f7a7000
Name des fehlerhaften Moduls: CNMDWLD.DLL, Version: 1.0.0.0, Zeitstempel: 0x4f5eedc8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023c6
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xCNQMUPDT.EXE0
Pfad der fehlerhaften Anwendung: CNQMUPDT.EXE1
Pfad des fehlerhaften Moduls: CNQMUPDT.EXE2
Berichtskennung: CNQMUPDT.EXE3

Error: (03/16/2014 00:30:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/15/2014 01:27:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/14/2014 05:40:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/12/2014 10:42:41 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/10/2014 09:13:12 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CNQMUPDT.EXE, Version: 2.0.0.0, Zeitstempel: 0x4f7a7000
Name des fehlerhaften Moduls: CNMDWLD.DLL, Version: 1.0.0.0, Zeitstempel: 0x4f5eedc8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023c6
ID des fehlerhaften Prozesses: 0x1150
Startzeit der fehlerhaften Anwendung: 0xCNQMUPDT.EXE0
Pfad der fehlerhaften Anwendung: CNQMUPDT.EXE1
Pfad des fehlerhaften Moduls: CNQMUPDT.EXE2
Berichtskennung: CNQMUPDT.EXE3

Error: (03/10/2014 09:11:51 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (03/21/2014 04:01:08 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/21/2014 04:00:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/21/2014 04:00:59 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Flash Player Update Service erreicht.

Error: (03/18/2014 05:36:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (03/10/2014 07:54:03 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/10/2014 04:42:35 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎10.‎03.‎2014 um 11:32:07 unerwartet heruntergefahren.

Error: (03/10/2014 09:12:13 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (03/10/2014 09:11:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/10/2014 09:11:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (03/06/2014 01:29:08 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎03.‎2014 um 13:03:48 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-18 11:19:31.444
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.435
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.420
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.280
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.158
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.155
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-18 11:19:31.145
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 2302.36 MB
Available physical RAM: 880.78 MB
Total Pagefile: 4603 MB
Available Pagefile: 2543.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:266.56 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:15.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3587F16E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
--- --- ---

schrauber 23.03.2014 09:57
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Harzfuchs 23.03.2014 13:20
Malwarebytes Logfile

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.23.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
Gaby :: GABY-PC [Administrator]

Schutz: Aktiviert

23.03.2014 11:38:43
mbam-log-2014-03-23 (11-38-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213167
Laufzeit: 9 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> 1768 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 21
HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Savingsbull) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\AppDataLow\Software\Plus-HD-7.7 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Adw Cleaner keine Logdatei generiert.


FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Gaby (administrator) on GABY-PC on 23-03-2014 12:55:51
Running from C:\Users\Gaby\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Ulead Systems, Inc.) C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.exe
(MAGIX®) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13797992 2009-09-01] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [674336 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CanonQuickMenu] - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-15] (Microsoft Corporation)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-200051040-474289195-1143445080-1000\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner.exe [4505368 2014-02-20] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~1\Amazon\AMAZON~1\\AMAZON~1.DLL => C:\PROGRA~1\Amazon\AMAZON~1\\AMAZON~1.DLL File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\pyn4vgnp.default-1395041153501
FF Homepage: https://www.google.de/|https://my.screenname.aol.com/_cqr/login/login.psp?authLev=0&lang=de&locale=de&sitedomain=www.aol.de&siteState=OrigUrl%3Dhttp%253A%252F%252Fwww.aol.de%252F
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-7.7 - C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\pyn4vgnp.default-1395041153501\Extensions\29abb661-0efc-4f64-8a89-b11430d434c4@9678608e-dc95-42b0-8db0-4ce126239776.com [2014-03-19]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-11]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-11]

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
R3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-02-25] ()

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-11] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576096 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 12:54 - 2014-03-23 12:55 - 00003270 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 12:44 - 2014-03-23 12:44 - 00000768 _____ () C:\Users\Gaby\Desktop\JRT.txt
2014-03-23 12:23 - 2014-03-23 12:23 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 12:22 - 2014-03-23 12:22 - 01037734 _____ (Thisisu) C:\Users\Gaby\Downloads\JRT.exe
2014-03-23 12:03 - 2014-03-23 12:50 - 00000000 ____D () C:\AdwCleaner
2014-03-23 12:03 - 2014-03-23 12:03 - 01950720 _____ () C:\Users\Gaby\Downloads\adwcleaner.exe
2014-03-23 11:36 - 2014-03-23 11:36 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 11:36 - 2014-03-23 11:36 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Malwarebytes
2014-03-23 11:36 - 2014-03-23 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 11:36 - 2014-03-23 11:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-23 11:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-23 11:35 - 2014-03-23 11:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 11:22 - 2014-03-23 11:22 - 00001226 _____ () C:\Users\Gaby\Desktop\Revo Uninstaller.lnk
2014-03-23 11:22 - 2014-03-23 11:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-23 11:21 - 2014-03-23 11:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gaby\Downloads\revosetup95.exe
2014-03-23 10:18 - 2013-05-10 18:03 - 00415861 _____ () C:\Users\Gaby\Est2013Wille1.s13
2014-03-23 09:52 - 2014-03-23 09:53 - 00000000 ____D () C:\Esterkl2013
2014-03-23 09:34 - 2014-03-23 09:34 - 00000000 ____D () C:\Users\Gaby\Documents\Steuer-Sparbuch
2014-03-23 09:30 - 2014-03-23 09:30 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Buhl Data Service
2014-03-23 09:30 - 2014-03-23 09:30 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Buhl Data Service
2014-03-22 07:22 - 2014-03-22 07:23 - 00030438 _____ () C:\Users\Gaby\Downloads\Addition.txt
2014-03-22 07:21 - 2014-03-23 12:55 - 00014057 _____ () C:\Users\Gaby\Downloads\FRST.txt
2014-03-22 07:20 - 2014-03-23 12:55 - 00000000 ____D () C:\FRST
2014-03-22 07:18 - 2014-03-22 07:19 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(3).exe
2014-03-22 07:11 - 2014-03-22 07:11 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(2).exe
2014-03-22 07:08 - 2014-03-22 07:08 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(1).exe
2014-03-22 07:05 - 2014-03-22 07:05 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST.exe
2014-03-20 14:58 - 2014-03-23 11:58 - 00000000 ____D () C:\Users\Gaby\Documents\Mein Steuer-Sparbuch Heute
2014-03-19 17:59 - 2014-03-23 09:34 - 00000568 _____ () C:\Windows\wiso.ini
2014-03-19 17:59 - 2014-03-23 09:29 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Buhl
2014-03-19 17:59 - 2014-03-19 17:59 - 00002045 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-03-19 17:46 - 2014-03-19 17:46 - 00000000 ____D () C:\Program Files\WISO
2014-03-19 17:44 - 2014-03-19 17:59 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-18 13:14 - 2014-03-18 13:31 - 00000000 ____D () C:\Users\Gaby\Desktop\Bewerbung Halle
2014-03-16 16:29 - 2014-03-16 19:15 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\vlc
2014-03-16 16:29 - 2014-03-16 16:29 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-16 16:29 - 2014-03-16 16:29 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\dvdcss
2014-03-16 16:28 - 2014-03-16 16:28 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-16 16:26 - 2014-03-16 16:27 - 24677393 _____ () C:\Users\Gaby\Desktop\vlc-2.1.3-win32.exe
2014-03-13 08:37 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 08:37 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 08:37 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 08:37 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 08:37 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 08:37 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 08:37 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 08:37 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 08:37 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 08:37 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 08:37 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 08:37 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 08:37 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 08:37 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 08:37 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 08:37 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 08:37 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 08:37 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 08:37 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 08:37 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 08:37 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 08:37 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 08:37 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:37 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:37 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:37 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:36 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-05 16:53 - 2014-03-05 16:53 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-03-02 14:29 - 2014-03-02 14:29 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-02 14:29 - 2014-03-02 14:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-02 14:28 - 2014-03-02 14:28 - 04765152 _____ (Piriform Ltd) C:\Users\Gaby\Downloads\ccsetup411.exe
2014-03-02 14:24 - 2014-03-02 14:24 - 00000000 ____D () C:\Users\Gaby\AppData\Local\CrashRpt
2014-03-02 13:52 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\Systweak Support Dock
2014-03-02 13:08 - 2014-03-02 13:08 - 00000368 _____ () C:\Windows\wininit.ini
2014-03-01 14:56 - 2014-03-01 14:56 - 00872165 _____ () C:\Users\Gaby\Desktop\sigvis.zip

==================== One Month Modified Files and Folders =======

2014-03-23 12:56 - 2014-03-22 07:21 - 00014057 _____ () C:\Users\Gaby\Downloads\FRST.txt
2014-03-23 12:55 - 2014-03-23 12:54 - 00003270 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 12:55 - 2014-03-22 07:20 - 00000000 ____D () C:\FRST
2014-03-23 12:52 - 2013-12-10 19:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-23 12:52 - 2013-10-09 14:42 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Skype
2014-03-23 12:52 - 2013-10-08 08:37 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
2014-03-23 12:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 12:50 - 2014-03-23 12:03 - 00000000 ____D () C:\AdwCleaner
2014-03-23 12:44 - 2014-03-23 12:44 - 00000768 _____ () C:\Users\Gaby\Desktop\JRT.txt
2014-03-23 12:34 - 2013-12-19 17:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 12:23 - 2014-03-23 12:23 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 12:22 - 2014-03-23 12:22 - 01037734 _____ (Thisisu) C:\Users\Gaby\Downloads\JRT.exe
2014-03-23 12:21 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 12:21 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 12:03 - 2014-03-23 12:03 - 01950720 _____ () C:\Users\Gaby\Downloads\adwcleaner.exe
2014-03-23 11:58 - 2014-03-20 14:58 - 00000000 ____D () C:\Users\Gaby\Documents\Mein Steuer-Sparbuch Heute
2014-03-23 11:57 - 2009-07-14 05:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 11:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\IME
2014-03-23 11:54 - 2013-10-08 14:57 - 00000000 ____D () C:\Users\Gaby\2 Volker Texte
2014-03-23 11:36 - 2014-03-23 11:36 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 11:36 - 2014-03-23 11:36 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Malwarebytes
2014-03-23 11:36 - 2014-03-23 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 11:36 - 2014-03-23 11:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-23 11:35 - 2014-03-23 11:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gaby\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-23 11:22 - 2014-03-23 11:22 - 00001226 _____ () C:\Users\Gaby\Desktop\Revo Uninstaller.lnk
2014-03-23 11:22 - 2014-03-23 11:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-23 11:21 - 2014-03-23 11:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gaby\Downloads\revosetup95.exe
2014-03-23 10:21 - 2013-10-08 08:37 - 00000000 ____D () C:\Users\Gaby
2014-03-23 09:53 - 2014-03-23 09:52 - 00000000 ____D () C:\Esterkl2013
2014-03-23 09:47 - 2009-09-22 11:31 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 09:34 - 2014-03-23 09:34 - 00000000 ____D () C:\Users\Gaby\Documents\Steuer-Sparbuch
2014-03-23 09:34 - 2014-03-19 17:59 - 00000568 _____ () C:\Windows\wiso.ini
2014-03-23 09:30 - 2014-03-23 09:30 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\Buhl Data Service
2014-03-23 09:30 - 2014-03-23 09:30 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Buhl Data Service
2014-03-23 09:29 - 2014-03-19 17:59 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Buhl
2014-03-22 07:23 - 2014-03-22 07:22 - 00030438 _____ () C:\Users\Gaby\Downloads\Addition.txt
2014-03-22 07:19 - 2014-03-22 07:18 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(3).exe
2014-03-22 07:11 - 2014-03-22 07:11 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(2).exe
2014-03-22 07:08 - 2014-03-22 07:08 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST(1).exe
2014-03-22 07:05 - 2014-03-22 07:05 - 01145856 _____ (Farbar) C:\Users\Gaby\Downloads\FRST.exe
2014-03-19 17:59 - 2014-03-19 17:59 - 00002045 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-03-19 17:59 - 2014-03-19 17:44 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-19 17:46 - 2014-03-19 17:46 - 00000000 ____D () C:\Program Files\WISO
2014-03-19 17:46 - 2009-09-22 11:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-18 17:48 - 2013-10-15 07:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 17:44 - 2009-09-22 22:07 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 13:31 - 2014-03-18 13:14 - 00000000 ____D () C:\Users\Gaby\Desktop\Bewerbung Halle
2014-03-16 19:15 - 2014-03-16 16:29 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\vlc
2014-03-16 16:29 - 2014-03-16 16:29 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-16 16:29 - 2014-03-16 16:29 - 00000000 ____D () C:\Users\Gaby\AppData\Roaming\dvdcss
2014-03-16 16:28 - 2014-03-16 16:28 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-16 16:27 - 2014-03-16 16:26 - 24677393 _____ () C:\Users\Gaby\Desktop\vlc-2.1.3-win32.exe
2014-03-14 21:28 - 2013-10-08 14:55 - 00000000 ____D () C:\Users\Gaby\1 Gaby Texte
2014-03-13 10:02 - 2009-07-14 05:33 - 00434872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 08:35 - 2013-12-19 17:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 08:35 - 2013-12-19 17:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 21:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-05 16:53 - 2014-03-05 16:53 - 00000000 ___HD () C:\ProgramData\CanonIJMyPrinter
2014-03-05 16:53 - 2013-10-10 15:10 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-04 12:59 - 2013-10-08 09:16 - 00121760 _____ () C:\Users\Gaby\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 12:40 - 2009-09-22 11:49 - 00000000 ____D () C:\Program Files\Cisco
2014-03-03 08:00 - 2013-10-17 16:43 - 00000000 ____D () C:\Windows\Minidump
2014-03-03 08:00 - 2009-09-22 21:13 - 00000000 ____D () C:\Windows\Panther
2014-03-02 14:31 - 2014-03-02 13:52 - 00000000 ____D () C:\Program Files\Systweak Support Dock
2014-03-02 14:29 - 2014-03-02 14:29 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-02 14:29 - 2014-03-02 14:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-02 14:28 - 2014-03-02 14:28 - 04765152 _____ (Piriform Ltd) C:\Users\Gaby\Downloads\ccsetup411.exe
2014-03-02 14:24 - 2014-03-02 14:24 - 00000000 ____D () C:\Users\Gaby\AppData\Local\CrashRpt
2014-03-02 13:09 - 2013-10-08 14:09 - 00000000 ____D () C:\Users\Gaby\AppData\Local\Adobe
2014-03-02 13:08 - 2014-03-02 13:08 - 00000368 _____ () C:\Windows\wininit.ini
2014-03-01 14:56 - 2014-03-01 14:56 - 00872165 _____ () C:\Users\Gaby\Desktop\sigvis.zip
2014-03-01 05:30 - 2014-03-13 08:37 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-13 08:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-13 08:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-13 08:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-13 08:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 08:37 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-13 08:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 08:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-13 08:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-13 08:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-13 08:37 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-13 08:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-13 08:37 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-13 08:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-13 08:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-13 08:37 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-13 08:37 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 08:37 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 08:37 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-13 08:37 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-13 08:37 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-13 08:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 18:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

Some content of TEMP:
====================
C:\Users\Gaby\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 10:44

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Trotz aller Mühe ist der Banner immer noch da.

schrauber 24.03.2014 11:01
AdwCleaner generiert immer ein Log. Bitte nochmal laufen lassen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131