Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Ich bekomme "Click to continue - smartshopping" nicht runter vom PC

Ich bekomme "Click to continue - smartshopping" nicht runter vom PC


Log-Analyse und Auswertung: Ich bekomme "Click to continue - smartshopping" nicht runter vom PC

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.11.2014, 14:39   #1
KlausHugo27
 
Ich bekomme "Click to continue - smartshopping" nicht runter vom PC - Standard

Ich bekomme "Click to continue - smartshopping" nicht runter vom PC


Bitte um Hilfe, Click to Continue erscheint imnmer wieder. Habe alle Schritte unternommen, kein entsprechendes Programm mehr in der Systemsteuerung, Browser (Firefox) zurückgesetzt, AdwCleaner laufen lassen:

AdwCleaner v4.002 - Bericht erstellt am 06/11/2014 um 13:40:38
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : klaus - KLAUS-PC
# Gestartet von : \\KLAUS-PC\Users\klaus\Downloads\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\klaus\AppData\Local\CheckCode
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\SI-App
Schlüssel Gelöscht : HKLM\SOFTWARE\RST
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SI-App
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RST
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.18595
-\\ Mozilla Firefox v33.0.2 (x86 de)
*************************
AdwCleaner[R1].txt - [1284 octets] - [06/11/2014 13:38:58]
AdwCleaner[S1].txt - [1135 octets] - [06/11/2014 13:40:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1195 octets] ##########

Danach JUNKWARE REMOVAL TOOL:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Home Premium x64
Ran by klaus on 06.11.2014 at 13:51:56,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ammyy"
~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2014 at 13:55:56,82
End of JRT log

und zum Schluss:

OTL logfile created on: 06.11.2014 13:58:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\klaus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 49,76% Memory free
7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 273,84 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 13,87 Gb Free Space | 36,49% Space Free | Partition Type: NTFS

Computer Name: KLAUS-PC | User Name: klaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.11.06 13:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\klaus\Downloads\OTL.exe
PRC - [2014.10.29 11:08:50 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
PRC - [2014.10.28 03:01:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.10.08 17:23:41 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Windows.old\Users\klaus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014.06.25 22:22:54 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014.06.25 22:22:54 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2014.01.22 17:23:14 | 001,144,184 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2014\HelperService.exe
PRC - [2014.01.22 17:23:14 | 000,853,368 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2014\ConversionService.exe
PRC - [2012.03.27 09:11:08 | 004,125,864 | ---- | M] (deltra Business Software GmbH & Co. KG) -- C:\orgaMAX\orgamaxmobil_service.exe
PRC - [2011.08.24 16:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011.08.24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011.06.08 11:15:13 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE


========== Modules (No Company Name) ==========

MOD - [2014.10.29 11:08:50 | 016,832,176 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
MOD - [2014.10.28 03:01:27 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.10.21 18:18:16 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll
MOD - [2014.10.21 18:17:30 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014.10.21 18:16:05 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014.10.21 18:16:00 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014.10.21 18:15:58 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\63e9d81bd805aea8f8690fee2efc9a9e\PresentationFramework-SystemCore.ni.dll
MOD - [2014.10.21 14:02:15 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014.10.21 14:02:07 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014.10.21 14:02:04 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014.10.21 14:01:54 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014.10.21 14:01:50 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014.10.21 14:01:41 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014.10.21 14:01:41 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014.10.21 14:01:40 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014.10.21 14:01:38 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\adacffe20a13932fd5ede3d0f8069f99\PresentationFramework.classic.ni.dll
MOD - [2014.10.21 14:01:34 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014.10.21 14:00:42 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014.10.21 13:44:22 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014.10.11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014.10.11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013.06.17 11:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.09.25 02:10:24 | 002,436,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2011.06.08 11:15:13 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV - [2014.10.29 11:08:51 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.06.25 22:22:54 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014.01.29 22:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014.01.22 17:23:14 | 001,144,184 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2014\HelperService.exe -- (PDF Suite 2014 Helper Service)
SRV - [2014.01.22 17:23:14 | 000,853,368 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2014\ConversionService.exe -- (PDF Suite 2014 Service)
SRV - [2013.09.11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.11.22 05:00:22 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.03.27 09:11:08 | 004,125,864 | ---- | M] (deltra Business Software GmbH & Co. KG) [Auto | Running] -- C:\orgaMAX\orgamaxmobil_service.exe -- (orgaMAXMobileService)
SRV - [2011.08.24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.05.02 13:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.05.02 13:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.05.02 13:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.08.15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014.06.25 22:22:52 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014.06.25 22:22:50 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014.06.25 22:22:50 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014.06.25 22:22:50 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014.06.25 22:22:50 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014.06.25 22:22:50 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2014.06.25 22:22:50 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014.01.29 22:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014.01.22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.01.22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.10.02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.05.14 16:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.04.12 14:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2012.10.03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.08 11:15:13 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.06.08 11:15:13 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.06.08 11:15:13 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.06.08 11:15:13 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.05.01 13:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54336;https=127.0.0.1:54336;

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54336;https=127.0.0.1:54336;

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 07 AE 1C F9 EB CF 01 [binary data]
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net
IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:26830

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014.10.20 02:30:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.20 02:30:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014.10.20 02:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014.10.20 02:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014.10.20 02:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFConverter2014@ib.com: C:\Program Files (x86)\PDF Suite 2014\firefoxextension2014 [2014.10.22 10:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014.10.20 01:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\klaus\AppData\Roaming\mozilla\Extensions
[2014.11.06 13:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\klaus\AppData\Roaming\mozilla\Firefox\Profiles\5k251ppl.default-1415276595129\extensions
[2014.11.04 18:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.11.04 18:33:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (PDF Suite 2014 Helper) - {E854CC03-3049-415A-AE82-77B7F2D43D4F} - C:\Program Files (x86)\PDF Suite 2014\PDFIEHelper.dll (Interactive Brands Inc.)
O3 - HKLM\..\Toolbar: (PDF Suite 2014 Toolbar) - {A0B8187A-4FC7-4973-907E-1A25BC8E91A5} - C:\Program Files (x86)\PDF Suite 2014\PDFIEPlugin.dll (Interactive Brands Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-525048802-3025206475-241128996-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-525048802-3025206475-241128996-1000..\Run: [Spotify Web Helper] C:\Windows.old\Users\klaus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B8ABC86-FC5F-40B0-9899-2187D0E5F016}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.11.06 13:51:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.11.06 13:38:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.11.06 13:23:21 | 000,000,000 | ---D | C] -- C:\Users\klaus\Desktop\Alte Firefox-Daten
[2014.11.04 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware
[2014.11.04 18:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.11.04 18:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.11.04 18:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.11.04 16:10:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014.11.01 13:10:40 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Apple Computer
[2014.11.01 13:10:40 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Apple Computer
[2014.11.01 13:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014.11.01 13:10:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014.11.01 13:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014.11.01 13:08:19 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Apple
[2014.11.01 13:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014.11.01 13:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014.11.01 13:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014.11.01 13:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014.11.01 13:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014.11.01 13:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014.10.30 12:30:50 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\Outlook-Dateien
[2014.10.29 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Macromedia
[2014.10.29 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Macromedia
[2014.10.29 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Adobe
[2014.10.29 11:08:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014.10.29 11:08:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014.10.29 11:08:10 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Adobe
[2014.10.29 08:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.10.27 14:07:15 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2014.10.24 16:02:30 | 000,000,000 | -HSD | C] -- C:\found.000
[2014.10.24 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\klaus\Desktop\SAMSUNG
[2014.10.24 09:13:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.10.23 09:44:19 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Buhl Data Service GmbH
[2014.10.23 08:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2014.10.23 08:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\orgaMAX Business Software
[2014.10.23 08:48:06 | 000,297,472 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\midas.dll
[2014.10.23 08:44:31 | 007,134,848 | ---- | C] (Advanced Messaging Systems LLC) -- C:\Windows\SysWow64\redemption.dll
[2014.10.23 08:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\deltra Software GmbH
[2014.10.23 08:44:22 | 004,082,688 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\qtintf70.dll
[2014.10.23 08:44:21 | 004,361,832 | ---- | C] (RAPWare) -- C:\Windows\SysNative\RwEasyMAPI64.exe
[2014.10.23 08:44:20 | 000,000,000 | ---D | C] -- C:\orgaMAX
[2014.10.22 18:30:29 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\TeamViewer
[2014.10.22 16:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ro-Soft
[2014.10.22 15:27:43 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx
[2014.10.22 15:27:43 | 000,148,992 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevMenuXP2.ocx
[2014.10.22 15:27:43 | 000,138,240 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevMail32.ocx
[2014.10.22 15:27:43 | 000,101,888 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevISDN.dll
[2014.10.22 15:27:43 | 000,032,768 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\SEVDTA32.DLL
[2014.10.22 15:27:43 | 000,014,336 | ---- | C] (ro-Soft) -- C:\Windows\SysWow64\rosoft.dll
[2014.10.22 15:27:42 | 000,373,248 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevDataGrid2.ocx
[2014.10.22 15:27:42 | 000,294,400 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx
[2014.10.22 15:27:42 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd3.ocx
[2014.10.22 15:27:42 | 000,116,224 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevClb20.ocx
[2014.10.22 15:27:42 | 000,099,328 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevGraph.ocx
[2014.10.22 14:14:01 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\ElevatedDiagnostics
[2014.10.22 12:58:32 | 000,000,000 | ---D | C] -- C:\Users\klaus\Desktop\EXCEL
[2014.10.22 10:26:42 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\PDF Suite 2014
[2014.10.22 10:18:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\PDF Suite 2014 Files
[2014.10.22 10:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Suite 2014
[2014.10.22 10:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Suite 2014
[2014.10.22 10:12:37 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\PDF Software
[2014.10.22 09:18:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014.10.21 17:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\CompileOCRSprite
[2014.10.21 17:36:17 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\PDF24
[2014.10.21 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack 2
[2014.10.21 16:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medion MediaPack 2
[2014.10.21 16:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2014.10.21 16:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2014.10.21 16:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2014.10.21 16:07:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014.10.21 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Canon
[2014.10.21 12:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2014.10.21 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2014.10.21 11:42:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX
[2014.10.21 11:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2014.10.21 11:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2014.10.21 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2014.10.21 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2014.10.21 11:28:49 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Sony Corporation
[2014.10.21 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Microsoft Help
[2014.10.21 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014.10.21 11:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB
[2014.10.21 10:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014.10.21 10:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2014.10.21 10:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Data Converter
[2014.10.21 10:25:29 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\InstallShield
[2014.10.21 10:06:13 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\Benutzerdefinierte Office-Vorlagen
[2014.10.21 09:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014.10.21 09:40:25 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\OneNote-Notizbücher
[2014.10.21 09:01:06 | 000,265,216 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\SysWow64\sevZip30.dll
[2014.10.21 09:01:06 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevImLib.dll
[2014.10.21 09:01:06 | 000,154,624 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevTab.ocx
[2014.10.21 09:01:06 | 000,091,136 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevOutBar3.ocx
[2014.10.21 09:01:06 | 000,086,016 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevGrip.ocx
[2014.10.21 09:01:06 | 000,081,920 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevWiz32.ocx
[2014.10.21 09:01:06 | 000,062,464 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevLock.dll
[2014.10.21 09:01:06 | 000,047,616 | ---- | C] (roSoft) -- C:\Windows\SysWow64\roLibEx.DLL
[2014.10.21 09:01:06 | 000,045,568 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevTrayIcon.ocx
[2014.10.21 09:01:06 | 000,034,816 | ---- | C] (Tools & Components und Microsys Kramer) -- C:\Windows\SysWow64\sevTAPI.dll
[2014.10.21 09:01:06 | 000,032,768 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevPopUp.dll
[2014.10.21 09:01:06 | 000,027,648 | ---- | C] (Software-Entwicklung & Vertrieb) -- C:\Windows\SysWow64\sevSplitterBar.ocx
[2014.10.21 09:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ro-Soft
[2014.10.21 09:01:03 | 000,162,816 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmpr10.dll
[2014.10.21 09:01:03 | 000,129,536 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmut10.dll
[2014.10.21 09:01:02 | 002,710,016 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10.dll
[2014.10.21 09:01:02 | 001,166,848 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmls10.dll
[2014.10.21 09:01:02 | 001,082,368 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmct10.dll
[2014.10.21 09:01:02 | 000,933,376 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10bc.llx
[2014.10.21 09:01:02 | 000,672,768 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10xl.dll
[2014.10.21 09:01:02 | 000,664,576 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmmx01.dll
[2014.10.21 09:01:02 | 000,663,552 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10ex.llx
[2014.10.21 09:01:02 | 000,662,528 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmbr10.dll
[2014.10.21 09:01:02 | 000,646,144 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmdw10.dll
[2014.10.21 09:01:02 | 000,577,536 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_pdf.dll
[2014.10.21 09:01:02 | 000,376,320 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll1000.lng
[2014.10.21 09:01:02 | 000,360,448 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_rtf.dll
[2014.10.21 09:01:02 | 000,348,672 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10pw.llx
[2014.10.21 09:01:02 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_obj.dll
[2014.10.21 09:01:02 | 000,315,392 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_xml.dll
[2014.10.21 09:01:02 | 000,225,280 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_htm.dll
[2014.10.21 09:01:02 | 000,221,184 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_png.flt
[2014.10.21 09:01:02 | 000,196,608 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_tls.dll
[2014.10.21 09:01:02 | 000,172,032 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_jpg.flt
[2014.10.21 09:01:02 | 000,114,688 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_ic.dll
[2014.10.21 09:01:02 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_tif.flt
[2014.10.21 09:01:02 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_wnd.dll
[2014.10.21 09:01:02 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_gif.flt
[2014.10.21 09:01:02 | 000,049,152 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmmx01.cpl
[2014.10.21 09:01:02 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_wmf.flt
[2014.10.21 09:01:01 | 000,679,936 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13.dll
[2014.10.21 09:01:01 | 000,479,232 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_doc.dll
[2014.10.21 09:01:01 | 000,438,272 | ---- | C] (jr-Soft Germany) -- C:\Windows\SysWow64\jrspeller.ocx
[2014.10.21 09:01:01 | 000,348,160 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx4ole13.ocx
[2014.10.21 09:01:01 | 000,344,064 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\vsview6.ocx
[2014.10.21 09:01:01 | 000,274,432 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_css.dll
[2014.10.21 09:01:01 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\Windows\SysWow64\ccrpftv6.ocx
[2014.10.21 09:01:01 | 000,093,184 | ---- | C] (Crescent Division of Progress Software Corp.) -- C:\Windows\SysWow64\ciras.ocx
[2014.10.21 09:01:01 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_bmp.flt
[2014.10.20 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Spotify
[2014.10.20 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Spotify
[2014.10.20 20:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2014.10.20 20:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014.10.20 20:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014.10.20 20:44:33 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Programs
[2014.10.20 19:34:50 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014.10.20 17:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2014.10.20 17:36:31 | 000,000,000 | R--D | C] -- C:\Users\klaus\SkyDrive
[2014.10.20 17:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2014.10.20 17:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014.10.20 17:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014.10.20 16:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014.10.20 15:42:56 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\TuneUp Software
[2014.10.20 15:42:56 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\TuneUp Software
[2014.10.20 15:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2014.10.20 15:39:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014.10.20 15:39:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.10.20 14:05:58 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014.10.20 09:12:15 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Microsoft Games
[2014.10.20 09:10:24 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014.10.20 09:04:00 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\HpUpdate
[2014.10.20 09:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014.10.20 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014.10.20 09:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014.10.20 09:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014.10.20 08:59:04 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\HP
[2014.10.20 08:46:39 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2014.10.20 08:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 210
[2014.10.20 08:43:25 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014.10.20 08:43:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2014.10.20 08:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2014.10.20 08:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2014.10.20 08:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014.10.20 08:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014.10.20 03:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014.10.20 03:17:46 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2014.10.20 03:17:46 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2014.10.20 03:17:46 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\CNEED64A.dll
[2014.10.20 03:17:46 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2014.10.20 03:17:46 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2014.10.20 03:17:46 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\CNEEL64A.dll
[2014.10.20 03:17:46 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2014.10.20 02:53:37 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\MSN6
[2014.10.20 02:39:10 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\MSNInstaller
[2014.10.20 02:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2014.10.20 02:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014.10.20 02:24:04 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll
[2014.10.20 02:20:18 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2014.10.20 02:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014.10.20 02:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014.10.20 02:19:21 | 000,625,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014.10.20 02:19:21 | 000,115,296 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014.10.20 02:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014.10.20 01:16:59 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2014.10.20 01:14:41 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft Web Folders
[2014.10.20 01:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014.10.20 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Mozilla
[2014.10.20 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Mozilla
[2014.10.20 01:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014.10.20 00:57:59 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Intel
[2014.10.20 00:57:43 | 000,000,000 | ---D | C] -- C:\Users\klaus\Roaming
[2014.10.20 00:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2014.10.20 00:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2014.10.20 00:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2014.10.20 00:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2014.10.20 00:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014.10.20 00:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2014.10.20 00:54:46 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014.10.20 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\mquadr.at
[2014.10.20 00:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at
[2014.10.20 00:15:16 | 002,475,456 | ---- | C] (mquadr.at software engineering und consulting GmbH) -- C:\Windows\SysWow64\M2ElevatedCalls.dll
[2014.10.20 00:15:16 | 000,948,608 | ---- | C] (mquadr.at software engineering) -- C:\Windows\SysWow64\M2ElevatedNetworkAdapters.dll
[2014.10.20 00:15:16 | 000,243,197 | ---- | C] (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Windows\SysWow64\SSDPDiscovery.dll
[2014.10.20 00:15:16 | 000,238,080 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysWow64\WiFiMan.dll
[2014.10.20 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\DTAG
[2014.10.20 00:13:12 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Diagnostics
[2014.10.20 00:06:47 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.10.20 00:06:47 | 000,000,000 | R--D | C] -- C:\Users\klaus\Searches
[2014.10.20 00:06:47 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.10.20 00:06:35 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Identities
[2014.10.20 00:06:31 | 000,000,000 | R--D | C] -- C:\Users\klaus\Contacts
[2014.10.20 00:06:28 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\VirtualStore
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Vorlagen
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\AppData\Local\Verlauf
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\AppData\Local\Temporary Internet Files
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Startmenü
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\SendTo
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Recent
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Netzwerkumgebung
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Lokale Einstellungen
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Documents\Eigene Videos
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Documents\Eigene Musik
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Eigene Dateien
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Documents\Eigene Bilder
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Druckumgebung
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Cookies
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\AppData\Local\Anwendungsdaten
[2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Anwendungsdaten
[2014.10.20 00:05:58 | 000,000,000 | --SD | C] -- C:\Users\klaus\AppData\Roaming\Microsoft
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Videos
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Pictures
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Music
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Links
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Favorites
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Downloads
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Documents
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Desktop
[2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.10.20 00:05:58 | 000,000,000 | -H-D | C] -- C:\Users\klaus\AppData
[2014.10.20 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Temp
[2014.10.20 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Microsoft
[2014.10.20 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Media Center Programs
[2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Programme
[2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2014.10.19 23:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014.10.19 23:12:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.05.27 04:20:26 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Users\klaus\mfc80.dll
[1 C:\Users\klaus\Desktop\*.tmp files -> C:\Users\klaus\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.11.06 13:52:39 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.11.06 13:52:39 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.11.06 13:44:24 | 000,001,934 | ---- | M] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
[2014.11.06 13:43:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.11.06 13:43:58 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys
[2014.11.06 13:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.11.04 18:33:49 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.11.04 18:18:56 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.11.04 18:12:41 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.04 18:12:41 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.11.04 18:12:41 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.04 18:12:41 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.11.04 18:12:41 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.11.01 13:10:35 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014.10.29 09:00:27 | 000,002,559 | ---- | M] () -- C:\Users\Public\Desktop\MSN.lnk
[2014.10.24 19:54:39 | 000,001,346 | ---- | M] () -- C:\Users\klaus\Desktop\Dropbox.lnk
[2014.10.24 19:54:37 | 000,002,134 | ---- | M] () -- C:\Users\klaus\Desktop\Spotify.lnk
[2014.10.24 18:12:01 | 000,001,485 | ---- | M] () -- C:\Users\klaus\Desktop\Amazon Cloud Player.lnk
[2014.10.23 08:48:30 | 000,001,530 | ---- | M] () -- C:\Users\klaus\Desktop\orgaMAX starten....lnk
[2014.10.22 15:34:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014.10.22 14:47:04 | 000,001,535 | ---- | M] () -- C:\Users\klaus\Desktop\PRIVAT.lnk
[2014.10.21 17:56:46 | 000,436,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.10.21 16:55:48 | 000,002,423 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Photo Optimizer.lnk
[2014.10.21 16:55:29 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Snap.lnk
[2014.10.21 16:55:17 | 000,001,293 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander.lnk
[2014.10.21 16:54:39 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio.lnk
[2014.10.21 16:20:39 | 000,001,862 | ---- | M] () -- C:\Users\klaus\Desktop\TTC.lnk
[2014.10.21 12:15:16 | 009,637,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.10.21 11:00:04 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk
[2014.10.21 11:00:04 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\PMB.lnk
[2014.10.21 11:00:04 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2014.10.20 09:03:56 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8100.lnk
[2014.10.20 09:03:56 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8100.lnk
[2014.10.20 09:00:56 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014.10.20 08:37:15 | 000,015,850 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2014.10.20 02:26:55 | 000,002,334 | ---- | M] () -- C:\Users\klaus\Desktop\Sicherer Zahlungsverkehr.lnk
[2014.10.20 02:24:18 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014.10.20 01:20:05 | 000,000,403 | ---- | M] () -- C:\Windows\ODBC.INI
[2014.10.20 01:12:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.10.19 23:41:25 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014.10.19 23:41:25 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014.10.17 11:10:42 | 000,060,663 | ---- | M] () -- C:\Users\klaus\Documents\Zahlungsbeleg Ausschreibung Stadt Duisburg.pdf
[1 C:\Users\klaus\Desktop\*.tmp files -> C:\Users\klaus\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.11.04 18:33:49 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.11.04 18:18:56 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.11.01 13:08:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014.10.29 11:08:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.10.23 08:48:30 | 000,001,530 | ---- | C] () -- C:\Users\klaus\Desktop\orgaMAX starten....lnk
[2014.10.22 15:34:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014.10.22 14:39:45 | 000,001,535 | ---- | C] () -- C:\Users\klaus\Desktop\PRIVAT.lnk
[2014.10.21 16:55:48 | 000,002,423 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Photo Optimizer.lnk
[2014.10.21 16:55:29 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Snap.lnk
[2014.10.21 16:55:17 | 000,001,293 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander.lnk
[2014.10.21 16:54:39 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio.lnk
[2014.10.21 12:01:33 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2014.10.21 11:04:20 | 000,001,862 | ---- | C] () -- C:\Users\klaus\Desktop\TTC.lnk
[2014.10.21 11:00:04 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk
[2014.10.21 11:00:04 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2014.10.21 11:00:04 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2014.10.21 11:00:04 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2014.10.21 09:01:03 | 000,741,845 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.chm
[2014.10.21 09:01:03 | 000,157,182 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.inf
[2014.10.21 09:01:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\cmll10sx.dll
[2014.10.21 09:01:02 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx13_ic.ini
[2014.10.20 19:40:31 | 009,637,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.10.20 17:36:31 | 000,002,180 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2014.10.20 09:06:51 | 000,001,934 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk
[2014.10.20 09:03:56 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8100.lnk
[2014.10.20 09:03:56 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8100.lnk
[2014.10.20 09:00:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014.10.20 08:46:18 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2014.10.20 08:46:18 | 000,393,256 | ---- | C] () -- C:\Windows\SysNative\CNQ4809N.DAT
[2014.10.20 08:37:15 | 000,015,850 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2014.10.20 08:30:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2014.10.20 08:30:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2014.10.20 08:30:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2014.10.20 08:30:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2014.10.20 08:30:31 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2014.10.20 08:30:31 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2014.10.20 08:30:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2014.10.20 08:30:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2014.10.20 03:17:46 | 000,030,895 | ---- | C] () -- C:\Windows\SysNative\drivers\Mixer.ini
[2014.10.20 03:08:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014.10.20 02:42:30 | 000,002,559 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk
[2014.10.20 02:26:55 | 000,002,334 | ---- | C] () -- C:\Users\klaus\Desktop\Sicherer Zahlungsverkehr.lnk
[2014.10.20 02:25:09 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014.10.20 01:49:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014.10.20 01:20:05 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2014.10.20 01:12:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.10.20 00:06:55 | 000,000,987 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014.10.20 00:06:49 | 000,001,170 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.10.19 23:38:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014.10.19 23:36:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014.10.19 23:11:19 | 3151,327,232 | -HS- | C] () -- C:\hiberfil.sys
[2014.10.17 11:10:57 | 000,060,663 | ---- | C] () -- C:\Users\klaus\Documents\Zahlungsbeleg Ausschreibung Stadt Duisburg.pdf
[2014.10.08 17:23:45 | 000,002,134 | ---- | C] () -- C:\Users\klaus\Desktop\Spotify.lnk
[2014.06.11 08:57:24 | 000,164,371 | ---- | C] () -- C:\Users\klaus\Leserservice.pdf
[2014.01.29 22:02:42 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2014.01.29 22:02:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014.01.29 22:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013.10.14 06:47:20 | 000,089,481 | ---- | C] () -- C:\Users\klaus\Microsoft Outlook - Memoformat.pdf
[2013.03.03 12:28:01 | 000,059,695 | ---- | C] () -- C:\Users\klaus\Bestellnummer- 1069546.pdf
[2013.01.17 11:05:43 | 000,000,932 | -H-- | C] () -- C:\Users\klaus\msndata.dat
[2012.06.26 20:56:52 | 003,419,196 | ---- | C] () -- C:\Users\klaus\Handbuch Grundig Fernseher.pdf

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.10.23 09:44:19 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\Buhl Data Service GmbH
[2014.10.21 16:07:04 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\Canon
[2014.10.20 02:41:50 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\MSNInstaller
[2014.10.22 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\PDF Software
[2014.10.22 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\PDF Suite 2014
[2014.11.05 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\Spotify
[2014.10.22 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\TeamViewer
[2014.10.20 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\TuneUp Software

========== Purity Check ==========

und anschließend Neustart.

WAS KANN ICH NOCH TUN???

Danke für eure Hilfe

Alt 06.11.2014, 15:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Ich bekomme "Click to continue - smartshopping" nicht runter vom PC - Standard

Ich bekomme "Click to continue - smartshopping" nicht runter vom PC


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Antwort

Themen zu Ich bekomme "Click to continue - smartshopping" nicht runter vom PC
adobe, ammyy, bho, bonjour, browser, canon, ebanking, excel, explorer, firefox, flash player, format, home, installation, internet, internet explorer, junkware, kaspersky, logfile, mozilla, officejet, pdf, programm, programme, registry, security, software, spotify web helper, tastatur, usb, windows, windows.old


« Windows 7: Lauter Links und neue Fenster in Chrome | InternetExplorer Öffnet fenster bzw. ist von werbung verdeckt. »


Ähnliche Themen: Ich bekomme "Click to continue - smartshopping" nicht runter vom PC


  1. Ich bekomme "positive finds ads" nicht von meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (7)
  2. "Click to Continue" entfernen
    Anleitungen, FAQs & Links - 27.05.2014 (2)
  3. "cdncache-a.akamaihd.net" - PopUp's, Werbebanner und "click to continue"-Links
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (39)
  4. Ich kann "click to continue > by coupon dropdown" im Firefox nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (2)
  5. Mit dem Titel "Click to Continue by Browse to Save" öffnen sich im Internet-Browser ein fremdes Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (5)
  6. "click to continue" oder "browse to save" entfernen
    Log-Analyse und Auswertung - 02.04.2013 (21)
  7. Malware: "Click to Continue > by CouponDropDown" entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (7)
  8. "click to continue"-Problem
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (30)
  9. "click to continue" oder "browse to save" entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (2)
  10. Bekomme "Trojan-gameThief.win32.magania.bevf" nicht gebändigt
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (1)
  11. Bekomme "Trojan-gameThief.win32.magania.bevf" nicht gebändigt
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (29)
  12. Bekomme "Trojan-gameThief.win32.magania.bevf" nicht gebändigt
    Alles rund um Windows - 19.08.2012 (2)
  13. Kriege "TR/Rootkit.Gen" und "TR/PSW.PdPi.CT.1.D" nicht von Rechner runter!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2009 (30)
  14. "Temp"-Ordner nicht deleted (JS/Click.Tagem.A)
    Plagegeister aller Art und deren Bekämpfung - 18.06.2006 (4)
  15. Wie bekomme ich das "Exploit MhtRedir.gen" wieder runter?
    Log-Analyse und Auswertung - 10.03.2005 (1)
  16. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)
  17. Bekomme Hijack"Pleasure Zone" nicht weg! Hilfe!
    Log-Analyse und Auswertung - 20.07.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ich bekomme "Click to continue - smartshopping" nicht runter vom PC - Bitte um Hilfe, Click to Continue erscheint imnmer wieder. Habe alle Schritte unternommen, kein entsprechendes Programm mehr in der Systemsteuerung, Browser (Firefox) zurückgesetzt, AdwCleaner laufen lassen: AdwCleaner v4.002 - Bericht - Ich bekomme "Click to continue - smartshopping" nicht runter vom PC...
Archiv
Du betrachtest: Ich bekomme "Click to continue - smartshopping" nicht runter vom PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129