| |
| |||||||
Log-Analyse und Auswertung: Ich bekomme "Click to continue - smartshopping" nicht runter vom PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.11.2014, 14:39
| #1 |
| |  Ich bekomme "Click to continue - smartshopping" nicht runter vom PC Bitte um Hilfe, Click to Continue erscheint imnmer wieder. Habe alle Schritte unternommen, kein entsprechendes Programm mehr in der Systemsteuerung, Browser (Firefox) zurückgesetzt, AdwCleaner laufen lassen: AdwCleaner v4.002 - Bericht erstellt am 06/11/2014 um 13:40:38 # DB v2014-11-02.1 # Aktualisiert 27/10/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : klaus - KLAUS-PC # Gestartet von : \\KLAUS-PC\Users\klaus\Downloads\AdwCleaner_4.002.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\klaus\AppData\Local\CheckCode ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\SOFTWARE\Upt Schlüssel Gelöscht : HKLM\SOFTWARE\WinUpd Schlüssel Gelöscht : HKLM\SOFTWARE\SI-App Schlüssel Gelöscht : HKLM\SOFTWARE\RST Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Upt Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WinUpd Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SI-App Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RST ***** [ Browser ] ***** -\\ Internet Explorer v8.0.7601.18595 -\\ Mozilla Firefox v33.0.2 (x86 de) ************************* AdwCleaner[R1].txt - [1284 octets] - [06/11/2014 13:38:58] AdwCleaner[S1].txt - [1135 octets] - [06/11/2014 13:40:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1195 octets] ########## Danach JUNKWARE REMOVAL TOOL: Junkware Removal Tool (JRT) by Thisisu Version: 6.3.6 (11.05.2014:1) OS: Windows 7 Home Premium x64 Ran by klaus on 06.11.2014 at 13:51:56,67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ammyy" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.11.2014 at 13:55:56,82 End of JRT log und zum Schluss: OTL logfile created on: 06.11.2014 13:58:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\klaus\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 49,76% Memory free 7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 657,54 Gb Total Space | 273,84 Gb Free Space | 41,65% Space Free | Partition Type: NTFS Drive D: | 37,99 Gb Total Space | 13,87 Gb Free Space | 36,49% Space Free | Partition Type: NTFS Computer Name: KLAUS-PC | User Name: klaus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.11.06 13:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\klaus\Downloads\OTL.exe PRC - [2014.10.29 11:08:50 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe PRC - [2014.10.28 03:01:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014.10.08 17:23:41 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Windows.old\Users\klaus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2014.06.25 22:22:54 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe PRC - [2014.06.25 22:22:54 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe PRC - [2014.01.22 17:23:14 | 001,144,184 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2014\HelperService.exe PRC - [2014.01.22 17:23:14 | 000,853,368 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2014\ConversionService.exe PRC - [2012.03.27 09:11:08 | 004,125,864 | ---- | M] (deltra Business Software GmbH & Co. KG) -- C:\orgaMAX\orgamaxmobil_service.exe PRC - [2011.08.24 16:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2011.08.24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2011.06.08 11:15:13 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE ========== Modules (No Company Name) ========== MOD - [2014.10.29 11:08:50 | 016,832,176 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll MOD - [2014.10.28 03:01:27 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014.10.21 18:18:16 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll MOD - [2014.10.21 18:17:30 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll MOD - [2014.10.21 18:16:05 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll MOD - [2014.10.21 18:16:00 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll MOD - [2014.10.21 18:15:58 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\63e9d81bd805aea8f8690fee2efc9a9e\PresentationFramework-SystemCore.ni.dll MOD - [2014.10.21 14:02:15 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll MOD - [2014.10.21 14:02:07 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll MOD - [2014.10.21 14:02:04 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll MOD - [2014.10.21 14:01:54 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll MOD - [2014.10.21 14:01:50 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll MOD - [2014.10.21 14:01:41 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll MOD - [2014.10.21 14:01:41 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll MOD - [2014.10.21 14:01:40 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll MOD - [2014.10.21 14:01:38 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\adacffe20a13932fd5ede3d0f8069f99\PresentationFramework.classic.ni.dll MOD - [2014.10.21 14:01:34 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll MOD - [2014.10.21 14:00:42 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll MOD - [2014.10.21 13:44:22 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2014.10.11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014.10.11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013.06.17 11:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.09.25 02:10:24 | 002,436,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc) SRV:64bit: - [2011.06.08 11:15:13 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV - [2014.10.29 11:08:51 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.06.25 22:22:54 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP) SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014.01.29 22:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014.01.22 17:23:14 | 001,144,184 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2014\HelperService.exe -- (PDF Suite 2014 Helper Service) SRV - [2014.01.22 17:23:14 | 000,853,368 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2014\ConversionService.exe -- (PDF Suite 2014 Service) SRV - [2013.09.11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.11.22 05:00:22 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.03.27 09:11:08 | 004,125,864 | ---- | M] (deltra Business Software GmbH & Co. KG) [Auto | Running] -- C:\orgaMAX\orgamaxmobil_service.exe -- (orgaMAXMobileService) SRV - [2011.08.24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011.05.02 13:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.05.02 13:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.05.02 13:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.08.15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2014.06.25 22:22:52 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2014.06.25 22:22:50 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2014.06.25 22:22:50 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2014.06.25 22:22:50 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:64bit: - [2014.06.25 22:22:50 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2014.06.25 22:22:50 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2014.06.25 22:22:50 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2014.01.29 22:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2014.01.22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2014.01.22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.10.02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013.05.14 16:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013.04.12 14:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:64bit: - [2012.10.03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.08 11:15:13 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.06.08 11:15:13 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.06.08 11:15:13 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.08 11:15:13 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.05.01 13:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54336;https=127.0.0.1:54336; IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54336;https=127.0.0.1:54336; IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 07 AE 1C F9 EB CF 01 [binary data] IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net IE - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:26830 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014.10.20 02:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.20 02:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014.10.20 02:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014.10.20 02:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014.10.20 02:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFConverter2014@ib.com: C:\Program Files (x86)\PDF Suite 2014\firefoxextension2014 [2014.10.22 10:17:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.10.20 01:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\klaus\AppData\Roaming\mozilla\Extensions [2014.11.06 13:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\klaus\AppData\Roaming\mozilla\Firefox\Profiles\5k251ppl.default-1415276595129\extensions [2014.11.04 18:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.11.04 18:33:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (PDF Suite 2014 Helper) - {E854CC03-3049-415A-AE82-77B7F2D43D4F} - C:\Program Files (x86)\PDF Suite 2014\PDFIEHelper.dll (Interactive Brands Inc.) O3 - HKLM\..\Toolbar: (PDF Suite 2014 Toolbar) - {A0B8187A-4FC7-4973-907E-1A25BC8E91A5} - C:\Program Files (x86)\PDF Suite 2014\PDFIEPlugin.dll (Interactive Brands Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-525048802-3025206475-241128996-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-525048802-3025206475-241128996-1000..\Run: [Spotify Web Helper] C:\Windows.old\Users\klaus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-525048802-3025206475-241128996-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B8ABC86-FC5F-40B0-9899-2187D0E5F016}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.11.06 13:51:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.11.06 13:38:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.11.06 13:23:21 | 000,000,000 | ---D | C] -- C:\Users\klaus\Desktop\Alte Firefox-Daten [2014.11.04 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.11.04 18:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.11.04 18:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014.11.04 18:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014.11.04 16:10:34 | 000,000,000 | ---D | C] -- C:\Windows\pss [2014.11.01 13:10:40 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Apple Computer [2014.11.01 13:10:40 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Apple Computer [2014.11.01 13:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2014.11.01 13:10:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2014.11.01 13:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 [2014.11.01 13:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2014.11.01 13:08:19 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Apple [2014.11.01 13:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2014.11.01 13:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2014.11.01 13:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2014.11.01 13:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2014.11.01 13:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2014.11.01 13:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2014.10.30 12:30:50 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\Outlook-Dateien [2014.10.29 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Macromedia [2014.10.29 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Macromedia [2014.10.29 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Adobe [2014.10.29 11:08:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2014.10.29 11:08:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2014.10.29 11:08:10 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Adobe [2014.10.29 08:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2014.10.27 14:07:15 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2014.10.24 16:02:30 | 000,000,000 | -HSD | C] -- C:\found.000 [2014.10.24 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\klaus\Desktop\SAMSUNG [2014.10.24 09:13:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014.10.23 09:44:19 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Buhl Data Service GmbH [2014.10.23 08:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird [2014.10.23 08:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\orgaMAX Business Software [2014.10.23 08:48:06 | 000,297,472 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\midas.dll [2014.10.23 08:44:31 | 007,134,848 | ---- | C] (Advanced Messaging Systems LLC) -- C:\Windows\SysWow64\redemption.dll [2014.10.23 08:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\deltra Software GmbH [2014.10.23 08:44:22 | 004,082,688 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\qtintf70.dll [2014.10.23 08:44:21 | 004,361,832 | ---- | C] (RAPWare) -- C:\Windows\SysNative\RwEasyMAPI64.exe [2014.10.23 08:44:20 | 000,000,000 | ---D | C] -- C:\orgaMAX [2014.10.22 18:30:29 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\TeamViewer [2014.10.22 16:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ro-Soft [2014.10.22 15:27:43 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx [2014.10.22 15:27:43 | 000,148,992 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevMenuXP2.ocx [2014.10.22 15:27:43 | 000,138,240 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevMail32.ocx [2014.10.22 15:27:43 | 000,101,888 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevISDN.dll [2014.10.22 15:27:43 | 000,032,768 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\SEVDTA32.DLL [2014.10.22 15:27:43 | 000,014,336 | ---- | C] (ro-Soft) -- C:\Windows\SysWow64\rosoft.dll [2014.10.22 15:27:42 | 000,373,248 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevDataGrid2.ocx [2014.10.22 15:27:42 | 000,294,400 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx [2014.10.22 15:27:42 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd3.ocx [2014.10.22 15:27:42 | 000,116,224 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevClb20.ocx [2014.10.22 15:27:42 | 000,099,328 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevGraph.ocx [2014.10.22 14:14:01 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\ElevatedDiagnostics [2014.10.22 12:58:32 | 000,000,000 | ---D | C] -- C:\Users\klaus\Desktop\EXCEL [2014.10.22 10:26:42 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\PDF Suite 2014 [2014.10.22 10:18:44 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\PDF Suite 2014 Files [2014.10.22 10:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Suite 2014 [2014.10.22 10:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Suite 2014 [2014.10.22 10:12:37 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\PDF Software [2014.10.22 09:18:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2014.10.21 17:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\CompileOCRSprite [2014.10.21 17:36:17 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\PDF24 [2014.10.21 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack 2 [2014.10.21 16:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medion MediaPack 2 [2014.10.21 16:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2014.10.21 16:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2014.10.21 16:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2014.10.21 16:07:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2014.10.21 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Canon [2014.10.21 12:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2014.10.21 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2014.10.21 11:42:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2014.10.21 11:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2014.10.21 11:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2014.10.21 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2014.10.21 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2014.10.21 11:28:49 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Sony Corporation [2014.10.21 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Microsoft Help [2014.10.21 11:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2014.10.21 11:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB [2014.10.21 10:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2014.10.21 10:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2014.10.21 10:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Data Converter [2014.10.21 10:25:29 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\InstallShield [2014.10.21 10:06:13 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\Benutzerdefinierte Office-Vorlagen [2014.10.21 09:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2014.10.21 09:40:25 | 000,000,000 | ---D | C] -- C:\Users\klaus\Documents\OneNote-Notizbücher [2014.10.21 09:01:06 | 000,265,216 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\SysWow64\sevZip30.dll [2014.10.21 09:01:06 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevImLib.dll [2014.10.21 09:01:06 | 000,154,624 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevTab.ocx [2014.10.21 09:01:06 | 000,091,136 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevOutBar3.ocx [2014.10.21 09:01:06 | 000,086,016 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevGrip.ocx [2014.10.21 09:01:06 | 000,081,920 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevWiz32.ocx [2014.10.21 09:01:06 | 000,062,464 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevLock.dll [2014.10.21 09:01:06 | 000,047,616 | ---- | C] (roSoft) -- C:\Windows\SysWow64\roLibEx.DLL [2014.10.21 09:01:06 | 000,045,568 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevTrayIcon.ocx [2014.10.21 09:01:06 | 000,034,816 | ---- | C] (Tools & Components und Microsys Kramer) -- C:\Windows\SysWow64\sevTAPI.dll [2014.10.21 09:01:06 | 000,032,768 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevPopUp.dll [2014.10.21 09:01:06 | 000,027,648 | ---- | C] (Software-Entwicklung & Vertrieb) -- C:\Windows\SysWow64\sevSplitterBar.ocx [2014.10.21 09:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ro-Soft [2014.10.21 09:01:03 | 000,162,816 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmpr10.dll [2014.10.21 09:01:03 | 000,129,536 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmut10.dll [2014.10.21 09:01:02 | 002,710,016 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10.dll [2014.10.21 09:01:02 | 001,166,848 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmls10.dll [2014.10.21 09:01:02 | 001,082,368 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmct10.dll [2014.10.21 09:01:02 | 000,933,376 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10bc.llx [2014.10.21 09:01:02 | 000,672,768 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10xl.dll [2014.10.21 09:01:02 | 000,664,576 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmmx01.dll [2014.10.21 09:01:02 | 000,663,552 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10ex.llx [2014.10.21 09:01:02 | 000,662,528 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmbr10.dll [2014.10.21 09:01:02 | 000,646,144 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmdw10.dll [2014.10.21 09:01:02 | 000,577,536 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_pdf.dll [2014.10.21 09:01:02 | 000,376,320 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll1000.lng [2014.10.21 09:01:02 | 000,360,448 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_rtf.dll [2014.10.21 09:01:02 | 000,348,672 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10pw.llx [2014.10.21 09:01:02 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_obj.dll [2014.10.21 09:01:02 | 000,315,392 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_xml.dll [2014.10.21 09:01:02 | 000,225,280 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_htm.dll [2014.10.21 09:01:02 | 000,221,184 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_png.flt [2014.10.21 09:01:02 | 000,196,608 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_tls.dll [2014.10.21 09:01:02 | 000,172,032 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_jpg.flt [2014.10.21 09:01:02 | 000,114,688 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_ic.dll [2014.10.21 09:01:02 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_tif.flt [2014.10.21 09:01:02 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_wnd.dll [2014.10.21 09:01:02 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_gif.flt [2014.10.21 09:01:02 | 000,049,152 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmmx01.cpl [2014.10.21 09:01:02 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_wmf.flt [2014.10.21 09:01:01 | 000,679,936 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13.dll [2014.10.21 09:01:01 | 000,479,232 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_doc.dll [2014.10.21 09:01:01 | 000,438,272 | ---- | C] (jr-Soft Germany) -- C:\Windows\SysWow64\jrspeller.ocx [2014.10.21 09:01:01 | 000,348,160 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx4ole13.ocx [2014.10.21 09:01:01 | 000,344,064 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\vsview6.ocx [2014.10.21 09:01:01 | 000,274,432 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_css.dll [2014.10.21 09:01:01 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\Windows\SysWow64\ccrpftv6.ocx [2014.10.21 09:01:01 | 000,093,184 | ---- | C] (Crescent Division of Progress Software Corp.) -- C:\Windows\SysWow64\ciras.ocx [2014.10.21 09:01:01 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx13_bmp.flt [2014.10.20 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Spotify [2014.10.20 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Spotify [2014.10.20 20:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics [2014.10.20 20:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2014.10.20 20:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2014.10.20 20:44:33 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Programs [2014.10.20 19:34:50 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2014.10.20 17:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2014.10.20 17:36:31 | 000,000,000 | R--D | C] -- C:\Users\klaus\SkyDrive [2014.10.20 17:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2014.10.20 17:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2014.10.20 17:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2014.10.20 16:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2014.10.20 15:42:56 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\TuneUp Software [2014.10.20 15:42:56 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\TuneUp Software [2014.10.20 15:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2014.10.20 15:39:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} [2014.10.20 15:39:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2014.10.20 14:05:58 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel [2014.10.20 09:12:15 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Microsoft Games [2014.10.20 09:10:24 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2014.10.20 09:04:00 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\HpUpdate [2014.10.20 09:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2014.10.20 09:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2014.10.20 09:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2014.10.20 09:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2014.10.20 08:59:04 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\HP [2014.10.20 08:46:39 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2014.10.20 08:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 210 [2014.10.20 08:43:25 | 000,000,000 | ---D | C] -- C:\Windows.old [2014.10.20 08:43:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B [2014.10.20 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A [2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408 [2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406 [2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405 [2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404 [2014.10.20 08:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401 [2014.10.20 08:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2014.10.20 08:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2014.10.20 08:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2014.10.20 08:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2014.10.20 03:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2014.10.20 03:17:46 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll [2014.10.20 03:17:46 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll [2014.10.20 03:17:46 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\CNEED64A.dll [2014.10.20 03:17:46 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll [2014.10.20 03:17:46 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll [2014.10.20 03:17:46 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\CNEEL64A.dll [2014.10.20 03:17:46 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll [2014.10.20 02:53:37 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\MSN6 [2014.10.20 02:39:10 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\MSNInstaller [2014.10.20 02:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN [2014.10.20 02:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security [2014.10.20 02:24:04 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll [2014.10.20 02:20:18 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2014.10.20 02:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2014.10.20 02:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2014.10.20 02:19:21 | 000,625,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2014.10.20 02:19:21 | 000,115,296 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2014.10.20 02:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2014.10.20 01:16:59 | 000,000,000 | ---D | C] -- C:\Windows\Msagent [2014.10.20 01:14:41 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft Web Folders [2014.10.20 01:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2014.10.20 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Mozilla [2014.10.20 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Mozilla [2014.10.20 01:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2014.10.20 00:57:59 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Intel [2014.10.20 00:57:43 | 000,000,000 | ---D | C] -- C:\Users\klaus\Roaming [2014.10.20 00:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming [2014.10.20 00:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2014.10.20 00:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2014.10.20 00:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2014.10.20 00:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2014.10.20 00:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2014.10.20 00:54:46 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2014.10.20 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\mquadr.at [2014.10.20 00:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at [2014.10.20 00:15:16 | 002,475,456 | ---- | C] (mquadr.at software engineering und consulting GmbH) -- C:\Windows\SysWow64\M2ElevatedCalls.dll [2014.10.20 00:15:16 | 000,948,608 | ---- | C] (mquadr.at software engineering) -- C:\Windows\SysWow64\M2ElevatedNetworkAdapters.dll [2014.10.20 00:15:16 | 000,243,197 | ---- | C] (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Windows\SysWow64\SSDPDiscovery.dll [2014.10.20 00:15:16 | 000,238,080 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysWow64\WiFiMan.dll [2014.10.20 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\DTAG [2014.10.20 00:13:12 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Diagnostics [2014.10.20 00:06:47 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2014.10.20 00:06:47 | 000,000,000 | R--D | C] -- C:\Users\klaus\Searches [2014.10.20 00:06:47 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2014.10.20 00:06:35 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Identities [2014.10.20 00:06:31 | 000,000,000 | R--D | C] -- C:\Users\klaus\Contacts [2014.10.20 00:06:28 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\VirtualStore [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Vorlagen [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\AppData\Local\Verlauf [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\AppData\Local\Temporary Internet Files [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Startmenü [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\SendTo [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Recent [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Netzwerkumgebung [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Lokale Einstellungen [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Documents\Eigene Videos [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Documents\Eigene Musik [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Eigene Dateien [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Documents\Eigene Bilder [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Druckumgebung [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Cookies [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\AppData\Local\Anwendungsdaten [2014.10.20 00:06:00 | 000,000,000 | -HSD | C] -- C:\Users\klaus\Anwendungsdaten [2014.10.20 00:05:58 | 000,000,000 | --SD | C] -- C:\Users\klaus\AppData\Roaming\Microsoft [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Videos [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Pictures [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Music [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Links [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Favorites [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Downloads [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Documents [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\Desktop [2014.10.20 00:05:58 | 000,000,000 | R--D | C] -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2014.10.20 00:05:58 | 000,000,000 | -H-D | C] -- C:\Users\klaus\AppData [2014.10.20 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Temp [2014.10.20 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Local\Microsoft [2014.10.20 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\klaus\AppData\Roaming\Media Center Programs [2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Recovery [2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Programme [2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2014.10.20 00:05:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2014.10.20 00:05:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2014.10.19 23:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2014.10.19 23:12:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.05.27 04:20:26 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Users\klaus\mfc80.dll [1 C:\Users\klaus\Desktop\*.tmp files -> C:\Users\klaus\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.11.06 13:52:39 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.11.06 13:52:39 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.11.06 13:44:24 | 000,001,934 | ---- | M] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk [2014.11.06 13:43:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.11.06 13:43:58 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys [2014.11.06 13:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.11.04 18:33:49 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014.11.04 18:18:56 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.11.04 18:12:41 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.11.04 18:12:41 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.11.04 18:12:41 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.11.04 18:12:41 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.11.04 18:12:41 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.11.01 13:10:35 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2014.10.29 09:00:27 | 000,002,559 | ---- | M] () -- C:\Users\Public\Desktop\MSN.lnk [2014.10.24 19:54:39 | 000,001,346 | ---- | M] () -- C:\Users\klaus\Desktop\Dropbox.lnk [2014.10.24 19:54:37 | 000,002,134 | ---- | M] () -- C:\Users\klaus\Desktop\Spotify.lnk [2014.10.24 18:12:01 | 000,001,485 | ---- | M] () -- C:\Users\klaus\Desktop\Amazon Cloud Player.lnk [2014.10.23 08:48:30 | 000,001,530 | ---- | M] () -- C:\Users\klaus\Desktop\orgaMAX starten....lnk [2014.10.22 15:34:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2014.10.22 14:47:04 | 000,001,535 | ---- | M] () -- C:\Users\klaus\Desktop\PRIVAT.lnk [2014.10.21 17:56:46 | 000,436,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.10.21 16:55:48 | 000,002,423 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Photo Optimizer.lnk [2014.10.21 16:55:29 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Snap.lnk [2014.10.21 16:55:17 | 000,001,293 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander.lnk [2014.10.21 16:54:39 | 000,002,407 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio.lnk [2014.10.21 16:20:39 | 000,001,862 | ---- | M] () -- C:\Users\klaus\Desktop\TTC.lnk [2014.10.21 12:15:16 | 009,637,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014.10.21 11:00:04 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk [2014.10.21 11:00:04 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\PMB.lnk [2014.10.21 11:00:04 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PMB Launcher.lnk [2014.10.20 09:03:56 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8100.lnk [2014.10.20 09:03:56 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8100.lnk [2014.10.20 09:00:56 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2014.10.20 08:37:15 | 000,015,850 | ---- | M] () -- C:\Windows\SysNative\results.xml [2014.10.20 02:26:55 | 000,002,334 | ---- | M] () -- C:\Users\klaus\Desktop\Sicherer Zahlungsverkehr.lnk [2014.10.20 02:24:18 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk [2014.10.20 01:20:05 | 000,000,403 | ---- | M] () -- C:\Windows\ODBC.INI [2014.10.20 01:12:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2014.10.19 23:41:25 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2014.10.19 23:41:25 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2014.10.17 11:10:42 | 000,060,663 | ---- | M] () -- C:\Users\klaus\Documents\Zahlungsbeleg Ausschreibung Stadt Duisburg.pdf [1 C:\Users\klaus\Desktop\*.tmp files -> C:\Users\klaus\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.11.04 18:33:49 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014.11.04 18:18:56 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.11.01 13:08:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2014.10.29 11:08:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.10.23 08:48:30 | 000,001,530 | ---- | C] () -- C:\Users\klaus\Desktop\orgaMAX starten....lnk [2014.10.22 15:34:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2014.10.22 14:39:45 | 000,001,535 | ---- | C] () -- C:\Users\klaus\Desktop\PRIVAT.lnk [2014.10.21 16:55:48 | 000,002,423 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Photo Optimizer.lnk [2014.10.21 16:55:29 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Snap.lnk [2014.10.21 16:55:17 | 000,001,293 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander.lnk [2014.10.21 16:54:39 | 000,002,407 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio.lnk [2014.10.21 12:01:33 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2014.10.21 11:04:20 | 000,001,862 | ---- | C] () -- C:\Users\klaus\Desktop\TTC.lnk [2014.10.21 11:00:04 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk [2014.10.21 11:00:04 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk [2014.10.21 11:00:04 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk [2014.10.21 11:00:04 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk [2014.10.21 09:01:03 | 000,741,845 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.chm [2014.10.21 09:01:03 | 000,157,182 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.inf [2014.10.21 09:01:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\cmll10sx.dll [2014.10.21 09:01:02 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx13_ic.ini [2014.10.20 19:40:31 | 009,637,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014.10.20 17:36:31 | 000,002,180 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2014.10.20 09:06:51 | 000,001,934 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100 (Netzwerk).lnk [2014.10.20 09:03:56 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8100.lnk [2014.10.20 09:03:56 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8100.lnk [2014.10.20 09:00:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2014.10.20 08:46:18 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT [2014.10.20 08:46:18 | 000,393,256 | ---- | C] () -- C:\Windows\SysNative\CNQ4809N.DAT [2014.10.20 08:37:15 | 000,015,850 | ---- | C] () -- C:\Windows\SysNative\results.xml [2014.10.20 08:30:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2014.10.20 08:30:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin [2014.10.20 08:30:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2014.10.20 08:30:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin [2014.10.20 08:30:31 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2014.10.20 08:30:31 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2014.10.20 08:30:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2014.10.20 08:30:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin [2014.10.20 03:17:46 | 000,030,895 | ---- | C] () -- C:\Windows\SysNative\drivers\Mixer.ini [2014.10.20 03:08:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2014.10.20 02:42:30 | 000,002,559 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk [2014.10.20 02:26:55 | 000,002,334 | ---- | C] () -- C:\Users\klaus\Desktop\Sicherer Zahlungsverkehr.lnk [2014.10.20 02:25:09 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk [2014.10.20 01:49:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2014.10.20 01:20:05 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2014.10.20 01:12:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2014.10.20 00:06:55 | 000,000,987 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2014.10.20 00:06:49 | 000,001,170 | ---- | C] () -- C:\Users\klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2014.10.19 23:38:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2014.10.19 23:36:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2014.10.19 23:11:19 | 3151,327,232 | -HS- | C] () -- C:\hiberfil.sys [2014.10.17 11:10:57 | 000,060,663 | ---- | C] () -- C:\Users\klaus\Documents\Zahlungsbeleg Ausschreibung Stadt Duisburg.pdf [2014.10.08 17:23:45 | 000,002,134 | ---- | C] () -- C:\Users\klaus\Desktop\Spotify.lnk [2014.06.11 08:57:24 | 000,164,371 | ---- | C] () -- C:\Users\klaus\Leserservice.pdf [2014.01.29 22:02:42 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2014.01.29 22:02:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014.01.29 22:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2013.10.14 06:47:20 | 000,089,481 | ---- | C] () -- C:\Users\klaus\Microsoft Outlook - Memoformat.pdf [2013.03.03 12:28:01 | 000,059,695 | ---- | C] () -- C:\Users\klaus\Bestellnummer- 1069546.pdf [2013.01.17 11:05:43 | 000,000,932 | -H-- | C] () -- C:\Users\klaus\msndata.dat [2012.06.26 20:56:52 | 003,419,196 | ---- | C] () -- C:\Users\klaus\Handbuch Grundig Fernseher.pdf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.10.23 09:44:19 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\Buhl Data Service GmbH [2014.10.21 16:07:04 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\Canon [2014.10.20 02:41:50 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\MSNInstaller [2014.10.22 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\PDF Software [2014.10.22 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\PDF Suite 2014 [2014.11.05 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\Spotify [2014.10.22 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\TeamViewer [2014.10.20 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\klaus\AppData\Roaming\TuneUp Software ========== Purity Check ========== und anschließend Neustart. WAS KANN ICH NOCH TUN??? Danke für eure Hilfe |
|
06.11.2014, 15:15
| #2 |
| /// the machine /// TB-Ausbilder    | Ich bekomme "Click to continue - smartshopping" nicht runter vom PC Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
| Themen zu Ich bekomme "Click to continue - smartshopping" nicht runter vom PC |
| adobe, ammyy, bho, bonjour, browser, canon, ebanking, excel, explorer, firefox, flash player, format, home, installation, internet, internet explorer, junkware, kaspersky, logfile, mozilla, officejet, pdf, programm, programme, registry, security, software, spotify web helper, tastatur, usb, windows, windows.old |
Linear-Darstellung
