PC Performer nervt und will bleiben! Wie loswerden?

rev1979 · 04.04.2013, 13:10

Hallo Nothelfer!

Habe seit dem Wochenende von einem TV Spielfilm (!) Seriendownload den lieben PC Performer auf dem Rechner - und der möchte jetzt gerne scannen und verweilen...

Könnt Ihr mir helfen?

Anbei sende ich mal den Malwarebytes Bericht und anschließend auch gern den OTL.

Ganz lieben Dank für Hilfe,

Grüße Klaus.

Zitat:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.01.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
enaundklaus :: FLIWATÜÜÜT [Administrator]

04.04.2013 13:49:09
mbam-log-2013-04-04 (13-49-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217351
Laufzeit: 3 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL:

Zitat:

OTL logfile created on: 04.04.2013 13:54:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\enaundklaus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 51,56% Memory free
8,21 Gb Paging File | 5,80 Gb Available in Paging File | 70,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,50 Gb Total Space | 308,18 Gb Free Space | 52,73% Space Free | Partition Type: NTFS
Drive D: | 11,67 Gb Total Space | 1,56 Gb Free Space | 13,40% Space Free | Partition Type: NTFS

Computer Name: FLIWATÜÜÜT | User Name: enaundklaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\enaundklaus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe (Research In Motion)
PRC - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe (Research In Motion)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\SysWOW64\brss01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\SysWOW64\brsvc01a.exe (brother Industries Ltd)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RIM MDNS) -- C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
SRV - (RIM Tunnel Service) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
SRV - (Blackberry Device Manager) -- C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\WINDOWS\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\SysWOW64\brsvc01a.exe (brother Industries Ltd)

========== Driver Services (SafeList) ==========

DRV:64bit: - (rimvndis) -- C:\Windows\SysNative\Drivers\rimvndis6_AMD64.sys (Research in Motion Limited)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (acedrv05) -- C:\Windows\SysNative\drivers\acedrv05.sys ()
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\DRIVERS\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (MRV6X64U) -- C:\Windows\SysNative\DRIVERS\WUBS300Nx64.sys (Marvell Semiconductor, Inc)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{1ABA2C13-E36C-4497-8234-1E146E69EAA4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{FB5DD038-132F-4EA1-8871-F5F9A3D5AC1E}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{1ABA2C13-E36C-4497-8234-1E146E69EAA4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{C9E74760-EC9B-4039-9B87-F31A4E498D5D}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{E542EE72-1CA0-4A21-B507-1DD407A49299}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{FB5DD038-132F-4EA1-8871-F5F9A3D5AC1E}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes\{1ABA2C13-E36C-4497-8234-1E146E69EAA4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes\{314AB173-A8C9-4200-A0B9-F6C62D2ECA30}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes\{7A89AD80-4DED-4D03-9C60-397219D447DC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes\{C9E74760-EC9B-4039-9B87-F31A4E498D5D}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes\{E542EE72-1CA0-4A21-B507-1DD407A49299}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..\SearchScopes\{FB5DD038-132F-4EA1-8871-F5F9A3D5AC1E}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163&ilc=12"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8773
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 12:27:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.04 12:27:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 12:27:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.04 12:27:38 | 000,000,000 | ---D | M]

[2012.03.03 12:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\enaundklaus\AppData\Roaming\mozilla\Extensions
[2013.04.01 21:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\enaundklaus\AppData\Roaming\mozilla\Firefox\Profiles\himyps15.default\extensions
[2013.02.01 12:37:58 | 000,005,614 | ---- | M] () (No name found) -- C:\Users\enaundklaus\AppData\Roaming\mozilla\firefox\profiles\himyps15.default\extensions\510ba085c17e7@510ba085c1820.com.xpi
[2012.02.17 22:26:20 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\enaundklaus\AppData\Roaming\mozilla\firefox\profiles\himyps15.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.04.04 12:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.04 12:27:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.04.04 12:27:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.12 13:23:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.12 22:18:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 13:23:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 13:23:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 13:23:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 13:23:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIM PeerManager] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3952511059-662023245-2995493025-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3952511059-662023245-2995493025-1000..\Run: [BlackBerryLink.exe] C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe (Research In Motion)
O4 - HKU\S-1-5-21-3952511059-662023245-2995493025-1000..\Run: [Device Detection] C:\Program Files (x86)\Lidl_Fotos\dd.exe File not found
O4 - HKU\S-1-5-21-3952511059-662023245-2995493025-1000..\Run: [Free Download Manager793863.exe] "C:\Users\enaundklaus\AppData\Local\Temp\Free Download Manager793863.exe" /XML="C:\Users\ENAUND~1\AppData\Local\Temp\54E3.tmp" /ROS /STP=1:2 File not found
O4 - HKU\S-1-5-21-3952511059-662023245-2995493025-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3952511059-662023245-2995493025-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/59.20/uploader2.cab (UploadListView Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E8C401E-8F5F-42A0-A7F7-3C892E773A12}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20956878-F8C1-4252-BDD4-C4247228F971}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A918102-0FBF-4A06-BCA9-D9935C21FB27}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA96246-6E4C-40F8-8D91-DD47EE392E33}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B382048-C4CD-4F14-8B2D-697055EDB42A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85A704EA-C3D1-4FAB-A78B-06763F041C49}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABABD955-E600-4B86-9365-7DE4B1A5FEC1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC297381-F86B-46CC-9357-D482190D699E}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A8D342-9C7A-4398-953D-6142D42D9D57}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC6BA6EF-F8EB-45A0-9639-2F3392B7FE3E}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\enaundklaus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\enaundklaus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{379d7104-d077-11de-8083-00221526729e}\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe
O33 - MountPoints2\{4d2bec88-db9e-11df-a4cb-00221526729e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d2bec88-db9e-11df-a4cb-00221526729e}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d2bec8f-db9e-11df-a4cb-00221526729e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d2bec8f-db9e-11df-a4cb-00221526729e}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{52b7ed2c-0552-11e1-a6b9-00221526729e}\Shell - "" = AutoRun
O33 - MountPoints2\{52b7ed2c-0552-11e1-a6b9-00221526729e}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{78e709db-8740-11e2-b153-00221526729e}\Shell - "" = AutoRun
O33 - MountPoints2\{78e709db-8740-11e2-b153-00221526729e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\start.exe
O33 - MountPoints2\{9ff65512-faf2-11de-be76-001c4af8728d}\Shell\AutoRun\command - "" = J:\Launcher.exe
O33 - MountPoints2\{a5643bdf-d14a-11de-b46b-00221526729e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5643bdf-d14a-11de-b46b-00221526729e}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{cdbc2a2b-12ec-11e1-ae6e-00221526729e}\Shell - "" = AutoRun
O33 - MountPoints2\{cdbc2a2b-12ec-11e1-ae6e-00221526729e}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: lodcstat - (C:\Windows\system32\coni.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.04 13:35:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\enaundklaus\Desktop\OTL.exe
[2013.04.04 12:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.01 22:39:37 | 000,000,000 | ---D | C] -- C:\Users\enaundklaus\AppData\Roaming\PerformerSoft
[2013.04.01 22:33:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.04.01 22:28:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\enaundklaus\Desktop\tdsskiller.exe
[2013.04.01 22:14:39 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\enaundklaus\Desktop\aswMBR.exe
[2013.04.01 20:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.04.01 20:48:01 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013.04.01 20:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2013.04.01 20:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Performer
[2013.04.01 20:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.03.22 22:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.07 21:59:27 | 000,000,000 | ---D | C] -- C:\Users\enaundklaus\Documents\BLACKBERRY-3C3F
[2013.03.07 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\enaundklaus\Documents\BlackBerry
[2013.03.07 20:15:23 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2013.03.07 20:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2013.03.07 20:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research in Motion
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[19 C:\Users\enaundklaus\Desktop\*.tmp files -> C:\Users\enaundklaus\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.04 13:55:07 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AE73B82-C44A-42B2-AB39-61C710380CF7}.job
[2013.04.04 13:47:20 | 000,002,621 | ---- | M] () -- C:\Users\enaundklaus\Desktop\Microsoft Office Word 2003.lnk
[2013.04.04 13:35:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\enaundklaus\Desktop\OTL.exe
[2013.04.04 13:20:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.04 13:17:31 | 001,482,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.04 13:17:31 | 000,642,472 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.04 13:17:31 | 000,607,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.04 13:17:31 | 000,132,030 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.04 13:17:31 | 000,108,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 13:14:22 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.04 13:11:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 13:11:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 13:11:18 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\wan.pcap
[2013.04.04 13:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.04 11:59:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.04 11:46:56 | 000,000,680 | ---- | M] () -- C:\Users\enaundklaus\AppData\Local\d3d9caps.dat
[2013.04.02 10:21:10 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2013.04.01 22:34:23 | 000,001,163 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.01 22:29:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\enaundklaus\Desktop\tdsskiller.exe
[2013.04.01 22:16:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\enaundklaus\Desktop\aswMBR.exe
[2013.04.01 22:14:02 | 000,609,993 | ---- | M] () -- C:\Users\enaundklaus\Desktop\adwcleaner.exe
[2013.04.01 21:06:38 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job
[2013.03.22 10:57:45 | 000,168,609 | ---- | M] () -- C:\Users\enaundklaus\Desktop\Voucher EasyHotel Porto.pdf
[2013.03.15 16:43:05 | 000,000,811 | ---- | M] () -- C:\Users\enaundklaus\Desktop\my music - Verknüpfung.lnk
[2013.03.13 21:21:55 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 21:21:55 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.07 22:57:34 | 000,017,466 | ---- | M] () -- C:\Users\enaundklaus\Desktop\581693_10151275240311736_1079303688_n.jpg
[2013.03.07 20:54:43 | 000,590,511 | ---- | M] () -- C:\Users\enaundklaus\Desktop\barclaycard.pdf
[2013.03.07 20:15:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2013.03.07 20:15:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2013.03.07 20:15:09 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Link.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[19 C:\Users\enaundklaus\Desktop\*.tmp files -> C:\Users\enaundklaus\Desktop\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.01 22:39:49 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2013.04.01 22:34:12 | 000,001,163 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.01 22:14:02 | 000,609,993 | ---- | C] () -- C:\Users\enaundklaus\Desktop\adwcleaner.exe
[2013.04.01 20:48:06 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job
[2013.03.22 10:57:45 | 000,168,609 | ---- | C] () -- C:\Users\enaundklaus\Desktop\Voucher EasyHotel Porto.pdf
[2013.03.15 16:43:05 | 000,000,811 | ---- | C] () -- C:\Users\enaundklaus\Desktop\my music - Verknüpfung.lnk
[2013.03.07 22:57:34 | 000,017,466 | ---- | C] () -- C:\Users\enaundklaus\Desktop\581693_10151275240311736_1079303688_n.jpg
[2013.03.07 20:54:28 | 000,590,511 | ---- | C] () -- C:\Users\enaundklaus\Desktop\barclaycard.pdf
[2013.03.07 20:15:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2013.03.07 20:15:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2013.03.07 20:15:17 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\wan.pcap
[2013.03.07 20:15:09 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Link.lnk
[2011.12.28 21:34:01 | 000,000,000 | ---- | C] () -- C:\Users\enaundklaus\AppData\Local\{6986ADB1-CA1D-49DB-8737-BFAFB61C80D1}
[2011.11.24 00:03:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.11.01 14:15:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.30 21:40:20 | 000,004,096 | -H-- | C] () -- C:\Users\enaundklaus\AppData\Local\keyfile3.drm
[2010.03.24 12:07:30 | 000,000,099 | ---- | C] () -- C:\Users\enaundklaus\AppData\Local\fusioncache.dat
[2010.01.02 14:32:00 | 000,000,680 | ---- | C] () -- C:\Users\enaundklaus\AppData\Local\d3d9caps.dat
[2009.11.29 23:44:53 | 000,001,548 | ---- | C] () -- C:\Users\enaundklaus\AppData\Roaming\wklnhst.dat
[2009.11.14 20:25:38 | 000,211,456 | ---- | C] () -- C:\Users\enaundklaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.26 18:16:26 | 012,898,816 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.26 17:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010.02.11 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Canneverbe Limited
[2009.12.21 23:01:07 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Canneverbe_Limited
[2013.03.14 19:06:56 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Dropbox
[2012.09.02 14:35:40 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\fotobuch.de AG
[2011.11.25 19:03:44 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\ICQ
[2010.04.02 16:28:58 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Imaxel
[2011.10.07 06:07:19 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\IrfanView
[2010.02.20 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Lexware
[2010.01.29 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\MAGIX
[2011.10.06 15:44:40 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\MicroST
[2012.02.05 18:41:12 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\MusicNet
[2010.01.05 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\muvee Technologies
[2010.01.20 20:26:59 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Nokia
[2009.11.17 19:19:04 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\OpenOffice.org
[2010.08.11 07:57:22 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Opera
[2012.03.24 18:53:58 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Outlook
[2010.01.20 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\PC Suite
[2013.04.01 22:39:37 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\PerformerSoft
[2013.03.07 20:16:05 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Research In Motion
[2013.02.01 10:20:59 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Spotify
[2009.11.29 23:44:53 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Template
[2011.11.02 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\enaundklaus\AppData\Roaming\Vodafone

========== Purity Check ==========

< End of report >

EXTRAS

Zitat:

OTL Extras logfile created on: 04.04.2013 13:54:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\enaundklaus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 51,56% Memory free
8,21 Gb Paging File | 5,80 Gb Available in Paging File | 70,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,50 Gb Total Space | 308,18 Gb Free Space | 52,73% Space Free | Partition Type: NTFS
Drive D: | 11,67 Gb Total Space | 1,56 Gb Free Space | 13,40% Space Free | Partition Type: NTFS

Computer Name: FLIWATÜÜÜT | User Name: enaundklaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\enaundklaus\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\enaundklaus\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 84 09 94 E4 82 64 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*

esigner.exe
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*

esigner.exe

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21BC8BB5-837F-4EE0-BB97-15A0E19FDE98}" = rport=445 | protocol=6 | dir=out | app=system |
"{5070177A-5FAE-4216-BB89-98B2C58FA515}" = lport=139 | protocol=6 | dir=in | app=system |
"{6858173E-9FBF-4B52-AB53-A05A2AF79233}" = rport=138 | protocol=17 | dir=out | app=system |
"{85638778-A2C2-4170-A1D0-B6A1070ADAE5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8DE699AF-53B5-4F6A-9C2B-FCB7B0C89B3F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97F87649-4DBD-4963-B50C-198BB05E7D3B}" = rport=139 | protocol=6 | dir=out | app=system |
"{9CA42362-1E7F-433D-9CAF-551AD749DAE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE630840-B14B-4317-9733-0BC6D8270F3D}" = lport=445 | protocol=6 | dir=in | app=system |
"{F834B059-1FDC-40A9-848F-C39D7E5E193D}" = rport=137 | protocol=17 | dir=out | app=system |
"{F93863FB-F281-42FF-9486-FE60DDEF12E2}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BE88FF-5003-4F70-8151-5DE0CCCDA81C}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe |
"{1DD6D9D2-82CC-4C34-8B51-112EE3A3155C}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe |
"{1E1FA55F-DEA5-4851-9932-8CA32E48FF43}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe |
"{1FC49FF7-F3A1-4C17-AE13-7EEFBF261423}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{344DEDDA-70CB-4D31-8D04-DF2510BDD28A}" = protocol=17 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\tunmgr.exe |
"{47890269-4742-468F-BDF5-BA9ADC9F3B5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4BB2DFF6-92D3-4714-9594-8165BFD86AC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61DFDDF8-30C7-47CA-B130-D699DD0567AF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6285DF1B-4B6A-4E52-AC73-9B1DE02E23EE}" = dir=in | app=c:\users\enaund~1\appdata\local\temp\ibtmpc810551\component_583 |
"{64EE8302-E5B2-4D32-B577-B71B2891A0C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{71AEA895-C2BD-4027-8454-080441FA05B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{736399E8-075E-4ADB-9F51-B259A0EC2E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\research in motion\nginx\nginx.exe |
"{74B39444-6406-4530-A89B-4B812269CB4F}" = dir=in | app=c:\users\enaund~1\appdata\local\temp\ibtmpc810551\component_538 |
"{830DED86-4603-4742-819A-01012A69D442}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe |
"{83394F11-ABB2-4B71-9E41-7D9552A04DEC}" = dir=in | app=c:\users\enaund~1\appdata\local\temp\ibtmpc810551\component_600 |
"{8EB8D3FC-7E62-47B2-A763-71D553AFF8D3}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{9A43CCC8-316B-43C4-AECF-55A3B135FDCF}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{A1F095EB-0FC7-42F6-B5C5-A78E0972A743}" = dir=in | app=c:\users\enaundklaus\desktop\downloadmanagersetup.exe |
"{A6050C57-E13A-4B6B-9E1B-F84EA1C9ABF4}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{B08F3E96-50C8-440C-BD57-3B6717E7A7AD}" = dir=in | app=c:\users\enaund~1\appdata\local\temp\ibtmpc810551\component_610.decrpt |
"{B3307365-12DA-49E7-BE5D-B4DDDBB98149}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B6EA511C-0B21-41CD-87D7-0F76FA45F45F}" = protocol=6 | dir=in | svc=* | app=c:\program files (x86)\common files\research in motion\tunnel manager\mdnsresponder.exe |
"{C336440A-0E6E-4A8F-9B78-CF14AB774638}" = dir=in | app=c:\users\enaund~1\appdata\local\temp\ibtmpc810551\component_358.decrpt |
"{D0888D15-038C-4DCC-9C2E-309152910623}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{D14518F0-5A6B-4FF7-94E7-69FBB88589E1}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{D88775FD-B0BD-4B31-801F-8BC3E9118020}" = dir=out | app=c:\users\enaundklaus\desktop\downloadmanagersetup.exe |
"{DBFDDE74-8526-492E-96E6-EA869FE4C2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F3D52516-E991-4ED5-AA92-9088706C7DE5}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{F448E676-F1D8-4611-B784-D3D74CD833A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{4F75F845-D941-45D0-B924-0FB9DA0A4CA9}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{A9EC10EC-3216-4FD8-8317-4693B4F85E91}C:\users\enaundklaus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\enaundklaus\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AD8952C7-3E9C-4DA2-8E05-4C29A985AB38}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{D5EAD3EF-C800-47B8-B322-DB67BB963848}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2C8D8E22-1A29-4320-B0CE-DC9367CA9CAB}C:\users\enaundklaus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\enaundklaus\appdata\roaming\spotify\spotify.exe |
"UDP Query User{352C84C8-EB8E-4E36-AAAA-201AECDC93A5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{84EF2163-D5BA-48F9-A8A6-4BB696273FF3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{96596636-4866-45D9-8D6E-B3E767B9EC12}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{53EAA030-4FE6-0B32-DD63-1DB9C02AA917}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBB09F04-CD3E-CDEC-F3C7-28046FD94657}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B9F567A-A261-9D33-96A9-2F3ED15EF253}" = Catalyst Control Center Localization Danish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B1E9E78-17BC-330C-7457-EE02D4E446EB}" = Catalyst Control Center Localization Korean
"{1D4A0D1F-AAE6-17F6-3F36-62D354A60D8A}" = Catalyst Control Center Localization French
"{1E52A991-5CD6-C991-7A1C-C525A0ABC7C9}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{256E8498-F0A4-716E-1DE8-BFDEEB538E24}" = Catalyst Control Center Localization German
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2B5AB43C-747C-EAE9-E13F-6F54EA4891DC}" = Catalyst Control Center Localization Polish
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{32D0735D-8465-4F10-95EE-949C2704B5AF}" = BlackBerry Link
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3A5E395C-9A26-6391-A0F4-BF7C5A1AC93F}" = Catalyst Control Center Localization Thai
"{3B262C61-9057-5E9D-A116-01CC95FA42F7}" = CCC Help Greek
"{3B79C31C-017E-330E-2F43-A4DAA30AE866}" = Catalyst Control Center Localization Russian
"{3CF26D05-B485-F5D7-55BB-630B3F79BD12}" = CCC Help Finnish
"{3E4A9B38-8CE5-BBA3-6B43-1894A8951115}" = Catalyst Control Center Graphics Previews Common
"{3E71F423-BF4B-5819-D4E1-97F637DDDE24}" = CCC Help Russian
"{3F233675-A6F7-603C-11EC-978C739E5816}" = Skins
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4214E948-8BDF-2C92-2D22-7F7E66328DD8}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A22192C-9A13-335F-9B78-A98DA869DDBE}" = Catalyst Control Center Localization Norwegian
"{505B3FE0-6FDD-F678-99D8-6FB0DA772EEA}" = Catalyst Control Center Localization Chinese Traditional
"{52B56D73-A4A6-BEBF-8020-3EB6069BB1DA}" = CCC Help German
"{55D45808-2A62-2AB3-3007-F2B72C4F64C0}" = Catalyst Control Center Localization Hungarian
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65EF902A-353C-F427-B38F-F15E6ADA3A4A}" = CCC Help Polish
"{66791CBF-0EC8-6692-CF6C-9AB7B97EA1BB}" = CCC Help Turkish
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67409EEC-0910-CB45-0D10-4F87D6098F95}" = CCC Help Japanese
"{688EC4E0-5A7A-E115-7994-3E70AB076AD6}" = ccc-core-static
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5781D8-1D61-34DA-210A-288D4EA288B3}" = CCC Help Chinese Standard
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D93B7BA-8C2B-F378-89A2-652B78614BF9}" = Catalyst Control Center Localization Italian
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{76827A9C-175C-80D0-D4AF-7BAFC34898CF}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78706146-05DB-32C5-1AD7-4761441A345E}" = CCC Help Swedish
"{7880C3EC-BC24-DFF5-139B-E6F7FE67E14B}" = Catalyst Control Center Localization Spanish
"{7A88D6AF-5C96-065A-7CAE-6CE8FE2FBD08}" = Catalyst Control Center Localization Greek
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80554058-0D76-AC77-9C32-A1B9B0450E1D}" = Catalyst Control Center Localization Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E1C2A13-FC30-739E-9446-73EA102370B5}" = Catalyst Control Center Core Implementation
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9160C033-28B2-3AC7-4B7B-8B25DE370CB7}" = Catalyst Control Center Localization Chinese Standard
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96FB7D0F-A1E7-7600-2D20-E1F67F1236C8}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D7351FA-363A-EA0E-BC75-461A9A7B3BEF}" = Catalyst Control Center Localization Japanese
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3FB2596-0947-ACFA-D8CB-69D9718C4E59}" = CCC Help Thai
"{A5C02A59-A29F-C1B7-D4F5-F4918E52B7F6}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C792D09B-E005-8001-620C-89AD387376F8}" = CCC Help Danish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4F61E2-FA71-A7E3-1097-828154E72127}" = CCC Help Korean
"{CD5336D0-D366-F202-2F8C-7B5447458ECB}" = Catalyst Control Center Localization Finnish
"{CE0AD738-E5B4-8E5C-58B9-76C4B78DD5CA}" = CCC Help Italian
"{CECF842E-5A4B-9579-3A17-923C6C352065}" = Catalyst Control Center Graphics Previews Vista
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D82082EB-8CA7-2804-3AD2-AB85C54534E9}" = Catalyst Control Center Localization Dutch
"{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}" = Linksys Wireless-N USB Network Adapter Driver - WUSB300N
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E1321911-8D73-AA22-9083-2B8FBD9C8CF0}" = CCC Help French
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{E23DD36D-44A3-8167-2E56-73E5DB8F06BE}" = CCC Help Dutch
"{E447158D-1AAA-5406-2AF6-0F250BE05321}" = Catalyst Control Center Localization Portuguese
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E7F2FEA3-9C9D-CFCC-02F7-1442A7F370C3}" = CCC Help English
"{E9FD9E47-6614-9CF9-8205-D92959262C12}" = CCC Help Portuguese
"{EC337A47-4A6B-BC9C-E656-5D7C92657962}" = Catalyst Control Center Graphics Full New
"{EFA2328F-EE03-57D8-3EC0-A0F337BB21C9}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FB2AE6E0-BBF6-6E36-6150-C24046CF4DF9}" = Catalyst Control Center Localization Turkish
"{FBBD5444-17D0-E955-2292-513E48091208}" = Catalyst Control Center Graphics Light
"{FD521AF1-AE27-4BAB-B042-D23403E19EA1}" = Catalyst Control Center Localization Swedish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_10_Desktop" = BlackBerry Link
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 11.50.1074" = Opera 11.50
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3952511059-662023245-2995493025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01.04.2013 15:56:10 | Computer Name = FLIWATÜÜÜT | Source = EventSystem | ID = 4621
Description =

Error - 01.04.2013 15:58:20 | Computer Name = FLIWATÜÜÜT | Source = WinMgmt | ID = 10
Description =

Error - 01.04.2013 16:36:51 | Computer Name = FLIWATÜÜÜT | Source = WinMgmt | ID = 10
Description =

Error - 01.04.2013 18:21:46 | Computer Name = FLIWATÜÜÜT | Source = EventSystem | ID = 4621
Description =

Error - 02.04.2013 04:21:13 | Computer Name = FLIWATÜÜÜT | Source = WinMgmt | ID = 10
Description =

Error - 02.04.2013 04:37:41 | Computer Name = FLIWATÜÜÜT | Source = EventSystem | ID = 4621
Description =

Error - 03.04.2013 23:00:00 | Computer Name = FLIWATÜÜÜT | Source = WinMgmt | ID = 10
Description =

Error - 03.04.2013 23:09:29 | Computer Name = FLIWATÜÜÜT | Source = EventSystem | ID = 4621
Description =

Error - 04.04.2013 05:43:58 | Computer Name = FLIWATÜÜÜT | Source = WinMgmt | ID = 10
Description =

Error - 04.04.2013 07:11:18 | Computer Name = FLIWATÜÜÜT | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 14.11.2009 14:26:48 | Computer Name = enaundklaus-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide

[ System Events ]
Error - 01.04.2013 16:37:00 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7026
Description =

Error - 01.04.2013 16:39:03 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7024
Description =

Error - 02.04.2013 04:21:22 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7026
Description =

Error - 02.04.2013 04:23:31 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7024
Description =

Error - 03.04.2013 23:00:09 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7026
Description =

Error - 03.04.2013 23:02:15 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7024
Description =

Error - 04.04.2013 05:44:07 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7026
Description =

Error - 04.04.2013 05:46:14 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7024
Description =

Error - 04.04.2013 07:11:27 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7026
Description =

Error - 04.04.2013 07:13:33 | Computer Name = FLIWATÜÜÜT | Source = Service Control Manager | ID = 7024
Description =

< End of report >

DerJazzer · 04.04.2013, 13:43

Hi

schon versucht ih einfach zu deinstallieren

(auch wenn er wahrscheinlich nicht in der Liste auftauchen wird

)

Mache mal Folgendes:

Schritt 1

Poste mir bitte alle vorhandenen TDSSKiller_logs.

Schritt 2

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

DerJazzer · 06.04.2013, 13:16

Hallo,
benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist!

PC Performer nervt und will bleiben! Wie loswerden?

Log-Analyse und Auswertung: PC Performer nervt und will bleiben! Wie loswerden?