| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie entferne ich Savings Sidekick von meinem Rechner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.11.2012, 20:52
| #1 |
| |  Wie entferne ich Savings Sidekick von meinem Rechner? Hallo, habe seit einigen Tagen Savings Sidekick auf dem Rechner. Wie kann ich diesen Mist loswerden? Ich habe schon einiges mit Malwarebytes/OTL/SpywareTerminator/adwcleaner versucht, hat aber nichts gebracht  . Vielleicht habe ich bei der Anwendung dieser Programme einen Fehler gemacht. Deshalb benötige ich "professionelle" Hilfe, da ich mit Schadprogrammen noch nicht viel am Hut hatte.Vielen Dank schon mal. |
|
08.11.2012, 20:51
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Wie entferne ich Savings Sidekick von meinem Rechner? Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Schon irgendwelche Scans gemacht? Wenn ja => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
08.11.2012, 22:10
| #3 |
| | Wie entferne ich Savings Sidekick von meinem Rechner? Hallo,
__________________vielen Dank für die prompte Antwort. :-) Hier ein paar Daten und Scans von meinem Rechner: System: Code:
ATTFilter Betriebssystemname Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemname abc
Systemhersteller FUJITSU SIEMENS
Systemmodell Amilo Desktop Pi3645A
Systemtyp X86-basierter PC
Prozessor Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz, 2670 MHz, 4 Kern(e), 4 logische(r) Prozessor(en)
BIOS-Version/-Datum American Megatrends Inc. V3.0L, 17.09.2008
SMBIOS-Version 2.5
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume2
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.0.6002.18005"
Benutzername abc
Zeitzone Mitteleuropäische Zeit
Installierter physikalischer Speicher (RAM) 4,00 GB
Gesamter realer Speicher 3,25 GB
Verfügbarer realer Speicher 1,83 GB
Gesamter virtueller Speicher 6,71 GB
Verfügbarer virtueller Speicher 4,83 GB
Größe der Auslagerungsdatei 3,54 GB
Auslagerungsdatei C:\pagefile.sys
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.07.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 abc :: abc [Administrator] Schutz: Aktiviert 07.11.2012 20:52:40 mbam-log-2012-11-07 (22-46-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|J:\|K:\|L:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 510696 Laufzeit: 1 Stunde(n), 18 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 L:\$RECYCLE.BIN\$RQON7GO.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. L:\$RECYCLE.BIN\$R1Y41XV.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. (Ende) OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.11.2012 20:10:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monika\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 52,32% Memory free
6,71 Gb Paging File | 4,96 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,74 Gb Total Space | 10,98 Gb Free Space | 11,24% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 595,89 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 489,64 Gb Total Space | 488,93 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Computer Name: BÜRO | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AE4FE7-9B46-4808-93CC-6212EDB2C07A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2153D063-2C4A-473E-B006-E2DD0B62ABCF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2957A78A-4E17-43DD-BD38-D1E3EEAB341C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29F89A56-F76F-4F6F-935B-1ADBB8ED9F80}" = rport=137 | protocol=17 | dir=out | app=system |
"{2BB407D1-D7A9-435C-9E95-CEC4E3D4FC12}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{2D2BDCD6-4BBC-4C79-BFD0-E5F3BB442382}" = rport=139 | protocol=6 | dir=out | app=system |
"{477C87F4-416B-463B-88A5-1D405E5BA7EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4EF3A5B0-8A7F-40DD-A702-8D93DF728C74}" = lport=139 | protocol=6 | dir=in | app=system |
"{52DBA4EC-86C4-4659-A600-BE97F4FD7E27}" = lport=445 | protocol=6 | dir=in | app=system |
"{548ACC86-0FC7-4681-9AB7-B3E8DEA093DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{55177A6C-BFD0-4E57-A125-B16EF802E3C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5FE7FBD4-CE13-496A-A99F-D045396A8A1B}" = lport=137 | protocol=17 | dir=in | app=system |
"{6706BA7D-0087-423A-AB11-22C84CC92529}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6833AC2B-45CF-45DB-AB09-19CBE7C372AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{85414435-B516-4E18-960D-E208EA2A8488}" = rport=138 | protocol=17 | dir=out | app=system |
"{90E6CCE0-7E71-4D2B-ABEC-0F91320C5500}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{992339A6-4E34-4818-A1C1-F9D747CBDC3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A4B52172-D03D-48E7-B3E7-05C27CE85E3A}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{A93F6AC8-339C-4DD6-804A-23FD01302C6B}" = lport=445 | protocol=6 | dir=in | app=system |
"{A973D4F4-67A5-429B-8DC8-6019DCB5F21F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B27D2DE1-5425-48DD-948D-EA883BF2175A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B596F49D-5D12-49C8-AE26-FE07E35914B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B5AFDBA7-65B3-43D0-87D0-06D1F49ABDF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAF4FE46-58EE-4BA7-8EFC-177BD40163BD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E7B1B311-98F1-4DA2-9290-EBEBACA9320E}" = lport=445 | protocol=6 | dir=in | app=system |
"{E83C6327-4595-4052-AC63-23FC0E687000}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC519980-AE8B-4F43-80E1-AD1C6A38D8CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FEC3C59D-6EB3-4187-8A15-7DD632C5ECFF}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011AB200-277E-4514-ADD3-80A84A47CD7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{06BE2E1D-D87C-44FA-BD8F-8755552EDA9B}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{1CF116E1-A41E-4204-82A7-E95D90A59167}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{37161F12-F032-45D4-ADF5-6C2A626305EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{417E8494-EC2D-48C0-8CAE-86E14620E07A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{50288740-C1B1-4AF4-87EE-C771A54A1187}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E32ABDE-67FB-4BAA-BFA3-EFE225B9D0D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{60FF9F04-FD20-4E16-97BE-E62D9115379C}" = protocol=17 | dir=in | app=c:\program files\canon\dias\cnxdias.exe |
"{6430F2C8-F82C-47B9-B905-FA888DCB113F}" = protocol=6 | dir=in | app=c:\program files\canon\dias\cnxdias.exe |
"{6B329D92-D29A-42D9-B9CB-625A32F75DD1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F7B647A-D927-42F2-A7E8-5BD4D2D5BFC7}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{7A96CC44-8417-4550-88E5-6AB89718596C}" = protocol=6 | dir=in | app=c:\program files\canon\dias\cnxdias.exe |
"{7DC0073D-BE53-49A1-9B5A-47A770A9A63F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{8D3C2800-96EF-4FBD-B360-6E07279BDEDD}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{917EE75C-6C80-42BA-91A2-CE021B8E9521}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9801E1BA-2752-42FF-9EED-8B0710F4A361}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5F6BC01-9061-4701-A5ED-FFB29F007A2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA03E496-E4EB-4695-86CD-2FFFC19A548B}" = protocol=17 | dir=in | app=c:\program files\canon\dias\cnxdias.exe |
"{AC3992C6-08FD-4D48-8A97-B40AA8455BC9}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{DFE02CE0-A870-4722-8E8B-297F60CDF8B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E161255D-0249-4FD0-9291-A21B63973FE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E74E7A4B-2D4C-4E42-B08A-C8B8A683DDE2}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{EF6D210F-E2A3-4987-AE5E-D666D38B1E0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9EC35C0-9D45-4F5E-9155-E0743B18868E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FD96E4E8-1BB1-4F1C-9AC8-9EBADB385041}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FE95F273-C7FD-4938-95DF-6F492B48AE39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{08886769-3BC3-4DD2-AC3F-C12169E3E713}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{08CA524D-64C2-4D6F-B093-F70C6931C33F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{34BD5B3C-1FC0-4512-B3E7-9311C0DAE7FE}C:\program files\canon\color network scangear\sgtool.exe" = protocol=6 | dir=in | app=c:\program files\canon\color network scangear\sgtool.exe |
"TCP Query User{AB0EDEC8-B0FD-40D8-A167-A3627BAB911F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0164A039-A7D6-4C14-9551-93C639CE4CD2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{251A1302-2FBC-4594-96BC-2572CD9E20E9}C:\program files\canon\color network scangear\sgtool.exe" = protocol=17 | dir=in | app=c:\program files\canon\color network scangear\sgtool.exe |
"UDP Query User{8F2BD229-F099-4607-B787-806045FD0167}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{90A4A2D9-83FE-4056-870E-CAF3214A82FC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0254256E-81C0-42F2-9F98-B5BF392091FD}" = Key Configuration Tool
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25D01A3F-D8BE-11D7-8514-0040954614F0}" = Jim Knopf
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4241C028-A33A-4BC4-853C-628221202B34}" = Color Network ScanGear Ver.2.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5B6455A4-E812-479B-A762-C2356244CF97}" = AV Grabber
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"4StoryDE_is1" = 4Story 3.4
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BilliBanni - Für unsere Kleinsten" = BilliBanni - Für unsere Kleinsten
"Diktattrainer plus 3-4" = Diktattrainer plus 3-4
"dm-Fotowelt" = dm-Fotowelt
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4241C028-A33A-4BC4-853C-628221202B34}" = Color Network ScanGear Ver.2.3
"InstallShield_{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"phase-6" = phase-6 2.1.1.3
"Super RTL - Clubs" = Super RTL - Clubs
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VLC media player" = VLC media player 1.0.3
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 10.09.2009 03:55:22 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 10.09.2009 03:55:26 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 10.09.2009 03:56:38 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 10.09.2009 03:56:38 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 10.09.2009 03:56:44 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 30.01.2010 07:34:46 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 10.03.2010 07:51:29 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 10.06.2010 14:37:26 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 07.07.2010 14:34:12 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
Error - 11.07.2010 17:49:26 | Computer Name = Büro | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 06.11.2012 19:45:35 | Computer Name = Büro | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13525
Error - 06.11.2012 19:45:35 | Computer Name = Büro | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13525
Error - 07.11.2012 05:05:05 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 05:05:06 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 05:05:06 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 05:05:06 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 06:37:26 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 06:37:26 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 06:37:27 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 06:37:27 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 06.11.2012 17:42:19 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description =
Error - 06.11.2012 23:56:43 | Computer Name = Büro | Source = Service Control Manager | ID = 7011
Description =
Error - 07.11.2012 05:04:28 | Computer Name = Büro | Source = DCOM | ID = 10016
Description =
Error - 07.11.2012 05:04:53 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description =
Error - 07.11.2012 06:37:23 | Computer Name = Büro | Source = DCOM | ID = 10016
Description =
Error - 07.11.2012 06:37:57 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description =
Error - 07.11.2012 14:55:10 | Computer Name = Büro | Source = DCOM | ID = 10016
Description =
Error - 07.11.2012 14:59:40 | Computer Name = Büro | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.11.2012 um 19:58:02 unerwartet heruntergefahren.
Error - 07.11.2012 15:00:43 | Computer Name = Büro | Source = DCOM | ID = 10016
Description =
Error - 07.11.2012 15:01:11 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2012 20:40:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monika\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,84% Memory free 6,71 Gb Paging File | 4,87 Gb Available in Paging File | 72,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,74 Gb Total Space | 10,99 Gb Free Space | 11,25% Space Free | Partition Type: NTFS Drive D: | 596,16 Gb Total Space | 595,89 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 489,64 Gb Total Space | 488,93 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive L: | 298,02 Gb Total Space | 253,08 Gb Free Space | 84,92% Space Free | Partition Type: FAT32 Computer Name: BÜRO | User Name: Monika | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Monika\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Users\Monika\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) PRC - C:\Programme\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe (Fujitsu Siemens Computers GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc) PRC - C:\Programme\Common Files\Portrait Displays\Shared\DTSRVC.exe () PRC - C:\Programme\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.) PRC - C:\Windows\tray\wintmr.exe (Salfeld Computer) PRC - C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Portrait Displays\Pivot Software\Floater.exe () PRC - C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Fujitsu Siemens Computers\Key Configuration Tool\de-DE\KeyConfigurationTool.resources.dll () MOD - C:\Programme\Fujitsu Siemens Computers\Key Configuration Tool\KeyboardAndMouseHook.dll () MOD - C:\Programme\Common Files\Portrait Displays\Shared\DThook.dll () MOD - C:\Programme\Common Files\Portrait Displays\Plugins\CC\gui.dll () MOD - C:\Programme\Common Files\Portrait Displays\Shared\PresetsCOM.dll () MOD - C:\Programme\Common Files\Portrait Displays\Drivers\vista.dll () MOD - C:\Programme\Portrait Displays\Pivot Software\Floater.exe () MOD - C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe () MOD - C:\Programme\Portrait Displays\Pivot Software\Winphook.dll () ========== Services (SafeList) ========== SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe (Salfeld Computer) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Canon Driver Information Assist Service) -- C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.) SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (DTSRVC) -- C:\Programme\Common Files\Portrait Displays\Shared\DTSRVC.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (U6000ALL) -- C:\Windows\System32\drivers\U6000ALL.sys () DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (DFUBTUSB) -- C:\Windows\System32\drivers\frmupgr.sys (Broadcom Corporation.) DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC_de IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firefox@kidzui.com:0.8 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Monika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.01 21:43:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 12:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 13:02:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.06 22:18:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2010.02.24 10:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Extensions [2010.02.24 10:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.04 10:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions [2010.07.11 18:05:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.04 10:35:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012.11.01 20:47:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.24 19:26:43 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\crossriderapp5060@crossrider.com [2012.09.26 18:30:52 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\firefox@ghostery.com [2009.12.15 16:04:52 | 000,000,000 | ---D | M] (KidZui) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\firefox@kidzui.com [2012.10.24 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode [2012.06.20 19:29:53 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.09.19 18:55:22 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\autopager@mozilla.org.xpi [2012.07.06 08:33:45 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.11.04 10:35:36 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.11 09:58:41 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.25 08:47:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.23 06:58:57 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.09.14 07:43:17 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.11.04 19:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.01 21:43:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.03.05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KeyConfiguration] C:\Program Files\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH File not found O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7DA79F-3FA2-48CB-88C6-8B380620DE92}: DhcpNameServer = 193.254.160.1 193.254.160.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FEA5BB3-5DA6-4363-AAA2-0247AC59CA90}: DhcpNameServer = 192.168.3.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Monika\Pictures\100CANON\IMG_0574.JPG O24 - Desktop BackupWallPaper: C:\Users\Monika\Pictures\100CANON\IMG_0574.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c5ec33e8-86c4-11e1-90b0-002421536271}\Shell - "" = AutoRun O33 - MountPoints2\{c5ec33e8-86c4-11e1-90b0-002421536271}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{fd9b5122-1fef-11e1-b9a7-002421536271}\Shell - "" = AutoRun O33 - MountPoints2\{fd9b5122-1fef-11e1-b9a7-002421536271}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{fd9b5137-1fef-11e1-b9a7-002421536271}\Shell - "" = AutoRun O33 - MountPoints2\{fd9b5137-1fef-11e1-b9a7-002421536271}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.07 20:08:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monika\Desktop\OTL.exe [2012.11.06 22:48:54 | 000,000,000 | ---D | C] -- C:\Users\Monika\AppData\Roaming\Malwarebytes [2012.11.06 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.06 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 22:48:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.06 22:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.06 22:47:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Monika\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.06 22:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.11.06 18:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.11.04 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2012.11.04 18:45:14 | 000,000,000 | ---D | C] -- C:\Users\Monika\AppData\Roaming\Spyware Terminator [2012.11.04 18:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2012.11.04 18:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2012.11.04 18:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2012.10.27 13:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.10.27 13:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.10.27 12:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.27 12:41:35 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.10.24 19:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClocX [2012.10.17 07:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\dm-Fotowelt [2011.10.13 12:48:00 | 000,753,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Monika\install_flashplayer11x32_mssa_aih.exe [2011.08.23 09:07:32 | 000,602,624 | ---- | C] (Google Inc.) -- C:\Users\Monika\googleupdatesetup.exe [2011.05.08 10:10:15 | 004,992,081 | ---- | C] (Michael Müller ) -- C:\Users\Monika\pfsetup8_54.exe [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.07 20:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6383B9D-5577-470B-AF31-3669D3355B94}.job [2012.11.07 20:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9702C64F-12A6-4F0B-B14F-2B7E8794E612}.job [2012.11.07 20:38:53 | 000,000,000 | ---- | M] () -- C:\Users\Monika\defogger_reenable [2012.11.07 20:36:26 | 000,050,477 | ---- | M] () -- C:\Users\Monika\Desktop\Defogger.exe [2012.11.07 20:34:53 | 000,628,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.07 20:34:53 | 000,595,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.07 20:34:53 | 000,126,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.07 20:34:53 | 000,103,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.07 20:33:49 | 000,009,728 | ---- | M] () -- C:\Users\Monika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.07 20:08:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monika\Desktop\OTL.exe [2012.11.07 20:00:22 | 000,000,607 | ---- | M] () -- C:\Windows\System32\excltmp~.dat [2012.11.07 19:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.07 19:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.07 19:59:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 19:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.07 19:59:37 | 3488,817,152 | -HS- | M] () -- C:\hiberfil.sys [2012.11.07 12:06:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.07 10:03:35 | 000,421,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.06 22:48:46 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 22:47:53 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Monika\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.06 19:15:36 | 000,540,977 | ---- | M] () -- C:\Users\Monika\Desktop\adwcleaner2.006.exe [2012.11.06 18:52:52 | 000,009,290 | ---- | M] () -- C:\Windows\System32\cchservice.err [2012.11.06 18:48:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.11.06 18:47:22 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.04 18:45:12 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2012.10.31 19:56:13 | 000,002,721 | ---- | M] () -- C:\Users\Monika\Desktop\Microsoft Outlook 2010.lnk [2012.10.31 08:21:31 | 000,014,082 | ---- | M] () -- C:\Windows\System32\ccsync.err [2012.10.31 08:19:49 | 000,000,379 | ---- | M] () -- C:\NET.INI [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.10.29 15:23:25 | 000,002,659 | ---- | M] () -- C:\Users\Monika\Desktop\Microsoft PowerPoint 2010.lnk [2012.10.29 08:15:21 | 000,000,680 | RHS- | M] () -- C:\Users\Monika\ntuser.pol [2012.10.27 13:27:53 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.10.27 13:02:30 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.10.27 12:42:54 | 000,002,617 | ---- | M] () -- C:\Users\Monika\Desktop\Microsoft Word 2010.lnk [2012.10.17 08:34:24 | 001,563,504 | ---- | M] () -- C:\Users\Monika\Desktop\setup_dm_Fotowelt.exe [2012.10.17 07:56:58 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2012.10.17 07:56:58 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.07 20:38:53 | 000,000,000 | ---- | C] () -- C:\Users\Monika\defogger_reenable [2012.11.07 20:36:25 | 000,050,477 | ---- | C] () -- C:\Users\Monika\Desktop\Defogger.exe [2012.11.06 22:48:46 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 19:15:19 | 000,540,977 | ---- | C] () -- C:\Users\Monika\Desktop\adwcleaner2.006.exe [2012.11.06 18:47:22 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.04 18:45:15 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.11.04 18:45:12 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2012.10.27 13:27:53 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.10.27 13:11:44 | 000,002,721 | ---- | C] () -- C:\Users\Monika\Desktop\Microsoft Outlook 2010.lnk [2012.10.27 13:02:30 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.10.27 13:02:30 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.10.17 07:51:14 | 001,563,504 | ---- | C] () -- C:\Users\Monika\Desktop\setup_dm_Fotowelt.exe [2012.06.04 15:34:29 | 000,349,839 | ---- | C] () -- C:\Users\Monika\Annika schwarz.jpg [2012.06.03 18:24:50 | 001,561,824 | ---- | C] () -- C:\Users\Monika\setup_dm_Fotowelt.exe [2012.04.27 05:52:44 | 000,012,951 | ---- | C] () -- C:\Users\Monika\Freistellung Firmung.odg [2012.04.12 10:07:09 | 000,014,035 | ---- | C] () -- C:\Users\Monika\Family Media.odg [2012.04.03 18:40:20 | 000,019,944 | ---- | C] () -- C:\Users\Monika\Lego-Star-Wars-Battle-Droid-Neu.jpg [2012.04.02 10:03:09 | 000,012,936 | ---- | C] () -- C:\Users\Monika\lego-mars-mission-foto-bild-53590654.270.jpg [2012.04.01 18:45:46 | 000,062,784 | ---- | C] () -- C:\Users\Monika\lego-mars-mission-foto-bild-53910282.jpg [2012.04.01 18:41:32 | 000,400,507 | ---- | C] () -- C:\Users\Monika\k-BIMG_0221.JPG [2012.03.31 19:44:04 | 000,077,774 | ---- | C] () -- C:\Users\Monika\LEGO_8036_PIC_4.jpg [2012.03.31 19:43:13 | 000,044,082 | ---- | C] () -- C:\Users\Monika\LEGO_8036_2.jpg [2012.03.31 19:11:13 | 000,034,872 | ---- | C] () -- C:\Users\Monika\LEGO_7680_2.jpg [2012.03.12 12:32:36 | 000,014,779 | ---- | C] () -- C:\Users\Monika\Frau Wendl.odg [2012.03.11 10:31:12 | 000,020,461 | ---- | C] () -- C:\Users\Monika\Käsekuchen 2.odt [2012.03.06 11:00:09 | 000,015,982 | ---- | C] () -- C:\Users\Monika\annika geburtstag.odg [2012.02.29 12:44:54 | 121,966,592 | ---- | C] () -- C:\Users\Monika\DBFahrplaninfo.exe [2012.02.02 07:26:08 | 000,000,135 | -H-- | C] () -- C:\Users\Monika\.~lock.Plätzchen.odg# [2012.02.02 07:19:49 | 000,012,631 | ---- | C] () -- C:\Users\Monika\Mantej 2.odt [2012.02.02 07:09:19 | 000,012,632 | ---- | C] () -- C:\Users\Monika\Mantej.odt [2012.02.01 13:02:31 | 000,014,600 | ---- | C] () -- C:\Users\Monika\einladung Annika kommunion.odg [2012.01.19 16:18:36 | 000,022,584 | ---- | C] () -- C:\Users\Monika\absNW.zip [2011.12.08 10:08:05 | 000,010,874 | ---- | C] () -- C:\Users\Monika\Plätzchen.odg [2011.11.25 19:37:42 | 000,015,620 | ---- | C] () -- C:\Users\Monika\Lachsrolle.odg [2011.11.20 11:52:44 | 000,230,784 | ---- | C] () -- C:\Windows\System32\drivers\U6000ALL.sys [2011.11.19 11:27:23 | 000,019,041 | ---- | C] () -- C:\Users\Monika\Rezepte Aufstrich.odg [2011.10.04 16:09:24 | 000,011,998 | ---- | C] () -- C:\Users\Monika\haushalt.odg [2011.07.26 15:40:07 | 000,039,754 | ---- | C] () -- C:\Users\Monika\Treporti-Cavallino-Pois.kml [2011.07.21 16:22:10 | 000,015,455 | ---- | C] () -- C:\Users\Monika\Stempel + Visitenkarte.odg [2011.07.21 09:53:46 | 000,010,456 | ---- | C] () -- C:\Users\Monika\Vordruck Stempel.odg [2011.07.21 09:47:22 | 000,014,221 | ---- | C] () -- C:\Users\Monika\Stempel + Logo.odg [2011.07.20 20:25:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.07.20 19:13:44 | 000,015,510 | ---- | C] () -- C:\Users\Monika\stephan.pdf [2011.07.20 19:00:49 | 000,004,420 | ---- | C] () -- C:\Users\Monika\Stempel jpeg.jpg [2011.07.20 18:53:20 | 000,024,020 | ---- | C] () -- C:\Users\Monika\Stempel.jpg [2011.07.20 16:55:21 | 000,012,399 | ---- | C] () -- C:\Users\Monika\Stempel 2.odg [2011.07.20 16:50:55 | 000,004,560 | ---- | C] () -- C:\Users\Monika\Stempel.gif [2011.07.20 15:25:52 | 000,015,503 | ---- | C] () -- C:\Users\Monika\5.pdf [2011.07.20 15:18:52 | 000,015,521 | ---- | C] () -- C:\Users\Monika\Stempel3.pdf [2011.07.20 15:09:06 | 000,015,592 | ---- | C] () -- C:\Users\Monika\Stempel 2.pdf [2011.07.20 15:06:05 | 000,030,304 | ---- | C] () -- C:\Users\Monika\Stempel.pdf [2011.07.20 14:46:07 | 000,014,221 | ---- | C] () -- C:\Users\Monika\Stempel.odg [2011.07.20 10:34:58 | 000,016,207 | ---- | C] () -- C:\Users\Monika\STG 20.Juli.odg [2011.06.26 20:54:37 | 001,451,253 | ---- | C] () -- C:\Users\Monika\Abschluß Frau Heitmeier.odg [2011.06.06 09:32:49 | 000,246,454 | ---- | C] () -- C:\Users\Monika\Johanna.odg [2011.05.30 20:14:56 | 000,000,607 | ---- | C] () -- C:\Windows\System32\excltmp~.dat [2011.05.30 20:14:26 | 000,000,141 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini [2011.05.30 20:14:26 | 000,000,105 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL [2011.05.30 20:14:23 | 000,155,536 | ---- | C] () -- C:\Windows\System32\dllcinx.exe [2011.05.30 20:14:23 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys [2011.05.30 20:14:22 | 000,000,607 | ---- | C] () -- C:\Windows\System32\nochook.ini [2011.05.22 14:54:11 | 000,035,644 | ---- | C] () -- C:\Users\Monika\Elternbeirat 22.05-2011.odg [2011.05.08 10:26:47 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2011.05.08 10:26:47 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll [2011.03.29 17:24:17 | 000,014,088 | ---- | C] () -- C:\Users\Monika\Segmüller.odg [2011.03.19 08:56:46 | 000,014,470 | ---- | C] () -- C:\Users\Monika\muffins.odg [2011.03.18 13:59:02 | 000,009,022 | ---- | C] () -- C:\Users\Monika\Annika Brief.odg [2011.03.16 10:23:46 | 000,014,898 | ---- | C] () -- C:\Users\Monika\Freistellung Adrian.odg [2011.01.21 11:19:05 | 000,064,011 | ---- | C] () -- C:\Users\Monika\Das rote Pferd.odg [2011.01.21 09:27:49 | 000,021,108 | ---- | C] () -- C:\Users\Monika\Käsekuchen.odg [2011.01.17 11:16:35 | 000,019,757 | ---- | C] () -- C:\Users\Monika\papa geburtstag.odg [2010.10.28 22:33:36 | 000,000,398 | ---- | C] () -- C:\Users\Monika\AppData\Roaming\wklnhst.dat [2010.10.28 22:25:13 | 000,022,694 | ---- | C] () -- C:\Users\Monika\Treitinger.odg [2010.10.12 10:32:29 | 000,013,129 | ---- | C] () -- C:\Users\Monika\Unbenannt 1.odg [2010.05.12 15:00:57 | 000,000,760 | ---- | C] () -- C:\Users\Monika\AppData\Roaming\setup_ldm.iss [2010.04.13 18:55:26 | 000,011,327 | ---- | C] () -- C:\Users\Monika\frau heitmeier.odt [2010.02.23 20:45:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.30 14:53:36 | 000,000,680 | RHS- | C] () -- C:\Users\Monika\ntuser.pol [2009.04.07 20:36:17 | 000,000,680 | ---- | C] () -- C:\Users\Monika\AppData\Local\d3d9caps.dat [2009.04.06 22:20:10 | 000,009,728 | ---- | C] () -- C:\Users\Monika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.09.30 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DisplayTune [2011.01.30 11:34:42 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenOffice.org [2011.05.18 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Thunderbird [2011.11.20 13:27:38 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Ulead Systems [2011.06.01 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Annika\AppData\Roaming\DisplayTune [2011.06.02 09:11:25 | 000,000,000 | ---D | M] -- C:\Users\Annika\AppData\Roaming\Thunderbird [2011.11.22 18:36:35 | 000,000,000 | ---D | M] -- C:\Users\Annika\AppData\Roaming\Ulead Systems [2009.04.22 23:47:33 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\BitDefender [2009.04.10 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\DisplayTune [2009.05.04 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\OpenOffice.org [2012.11.04 18:45:14 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Spyware Terminator [2011.12.06 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\T-Mobile [2011.12.06 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\T-Mobile Internet Manager [2010.10.28 22:33:38 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Template [2010.02.24 10:35:40 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Thunderbird [2011.11.20 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Ulead Systems [2011.05.30 18:08:02 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\DisplayTune [2011.05.30 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\OpenOffice.org [2011.07.20 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\PDF Software [2011.12.06 11:36:05 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\T-Mobile [2011.07.17 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Thunderbird [2011.12.15 16:46:12 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Ulead Systems ========== Purity Check ========== < End of report > |
|
09.11.2012, 16:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Savings Sidekick von meinem Rechner? Sind das alle Logs mit Funden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.11.2012, 21:33
| #5 |
| | Wie entferne ich Savings Sidekick von meinem Rechner? Hallo, tut mir leid, dass ich mich jetzt erst wieder melde. War die Woche über privat und beruflich sehr eingespannt. Ja, das waren alle Logs mit Funden. Lasse momentan noch einen Scan mi Malwarebytes laufen. Werde diesen nochmals einstellen, weil meine Frau sagte, Malwarebytes hat heute wieder einen Alarm gegeben. Konnte noch nicht herausfinden um was es sich dabei handelt. Grüße |
|
16.11.2012, 22:40
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wie entferne ich Savings Sidekick von meinem Rechner?Zitat:
__________________ --> Wie entferne ich Savings Sidekick von meinem Rechner? |
|
| Themen zu Wie entferne ich Savings Sidekick von meinem Rechner? |
| anwendung, benötige, entferne, fehler, loswerden, nichts, professionelle, programme, rechner, savings, savings sidekick, schadprogramme, sidekick, tagen, versuch, versucht |
Linear-Darstellung
