Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wie entferne ich Savings Sidekick von meinem Rechner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.11.2012, 19:52   #1
Robotix
 
Wie entferne ich Savings Sidekick von meinem Rechner? - Standard

Wie entferne ich Savings Sidekick von meinem Rechner?



Hallo,

habe seit einigen Tagen Savings Sidekick auf dem Rechner. Wie kann ich diesen Mist loswerden? Ich habe schon einiges mit Malwarebytes/OTL/SpywareTerminator/adwcleaner versucht, hat aber nichts gebracht. Vielleicht habe ich bei der Anwendung dieser Programme einen Fehler gemacht. Deshalb benötige ich "professionelle" Hilfe, da ich mit Schadprogrammen noch nicht viel am Hut hatte.

Vielen Dank schon mal.

Alt 08.11.2012, 19:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie entferne ich Savings Sidekick von meinem Rechner? - Standard

Wie entferne ich Savings Sidekick von meinem Rechner?



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Schon irgendwelche Scans gemacht? Wenn ja => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 08.11.2012, 21:10   #3
Robotix
 
Wie entferne ich Savings Sidekick von meinem Rechner? - Standard

Wie entferne ich Savings Sidekick von meinem Rechner?



Hallo,

vielen Dank für die prompte Antwort. :-)

Hier ein paar Daten und Scans von meinem Rechner:

System:

Code:
ATTFilter
Betriebssystemname	Microsoft® Windows Vista™ Home Premium
Version	6.0.6002 Service Pack 2 Build 6002
Zusätzliche Betriebssystembeschreibung 	Nicht verfügbar
Betriebssystemhersteller	Microsoft Corporation
Systemname	abc
Systemhersteller	FUJITSU SIEMENS
Systemmodell	Amilo Desktop Pi3645A
Systemtyp	X86-basierter PC
Prozessor	Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz, 2670 MHz, 4 Kern(e), 4 logische(r) Prozessor(en)
BIOS-Version/-Datum	American Megatrends Inc. V3.0L, 17.09.2008
SMBIOS-Version	2.5
Windows-Verzeichnis	C:\Windows
Systemverzeichnis	C:\Windows\system32
Startgerät	\Device\HarddiskVolume2
Gebietsschema	Deutschland
Hardwareabstraktionsebene	Version = "6.0.6002.18005"
Benutzername	abc
Zeitzone	Mitteleuropäische Zeit
Installierter physikalischer Speicher (RAM)	4,00 GB
Gesamter realer Speicher	3,25 GB
Verfügbarer realer Speicher	1,83 GB
Gesamter virtueller Speicher	6,71 GB
Verfügbarer virtueller Speicher	4,83 GB
Größe der Auslagerungsdatei	3,54 GB
Auslagerungsdatei	C:\pagefile.sys
         
MalWareBytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.07.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
abc :: abc [Administrator]

Schutz: Aktiviert

07.11.2012 20:52:40
mbam-log-2012-11-07 (22-46-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|J:\|K:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 510696
Laufzeit: 1 Stunde(n), 18 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
L:\$RECYCLE.BIN\$RQON7GO.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
L:\$RECYCLE.BIN\$R1Y41XV.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.

(Ende)
         
OTL
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.11.2012 20:10:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Monika\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 52,32% Memory free
6,71 Gb Paging File | 4,96 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,74 Gb Total Space | 10,98 Gb Free Space | 11,24% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 595,89 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 489,64 Gb Total Space | 488,93 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: BÜRO | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AE4FE7-9B46-4808-93CC-6212EDB2C07A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2153D063-2C4A-473E-B006-E2DD0B62ABCF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2957A78A-4E17-43DD-BD38-D1E3EEAB341C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29F89A56-F76F-4F6F-935B-1ADBB8ED9F80}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2BB407D1-D7A9-435C-9E95-CEC4E3D4FC12}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | 
"{2D2BDCD6-4BBC-4C79-BFD0-E5F3BB442382}" = rport=139 | protocol=6 | dir=out | app=system | 
"{477C87F4-416B-463B-88A5-1D405E5BA7EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4EF3A5B0-8A7F-40DD-A702-8D93DF728C74}" = lport=139 | protocol=6 | dir=in | app=system | 
"{52DBA4EC-86C4-4659-A600-BE97F4FD7E27}" = lport=445 | protocol=6 | dir=in | app=system | 
"{548ACC86-0FC7-4681-9AB7-B3E8DEA093DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{55177A6C-BFD0-4E57-A125-B16EF802E3C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{5FE7FBD4-CE13-496A-A99F-D045396A8A1B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6706BA7D-0087-423A-AB11-22C84CC92529}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6833AC2B-45CF-45DB-AB09-19CBE7C372AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{85414435-B516-4E18-960D-E208EA2A8488}" = rport=138 | protocol=17 | dir=out | app=system | 
"{90E6CCE0-7E71-4D2B-ABEC-0F91320C5500}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{992339A6-4E34-4818-A1C1-F9D747CBDC3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A4B52172-D03D-48E7-B3E7-05C27CE85E3A}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe | 
"{A93F6AC8-339C-4DD6-804A-23FD01302C6B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A973D4F4-67A5-429B-8DC8-6019DCB5F21F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B27D2DE1-5425-48DD-948D-EA883BF2175A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B596F49D-5D12-49C8-AE26-FE07E35914B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B5AFDBA7-65B3-43D0-87D0-06D1F49ABDF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAF4FE46-58EE-4BA7-8EFC-177BD40163BD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E7B1B311-98F1-4DA2-9290-EBEBACA9320E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E83C6327-4595-4052-AC63-23FC0E687000}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC519980-AE8B-4F43-80E1-AD1C6A38D8CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{FEC3C59D-6EB3-4187-8A15-7DD632C5ECFF}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011AB200-277E-4514-ADD3-80A84A47CD7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{06BE2E1D-D87C-44FA-BD8F-8755552EDA9B}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{1CF116E1-A41E-4204-82A7-E95D90A59167}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{37161F12-F032-45D4-ADF5-6C2A626305EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{417E8494-EC2D-48C0-8CAE-86E14620E07A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{50288740-C1B1-4AF4-87EE-C771A54A1187}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5E32ABDE-67FB-4BAA-BFA3-EFE225B9D0D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{60FF9F04-FD20-4E16-97BE-E62D9115379C}" = protocol=17 | dir=in | app=c:\program files\canon\dias\cnxdias.exe | 
"{6430F2C8-F82C-47B9-B905-FA888DCB113F}" = protocol=6 | dir=in | app=c:\program files\canon\dias\cnxdias.exe | 
"{6B329D92-D29A-42D9-B9CB-625A32F75DD1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6F7B647A-D927-42F2-A7E8-5BD4D2D5BFC7}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | 
"{7A96CC44-8417-4550-88E5-6AB89718596C}" = protocol=6 | dir=in | app=c:\program files\canon\dias\cnxdias.exe | 
"{7DC0073D-BE53-49A1-9B5A-47A770A9A63F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{8D3C2800-96EF-4FBD-B360-6E07279BDEDD}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"{917EE75C-6C80-42BA-91A2-CE021B8E9521}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9801E1BA-2752-42FF-9EED-8B0710F4A361}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5F6BC01-9061-4701-A5ED-FFB29F007A2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AA03E496-E4EB-4695-86CD-2FFFC19A548B}" = protocol=17 | dir=in | app=c:\program files\canon\dias\cnxdias.exe | 
"{AC3992C6-08FD-4D48-8A97-B40AA8455BC9}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"{DFE02CE0-A870-4722-8E8B-297F60CDF8B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E161255D-0249-4FD0-9291-A21B63973FE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E74E7A4B-2D4C-4E42-B08A-C8B8A683DDE2}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | 
"{EF6D210F-E2A3-4987-AE5E-D666D38B1E0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F9EC35C0-9D45-4F5E-9155-E0743B18868E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FD96E4E8-1BB1-4F1C-9AC8-9EBADB385041}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FE95F273-C7FD-4938-95DF-6F492B48AE39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{08886769-3BC3-4DD2-AC3F-C12169E3E713}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{08CA524D-64C2-4D6F-B093-F70C6931C33F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{34BD5B3C-1FC0-4512-B3E7-9311C0DAE7FE}C:\program files\canon\color network scangear\sgtool.exe" = protocol=6 | dir=in | app=c:\program files\canon\color network scangear\sgtool.exe | 
"TCP Query User{AB0EDEC8-B0FD-40D8-A167-A3627BAB911F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{0164A039-A7D6-4C14-9551-93C639CE4CD2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{251A1302-2FBC-4594-96BC-2572CD9E20E9}C:\program files\canon\color network scangear\sgtool.exe" = protocol=17 | dir=in | app=c:\program files\canon\color network scangear\sgtool.exe | 
"UDP Query User{8F2BD229-F099-4607-B787-806045FD0167}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{90A4A2D9-83FE-4056-870E-CAF3214A82FC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0254256E-81C0-42F2-9F98-B5BF392091FD}" = Key Configuration Tool
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25D01A3F-D8BE-11D7-8514-0040954614F0}" = Jim Knopf
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4241C028-A33A-4BC4-853C-628221202B34}" = Color Network ScanGear Ver.2.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5B6455A4-E812-479B-A762-C2356244CF97}" = AV Grabber
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"4StoryDE_is1" = 4Story 3.4
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BilliBanni - Für unsere Kleinsten" = BilliBanni - Für unsere Kleinsten
"Diktattrainer plus 3-4" = Diktattrainer plus 3-4
"dm-Fotowelt" = dm-Fotowelt
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4241C028-A33A-4BC4-853C-628221202B34}" = Color Network ScanGear Ver.2.3
"InstallShield_{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"phase-6" = phase-6 2.1.1.3
"Super RTL - Clubs" = Super RTL - Clubs
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VLC media player" = VLC media player 1.0.3
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 10.09.2009 03:55:22 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 10.09.2009 03:55:26 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 10.09.2009 03:56:38 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 10.09.2009 03:56:38 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 10.09.2009 03:56:44 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 30.01.2010 07:34:46 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 10.03.2010 07:51:29 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 10.06.2010 14:37:26 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 07.07.2010 14:34:12 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
Error - 11.07.2010 17:49:26 | Computer Name = Büro | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 06.11.2012 19:45:35 | Computer Name = Büro | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13525
 
Error - 06.11.2012 19:45:35 | Computer Name = Büro | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13525
 
Error - 07.11.2012 05:05:05 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 05:05:06 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 05:05:06 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 05:05:06 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 06:37:26 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 06:37:26 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 06:37:27 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 06:37:27 | Computer Name = Büro | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 06.11.2012 17:42:19 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.11.2012 23:56:43 | Computer Name = Büro | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 07.11.2012 05:04:28 | Computer Name = Büro | Source = DCOM | ID = 10016
Description = 
 
Error - 07.11.2012 05:04:53 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.11.2012 06:37:23 | Computer Name = Büro | Source = DCOM | ID = 10016
Description = 
 
Error - 07.11.2012 06:37:57 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.11.2012 14:55:10 | Computer Name = Büro | Source = DCOM | ID = 10016
Description = 
 
Error - 07.11.2012 14:59:40 | Computer Name = Büro | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.11.2012 um 19:58:02 unerwartet heruntergefahren.
 
Error - 07.11.2012 15:00:43 | Computer Name = Büro | Source = DCOM | ID = 10016
Description = 
 
Error - 07.11.2012 15:01:11 | Computer Name = Büro | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.11.2012 20:40:23 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Monika\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,84% Memory free
6,71 Gb Paging File | 4,87 Gb Available in Paging File | 72,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,74 Gb Total Space | 10,99 Gb Free Space | 11,25% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 595,89 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 489,64 Gb Total Space | 488,93 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive L: | 298,02 Gb Total Space | 253,08 Gb Free Space | 84,92% Space Free | Partition Type: FAT32
 
Computer Name: BÜRO | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Monika\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Users\Monika\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
PRC - C:\Programme\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe (Fujitsu Siemens Computers GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Programme\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Programme\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)
PRC - C:\Windows\tray\wintmr.exe (Salfeld Computer)
PRC - C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Portrait Displays\Pivot Software\Floater.exe ()
PRC - C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Fujitsu Siemens Computers\Key Configuration Tool\de-DE\KeyConfigurationTool.resources.dll ()
MOD - C:\Programme\Fujitsu Siemens Computers\Key Configuration Tool\KeyboardAndMouseHook.dll ()
MOD - C:\Programme\Common Files\Portrait Displays\Shared\DThook.dll ()
MOD - C:\Programme\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Programme\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Programme\Common Files\Portrait Displays\Drivers\vista.dll ()
MOD - C:\Programme\Portrait Displays\Pivot Software\Floater.exe ()
MOD - C:\Programme\Portrait Displays\Pivot Software\wpCtrl.exe ()
MOD - C:\Programme\Portrait Displays\Pivot Software\Winphook.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe (Salfeld Computer)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Canon Driver Information Assist Service) -- C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (DTSRVC) -- C:\Programme\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (U6000ALL) -- C:\Windows\System32\drivers\U6000ALL.sys ()
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (DFUBTUSB) -- C:\Windows\System32\drivers\frmupgr.sys (Broadcom Corporation.)
DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC_de
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@kidzui.com:0.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Monika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.01 21:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 12:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 13:02:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.06 22:18:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
 
[2010.02.24 10:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Extensions
[2010.02.24 10:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.04 10:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions
[2010.07.11 18:05:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.04 10:35:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012.11.01 20:47:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.24 19:26:43 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\crossriderapp5060@crossrider.com
[2012.09.26 18:30:52 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\firefox@ghostery.com
[2009.12.15 16:04:52 | 000,000,000 | ---D | M] (KidZui) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\firefox@kidzui.com
[2012.10.24 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\vnhfgvi1.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
[2012.06.20 19:29:53 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.09.19 18:55:22 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\autopager@mozilla.org.xpi
[2012.07.06 08:33:45 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.11.04 10:35:36 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.09.11 09:58:41 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.25 08:47:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.23 06:58:57 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.09.14 07:43:17 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\vnhfgvi1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.11.04 19:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.01 21:43:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.03.05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KeyConfiguration] C:\Program Files\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH File not found
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2155028390-2745721884-165372984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7DA79F-3FA2-48CB-88C6-8B380620DE92}: DhcpNameServer = 193.254.160.1 193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FEA5BB3-5DA6-4363-AAA2-0247AC59CA90}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Monika\Pictures\100CANON\IMG_0574.JPG
O24 - Desktop BackupWallPaper: C:\Users\Monika\Pictures\100CANON\IMG_0574.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c5ec33e8-86c4-11e1-90b0-002421536271}\Shell - "" = AutoRun
O33 - MountPoints2\{c5ec33e8-86c4-11e1-90b0-002421536271}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{fd9b5122-1fef-11e1-b9a7-002421536271}\Shell - "" = AutoRun
O33 - MountPoints2\{fd9b5122-1fef-11e1-b9a7-002421536271}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{fd9b5137-1fef-11e1-b9a7-002421536271}\Shell - "" = AutoRun
O33 - MountPoints2\{fd9b5137-1fef-11e1-b9a7-002421536271}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.07 20:08:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monika\Desktop\OTL.exe
[2012.11.06 22:48:54 | 000,000,000 | ---D | C] -- C:\Users\Monika\AppData\Roaming\Malwarebytes
[2012.11.06 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 22:48:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.06 22:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.06 22:47:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Monika\Desktop\mbam-setup-1.65.1.1000.exe
[2012.11.06 22:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.11.06 18:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.04 18:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2012.11.04 18:45:14 | 000,000,000 | ---D | C] -- C:\Users\Monika\AppData\Roaming\Spyware Terminator
[2012.11.04 18:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.11.04 18:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.11.04 18:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012.10.27 13:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.27 13:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.27 12:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.27 12:41:35 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.10.24 19:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClocX
[2012.10.17 07:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\dm-Fotowelt
[2011.10.13 12:48:00 | 000,753,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Monika\install_flashplayer11x32_mssa_aih.exe
[2011.08.23 09:07:32 | 000,602,624 | ---- | C] (Google Inc.) -- C:\Users\Monika\googleupdatesetup.exe
[2011.05.08 10:10:15 | 004,992,081 | ---- | C] (Michael Müller                                              ) -- C:\Users\Monika\pfsetup8_54.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.07 20:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6383B9D-5577-470B-AF31-3669D3355B94}.job
[2012.11.07 20:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9702C64F-12A6-4F0B-B14F-2B7E8794E612}.job
[2012.11.07 20:38:53 | 000,000,000 | ---- | M] () -- C:\Users\Monika\defogger_reenable
[2012.11.07 20:36:26 | 000,050,477 | ---- | M] () -- C:\Users\Monika\Desktop\Defogger.exe
[2012.11.07 20:34:53 | 000,628,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.07 20:34:53 | 000,595,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.07 20:34:53 | 000,126,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.07 20:34:53 | 000,103,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.07 20:33:49 | 000,009,728 | ---- | M] () -- C:\Users\Monika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.07 20:08:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monika\Desktop\OTL.exe
[2012.11.07 20:00:22 | 000,000,607 | ---- | M] () -- C:\Windows\System32\excltmp~.dat
[2012.11.07 19:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 19:59:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 19:59:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.07 19:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.07 19:59:37 | 3488,817,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 12:06:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.07 10:03:35 | 000,421,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.06 22:48:46 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 22:47:53 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Monika\Desktop\mbam-setup-1.65.1.1000.exe
[2012.11.06 19:15:36 | 000,540,977 | ---- | M] () -- C:\Users\Monika\Desktop\adwcleaner2.006.exe
[2012.11.06 18:52:52 | 000,009,290 | ---- | M] () -- C:\Windows\System32\cchservice.err
[2012.11.06 18:48:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.06 18:47:22 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.04 18:45:12 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.31 19:56:13 | 000,002,721 | ---- | M] () -- C:\Users\Monika\Desktop\Microsoft Outlook 2010.lnk
[2012.10.31 08:21:31 | 000,014,082 | ---- | M] () -- C:\Windows\System32\ccsync.err
[2012.10.31 08:19:49 | 000,000,379 | ---- | M] () -- C:\NET.INI
[2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.10.29 15:23:25 | 000,002,659 | ---- | M] () -- C:\Users\Monika\Desktop\Microsoft PowerPoint 2010.lnk
[2012.10.29 08:15:21 | 000,000,680 | RHS- | M] () -- C:\Users\Monika\ntuser.pol
[2012.10.27 13:27:53 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.10.27 13:02:30 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.27 12:42:54 | 000,002,617 | ---- | M] () -- C:\Users\Monika\Desktop\Microsoft Word 2010.lnk
[2012.10.17 08:34:24 | 001,563,504 | ---- | M] () -- C:\Users\Monika\Desktop\setup_dm_Fotowelt.exe
[2012.10.17 07:56:58 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2012.10.17 07:56:58 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.07 20:38:53 | 000,000,000 | ---- | C] () -- C:\Users\Monika\defogger_reenable
[2012.11.07 20:36:25 | 000,050,477 | ---- | C] () -- C:\Users\Monika\Desktop\Defogger.exe
[2012.11.06 22:48:46 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 19:15:19 | 000,540,977 | ---- | C] () -- C:\Users\Monika\Desktop\adwcleaner2.006.exe
[2012.11.06 18:47:22 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.04 18:45:15 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.11.04 18:45:12 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.27 13:27:53 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.10.27 13:11:44 | 000,002,721 | ---- | C] () -- C:\Users\Monika\Desktop\Microsoft Outlook 2010.lnk
[2012.10.27 13:02:30 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.27 13:02:30 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.10.17 07:51:14 | 001,563,504 | ---- | C] () -- C:\Users\Monika\Desktop\setup_dm_Fotowelt.exe
[2012.06.04 15:34:29 | 000,349,839 | ---- | C] () -- C:\Users\Monika\Annika schwarz.jpg
[2012.06.03 18:24:50 | 001,561,824 | ---- | C] () -- C:\Users\Monika\setup_dm_Fotowelt.exe
[2012.04.27 05:52:44 | 000,012,951 | ---- | C] () -- C:\Users\Monika\Freistellung Firmung.odg
[2012.04.12 10:07:09 | 000,014,035 | ---- | C] () -- C:\Users\Monika\Family Media.odg
[2012.04.03 18:40:20 | 000,019,944 | ---- | C] () -- C:\Users\Monika\Lego-Star-Wars-Battle-Droid-Neu.jpg
[2012.04.02 10:03:09 | 000,012,936 | ---- | C] () -- C:\Users\Monika\lego-mars-mission-foto-bild-53590654.270.jpg
[2012.04.01 18:45:46 | 000,062,784 | ---- | C] () -- C:\Users\Monika\lego-mars-mission-foto-bild-53910282.jpg
[2012.04.01 18:41:32 | 000,400,507 | ---- | C] () -- C:\Users\Monika\k-BIMG_0221.JPG
[2012.03.31 19:44:04 | 000,077,774 | ---- | C] () -- C:\Users\Monika\LEGO_8036_PIC_4.jpg
[2012.03.31 19:43:13 | 000,044,082 | ---- | C] () -- C:\Users\Monika\LEGO_8036_2.jpg
[2012.03.31 19:11:13 | 000,034,872 | ---- | C] () -- C:\Users\Monika\LEGO_7680_2.jpg
[2012.03.12 12:32:36 | 000,014,779 | ---- | C] () -- C:\Users\Monika\Frau Wendl.odg
[2012.03.11 10:31:12 | 000,020,461 | ---- | C] () -- C:\Users\Monika\Käsekuchen 2.odt
[2012.03.06 11:00:09 | 000,015,982 | ---- | C] () -- C:\Users\Monika\annika geburtstag.odg
[2012.02.29 12:44:54 | 121,966,592 | ---- | C] () -- C:\Users\Monika\DBFahrplaninfo.exe
[2012.02.02 07:26:08 | 000,000,135 | -H-- | C] () -- C:\Users\Monika\.~lock.Plätzchen.odg#
[2012.02.02 07:19:49 | 000,012,631 | ---- | C] () -- C:\Users\Monika\Mantej 2.odt
[2012.02.02 07:09:19 | 000,012,632 | ---- | C] () -- C:\Users\Monika\Mantej.odt
[2012.02.01 13:02:31 | 000,014,600 | ---- | C] () -- C:\Users\Monika\einladung Annika kommunion.odg
[2012.01.19 16:18:36 | 000,022,584 | ---- | C] () -- C:\Users\Monika\absNW.zip
[2011.12.08 10:08:05 | 000,010,874 | ---- | C] () -- C:\Users\Monika\Plätzchen.odg
[2011.11.25 19:37:42 | 000,015,620 | ---- | C] () -- C:\Users\Monika\Lachsrolle.odg
[2011.11.20 11:52:44 | 000,230,784 | ---- | C] () -- C:\Windows\System32\drivers\U6000ALL.sys
[2011.11.19 11:27:23 | 000,019,041 | ---- | C] () -- C:\Users\Monika\Rezepte Aufstrich.odg
[2011.10.04 16:09:24 | 000,011,998 | ---- | C] () -- C:\Users\Monika\haushalt.odg
[2011.07.26 15:40:07 | 000,039,754 | ---- | C] () -- C:\Users\Monika\Treporti-Cavallino-Pois.kml
[2011.07.21 16:22:10 | 000,015,455 | ---- | C] () -- C:\Users\Monika\Stempel + Visitenkarte.odg
[2011.07.21 09:53:46 | 000,010,456 | ---- | C] () -- C:\Users\Monika\Vordruck Stempel.odg
[2011.07.21 09:47:22 | 000,014,221 | ---- | C] () -- C:\Users\Monika\Stempel + Logo.odg
[2011.07.20 20:25:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.20 19:13:44 | 000,015,510 | ---- | C] () -- C:\Users\Monika\stephan.pdf
[2011.07.20 19:00:49 | 000,004,420 | ---- | C] () -- C:\Users\Monika\Stempel jpeg.jpg
[2011.07.20 18:53:20 | 000,024,020 | ---- | C] () -- C:\Users\Monika\Stempel.jpg
[2011.07.20 16:55:21 | 000,012,399 | ---- | C] () -- C:\Users\Monika\Stempel 2.odg
[2011.07.20 16:50:55 | 000,004,560 | ---- | C] () -- C:\Users\Monika\Stempel.gif
[2011.07.20 15:25:52 | 000,015,503 | ---- | C] () -- C:\Users\Monika\5.pdf
[2011.07.20 15:18:52 | 000,015,521 | ---- | C] () -- C:\Users\Monika\Stempel3.pdf
[2011.07.20 15:09:06 | 000,015,592 | ---- | C] () -- C:\Users\Monika\Stempel 2.pdf
[2011.07.20 15:06:05 | 000,030,304 | ---- | C] () -- C:\Users\Monika\Stempel.pdf
[2011.07.20 14:46:07 | 000,014,221 | ---- | C] () -- C:\Users\Monika\Stempel.odg
[2011.07.20 10:34:58 | 000,016,207 | ---- | C] () -- C:\Users\Monika\STG 20.Juli.odg
[2011.06.26 20:54:37 | 001,451,253 | ---- | C] () -- C:\Users\Monika\Abschluß Frau Heitmeier.odg
[2011.06.06 09:32:49 | 000,246,454 | ---- | C] () -- C:\Users\Monika\Johanna.odg
[2011.05.30 20:14:56 | 000,000,607 | ---- | C] () -- C:\Windows\System32\excltmp~.dat
[2011.05.30 20:14:26 | 000,000,141 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini
[2011.05.30 20:14:26 | 000,000,105 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2011.05.30 20:14:23 | 000,155,536 | ---- | C] () -- C:\Windows\System32\dllcinx.exe
[2011.05.30 20:14:23 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys
[2011.05.30 20:14:22 | 000,000,607 | ---- | C] () -- C:\Windows\System32\nochook.ini
[2011.05.22 14:54:11 | 000,035,644 | ---- | C] () -- C:\Users\Monika\Elternbeirat 22.05-2011.odg
[2011.05.08 10:26:47 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2011.05.08 10:26:47 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll
[2011.03.29 17:24:17 | 000,014,088 | ---- | C] () -- C:\Users\Monika\Segmüller.odg
[2011.03.19 08:56:46 | 000,014,470 | ---- | C] () -- C:\Users\Monika\muffins.odg
[2011.03.18 13:59:02 | 000,009,022 | ---- | C] () -- C:\Users\Monika\Annika Brief.odg
[2011.03.16 10:23:46 | 000,014,898 | ---- | C] () -- C:\Users\Monika\Freistellung Adrian.odg
[2011.01.21 11:19:05 | 000,064,011 | ---- | C] () -- C:\Users\Monika\Das rote Pferd.odg
[2011.01.21 09:27:49 | 000,021,108 | ---- | C] () -- C:\Users\Monika\Käsekuchen.odg
[2011.01.17 11:16:35 | 000,019,757 | ---- | C] () -- C:\Users\Monika\papa geburtstag.odg
[2010.10.28 22:33:36 | 000,000,398 | ---- | C] () -- C:\Users\Monika\AppData\Roaming\wklnhst.dat
[2010.10.28 22:25:13 | 000,022,694 | ---- | C] () -- C:\Users\Monika\Treitinger.odg
[2010.10.12 10:32:29 | 000,013,129 | ---- | C] () -- C:\Users\Monika\Unbenannt 1.odg
[2010.05.12 15:00:57 | 000,000,760 | ---- | C] () -- C:\Users\Monika\AppData\Roaming\setup_ldm.iss
[2010.04.13 18:55:26 | 000,011,327 | ---- | C] () -- C:\Users\Monika\frau heitmeier.odt
[2010.02.23 20:45:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.30 14:53:36 | 000,000,680 | RHS- | C] () -- C:\Users\Monika\ntuser.pol
[2009.04.07 20:36:17 | 000,000,680 | ---- | C] () -- C:\Users\Monika\AppData\Local\d3d9caps.dat
[2009.04.06 22:20:10 | 000,009,728 | ---- | C] () -- C:\Users\Monika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.09.30 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DisplayTune
[2011.01.30 11:34:42 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenOffice.org
[2011.05.18 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Thunderbird
[2011.11.20 13:27:38 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Ulead Systems
[2011.06.01 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Annika\AppData\Roaming\DisplayTune
[2011.06.02 09:11:25 | 000,000,000 | ---D | M] -- C:\Users\Annika\AppData\Roaming\Thunderbird
[2011.11.22 18:36:35 | 000,000,000 | ---D | M] -- C:\Users\Annika\AppData\Roaming\Ulead Systems
[2009.04.22 23:47:33 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\BitDefender
[2009.04.10 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\DisplayTune
[2009.05.04 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\OpenOffice.org
[2012.11.04 18:45:14 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Spyware Terminator
[2011.12.06 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\T-Mobile
[2011.12.06 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\T-Mobile Internet Manager
[2010.10.28 22:33:38 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Template
[2010.02.24 10:35:40 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Thunderbird
[2011.11.20 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Ulead Systems
[2011.05.30 18:08:02 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\DisplayTune
[2011.05.30 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\OpenOffice.org
[2011.07.20 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\PDF Software
[2011.12.06 11:36:05 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\T-Mobile
[2011.07.17 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Thunderbird
[2011.12.15 16:46:12 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
__________________

Alt 09.11.2012, 15:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie entferne ich Savings Sidekick von meinem Rechner? - Standard

Wie entferne ich Savings Sidekick von meinem Rechner?



Sind das alle Logs mit Funden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2012, 20:33   #5
Robotix
 
Wie entferne ich Savings Sidekick von meinem Rechner? - Standard

Wie entferne ich Savings Sidekick von meinem Rechner?



Hallo,

tut mir leid, dass ich mich jetzt erst wieder melde. War die Woche über privat und beruflich sehr eingespannt. Ja, das waren alle Logs mit Funden. Lasse momentan noch einen Scan mi Malwarebytes laufen. Werde diesen nochmals einstellen, weil meine Frau sagte, Malwarebytes hat heute wieder einen Alarm gegeben. Konnte noch nicht herausfinden um was es sich dabei handelt.

Grüße


Alt 16.11.2012, 21:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wie entferne ich Savings Sidekick von meinem Rechner? - Standard

Wie entferne ich Savings Sidekick von meinem Rechner?



Zitat:
Konnte noch nicht herausfinden um was es sich dabei handelt.
Malwarebytes speichert alle Logs
__________________
--> Wie entferne ich Savings Sidekick von meinem Rechner?

Antwort

Themen zu Wie entferne ich Savings Sidekick von meinem Rechner?
anwendung, benötige, entferne, fehler, loswerden, nichts, professionelle, programme, rechner, savings, savings sidekick, schadprogramme, sidekick, tagen, versuch, versucht



Ähnliche Themen: Wie entferne ich Savings Sidekick von meinem Rechner?


  1. Wie entferne ich sitescout von meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (12)
  2. 2x | Wie entferne ich qv06 von meinem Lapi
    Mülltonne - 06.09.2013 (2)
  3. Savings Sidekick (und evtl. noch mehr) auf meinem PC!
    Log-Analyse und Auswertung - 27.07.2013 (11)
  4. Savings Sidekick und Babylon object installer gefunden, Rechner verlangsamt, bluescreens
    Log-Analyse und Auswertung - 05.04.2013 (16)
  5. Trojaner Savings Sidekick und Incredibar auf meinem Laptop
    Log-Analyse und Auswertung - 01.04.2013 (16)
  6. click to continue by savings sidekick
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (3)
  7. Savings Sidekick auf PC unter Software gefunden, läßt sich nicht restlos entfernen
    Log-Analyse und Auswertung - 12.02.2013 (21)
  8. Savings Sidekick
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (1)
  9. Savings Sidekick wie los werden?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (23)
  10. Wie entferne ich HEUR:Exploit.Java.CVE-2012-4681.gen von meinem Rechner ?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (29)
  11. hilfe savings sidekick
    Log-Analyse und Auswertung - 23.12.2012 (19)
  12. Savings Sidekick entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (1)
  13. Savings Sidekick und ungewollte Links
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (13)
  14. Savings Sidekick entfernen?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (7)
  15. click to continue by savings sidekick
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (21)
  16. Hilfe! Savings Sidekick entfernen..aber wie?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (12)
  17. Blabbers auf meinem Rechner gefunden, wie entferne ich den richtig?
    Log-Analyse und Auswertung - 27.09.2012 (1)

Zum Thema Wie entferne ich Savings Sidekick von meinem Rechner? - Hallo, habe seit einigen Tagen Savings Sidekick auf dem Rechner. Wie kann ich diesen Mist loswerden? Ich habe schon einiges mit Malwarebytes/OTL/SpywareTerminator/adwcleaner versucht, hat aber nichts gebracht . Vielleicht habe - Wie entferne ich Savings Sidekick von meinem Rechner?...
Archiv
Du betrachtest: Wie entferne ich Savings Sidekick von meinem Rechner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.