Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org?

Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org?


Plagegeister aller Art und deren Bekämpfung: Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.09.2012, 19:59   #1
Ansgar B.
 
Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org? - Standard

Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org?


Hallo zusammen,

ich habe schon oft Problemchen durch passives Lesen auf eurer Seite lösen können, jetzt muss ich aktiv um Hilfe bitten.

Probleme
1.) Unerwünschte Umleitungen auf andere Seiten.
Sehr oft tritt sowas hier auf:
sherlocksearch.org/c.php?id=8f705dbd5b5d355c10e05ddd7efef286&PHPSESSID=trrgknbd5ltis6mth9f33gl3k4
Teilweise lande ich aber auch "echten" Seiten.

2.) Manche Seiten(elemente) laden nicht.
z.B. Onlinbanking über finanzportal.fiducia.de oder auch die Vorschaubilder bei youtube.

3.) Performanceprobleme
Oft erscheint in der unteren Browserleiste "warten auf sherlocksearch.org" o.ä., selbst wenn anschließend die korrekte Seite lädt.
Aber auch andere Sachen, wie z.B. youtube-Videos stocken.

Was ich schon probiert habe
-Routerreset
-Verbindung über Surfstick ohne Router
-Browserwechsel
-Scan mit Norton
-Scan mit Spybot
-Scan mit IObit
-DNS Cache leeren
-DNS Server wechseln

Alles ohne jegliche Veränderung.

Vorbereitung und Logfiles
Der defogger hat keine Fehlermeldung gezeigt.

Link zu GMER hat nicht funktioniert.

OTL logfile created on: 26.09.2012 20:06:01 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,50 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 64,16% Memory free
5,00 Gb Paging File | 3,66 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 276,99 Gb Total Space | 191,27 Gb Free Space | 69,05% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: NTFS

Computer Name: ****** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.26 20:04:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.07.02 16:02:28 | 004,473,728 | ---- | M] (IObit) -- C:\Programme\IObit Malware Fighter\IMF.exe
PRC - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Programme\IObit Malware Fighter\IMFsrv.exe
PRC - [2011.09.22 02:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2011.08.25 11:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 11:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.12.09 15:25:16 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009.09.16 19:30:38 | 000,674,336 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.09.04 20:08:00 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\YouCam\YouCamTray.exe
PRC - [2009.06.03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.03 04:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.25 11:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2009.06.03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV - [2012.09.07 23:40:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011.09.22 02:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2011.08.25 11:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.09 15:25:16 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos)
DRV - [2012.09.18 02:40:26 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120925.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.18 02:40:26 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120925.033\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.01 02:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120925.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.01 02:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.01 02:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.07.05 13:53:38 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Programme\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012.07.05 13:53:36 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Programme\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2012.01.05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Programme\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011.09.22 02:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\cchpx86.sys -- (ccHP)
DRV - [2011.09.22 02:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symtdi.sys -- (SYMTDI)
DRV - [2011.09.22 02:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symfw.sys -- (SYMFW)
DRV - [2011.09.22 02:40:13 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0308030.006\symndisv.sys -- (SYMNDISV)
DRV - [2011.03.26 11:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.03.26 11:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.03.26 11:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.03.26 11:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.08.04 17:49:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010.08.04 17:49:05 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys -- (SymEFA)
DRV - [2010.08.04 17:49:05 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0308030.006\srtsp.sys -- (SRTSP)
DRV - [2010.08.04 17:49:05 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010.08.04 17:49:05 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0308030.006\srtspx.sys -- (SRTSPX)
DRV - [2010.08.04 17:49:05 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.12.09 15:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.09.01 00:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.19 15:16:16 | 000,859,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.07.30 17:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.26 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FCC5149B-1796-4446-AE3F-A4AAF3F79A37}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.12 18:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 19:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\firefox\components [2012.09.07 23:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\firefox\plugins [2012.09.07 23:40:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.09 19:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 19:14:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\firefox\components [2012.09.07 23:40:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\firefox\plugins [2012.09.07 23:40:35 | 000,000,000 | ---D | M]

[2010.03.30 21:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.30 21:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.24 23:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2dxd7q8v.default\extensions
[2011.09.03 12:46:41 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2dxd7q8v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.07.24 23:33:46 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\2dxd7q8v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.26 18:05:29 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN

O1 HOSTS File: ([2010.10.17 22:11:38 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [UpgradeHelper] C:\Users\***\AppData\Roaming\Microsoft Corporation\{6FA0CEAA-265E-4767-A94A-5BB785098027}\UpgradeHelper.exe ()
O4 - HKCU..\Run: [Wiryifaq] C:\Users\***\AppData\Roaming\Ylurat\uphag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A87FCBAD-061E-4F3B-B55D-27184D82E80F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F82366A6-30E0-4A07-B3BD-F07A7ABEC7BF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60ce8f66-bdf2-11e0-ae28-00222007dba3}\Shell - "" = AutoRun
O33 - MountPoints2\{60ce8f66-bdf2-11e0-ae28-00222007dba3}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.26 20:04:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.26 19:36:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.09.24 22:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.09.24 22:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.09.24 22:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.09.24 21:47:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.09.24 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012.09.24 20:07:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IObit
[2012.09.24 20:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Malware Fighter
[2012.09.07 23:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\firefox
[2012.09.04 21:52:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Help
[2012.09.04 21:48:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.09.04 21:48:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft Corporation
[2012.08.29 20:44:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yqihet
[2012.08.29 20:44:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ryymot
[2012.08.29 20:44:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ehiki
[2012.08.27 22:16:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ylurat
[2012.08.27 22:16:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Eksoga
[2012.08.27 22:16:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adhou

========== Files - Modified Within 30 Days ==========

[2012.09.26 20:04:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.26 20:03:41 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.09.26 18:14:56 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 18:14:56 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 18:05:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.26 18:05:02 | 2011,971,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.25 20:03:17 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.25 20:03:17 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.25 20:03:17 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.25 20:03:17 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.24 20:07:33 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012.09.24 18:37:44 | 000,440,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.22 22:33:11 | 000,245,228 | ---- | M] () -- C:\Users\***\Desktop\Gt1.tcx
[2012.09.12 22:35:01 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2012.09.26 20:03:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.09.24 20:07:33 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012.09.22 22:33:09 | 000,245,228 | ---- | C] () -- C:\Users\***\Desktop\Gt1.tcx
[2012.09.12 22:35:01 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.06.16 14:29:55 | 000,001,940 | ---- | C] () -- C:\Users\***\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.06.16 19:09:03 | 000,000,337 | ---- | C] () -- C:\Users\***\AppData\Local\Perfmon.PerfmonCfg
[2010.05.11 21:37:48 | 000,000,114 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.09.24 21:48:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.08.27 22:16:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adhou
[2012.01.31 18:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.08.03 16:53:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase
[2012.09.24 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.08.31 17:15:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ehiki
[2012.09.26 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eksoga
[2012.04.12 15:21:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.08.16 15:29:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2012.09.24 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2010.05.26 20:42:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2010.06.17 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lyx16
[2012.08.30 20:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ryymot
[2012.09.04 21:48:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.06.18 19:49:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.03.30 21:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.09.12 22:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ylurat
[2012.08.29 20:44:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yqihet

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 26.09.2012 20:06:01 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,50 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 64,16% Memory free
5,00 Gb Paging File | 3,66 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 276,99 Gb Total Space | 191,27 Gb Free Space | 69,05% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: NTFS

Computer Name: ****** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063937C2-42F6-4110-8D09-B35CB18D66BE}" = rport=138 | protocol=17 | dir=out | app=system |
"{07B29F82-805D-44B8-AC1C-7CCED420F7CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E06F449-FE5E-45E4-BC19-D5F47F68A4C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3584BF61-E20E-4875-9322-C1D798F7CCCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B1ABE43-80D7-4702-BB6D-432B20B47717}" = rport=137 | protocol=17 | dir=out | app=system |
"{49E7AC42-3C4F-4918-BEA9-2251E2B3712F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54C97D4F-4B96-4B1F-964E-98AE4A31F8EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F9BD7AD-1D90-4632-B082-4058A506B818}" = lport=137 | protocol=17 | dir=in | app=system |
"{64B0CBA4-5862-438D-AFF9-34C44668CB53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BDB65E4-9288-4090-8667-9231F7A8B340}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79EB1960-CBB7-4E4A-A3A1-528649335437}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{884A87C9-9A5E-45A3-BA9C-244B0826D8AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C40684D-333A-4C8B-A0DB-33187FBFE947}" = lport=138 | protocol=17 | dir=in | app=system |
"{92F20556-7B07-4754-9274-B8DB4C700F05}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9FD62A61-CF6A-435F-8920-5FA8BA283794}" = rport=139 | protocol=6 | dir=out | app=system |
"{A635B5E0-1411-4F47-BE8E-8044B78A7E61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AEA30753-FEC4-4AED-B27E-A743C655099E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B47043E9-C812-4153-A955-03CDA787EA9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5B5439A-A6C4-42B5-ABBA-48ACEB197633}" = lport=445 | protocol=6 | dir=in | app=system |
"{C69EA4AD-12B2-40FE-A57C-EC61FAB7660A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CB5E0CDE-EE37-41B3-AD1F-52AE32A92B22}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE5D3AA8-8C01-4AF1-96D2-639C221B6058}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D611FDE2-1D3C-4142-93B7-EDD7D581E91E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E20942BA-8409-456C-951C-17CFF4F49C06}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F10D7E75-3B7F-4293-8879-5FACDA3EBC3F}" = rport=445 | protocol=6 | dir=out | app=system |
"{F22315DC-ED11-4EDF-A093-C257331741FF}" = lport=139 | protocol=6 | dir=in | app=system |
"{F889E39E-1DC4-48FB-AB1A-DA8671F14D58}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C637E7-0FD4-41F7-A441-EAF49820D90C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BABA6C9-D9FE-4858-95E6-8D11ADCE0249}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{126D71B9-DE0E-47D4-A54C-2897A0AE63B5}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{14233E51-4F51-4301-8574-36BAC488562A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{14EAF644-8F51-4D9C-B134-C27868443B62}" = dir=in | app=e:\setup\hpznui01.exe |
"{15D29A59-C07F-4F1A-8DE0-6B2ABD191D4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{17801E7A-6B64-436B-BFBD-E691B13CD54E}" = protocol=6 | dir=out | app=system |
"{1CA335FF-FFB8-4FDE-A803-4DE8EC8AFC78}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{27417C66-5982-4D31-92F6-8FABF0494566}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2748A07F-7366-4F29-98C2-13C3D820FEBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3498E038-62A8-4A09-9218-1193CA0B97AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36E2153C-95A4-45FA-9ACF-041E024B7E6E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{373EA2A3-3933-48ED-BBED-049917B49279}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AD8F5BB-A7A2-4DBE-9C38-EECE84D5256F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4EB785C5-717A-4393-8FFB-AA952F8A75FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5025EDB0-5093-4209-8634-2900DAFF4C24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5802AE57-5803-4DFF-AA5D-F19D76F63A1A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{63DE2CBB-8D19-48FD-9EC6-90815A586B41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{63ED523D-74CD-44CE-BE02-D3D290486BA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AD17A68-AEF5-488A-B199-5B1CD759EC3E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79C242C7-B2BE-4E58-BE31-8748E4C5B391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{83CFA885-BFDC-45F2-A95E-5AE8606E159A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87A7CA64-2DFA-4A6A-BD48-E42DC6C0067A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{886FEAFD-F367-4D51-BAAF-8E5D7622B02F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{896001F8-F2A5-4109-B8E1-082DA716C44B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9011E30E-BFAF-4C41-B010-A23089297CE5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9088F12A-3036-4BED-8E19-FF36BDFD2373}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9536D6F2-2C93-4A6B-B2D0-C5A3BFBD6887}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{964E94D3-C5DD-487C-B105-5A7AE5317427}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{97161970-B7ED-442D-8DB6-63777D519316}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9806E20F-8EBC-4CE2-A6A4-116B8C793260}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4A5286F-3B02-4AB2-A90D-BA6A7E535B3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{A6C72BFA-81D7-4383-963C-53D33AA57294}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A90BF4D3-7A20-4EBB-B2B5-34B0AF561407}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A9963E2D-ED97-45CA-B2A0-1AC5B9E13425}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B52F671A-4A55-4086-A72A-E65BE1246EB4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B5F4FB43-A190-4B05-B888-7988520812EC}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B79B135E-8324-40F2-9A7D-A94C6234B1FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC345B43-49A0-4387-B6AE-C43611969755}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C27198FE-4C12-4E45-8815-29BADD053715}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{D76AAE89-3915-45EB-97F7-5487197D7FD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E0D323FD-2681-419D-9F04-E407D9D5A634}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E47A524E-36F8-4D1A-A65F-4FF418964D50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E50CADC0-3634-4805-9D5F-22652866F4C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F3D3D75E-5832-4FCE-9FDA-7E7CFAF2162E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{31D05374-EA45-48E1-B8E8-99D5426E92D5}E:\utility\di-524zcfg.exe" = protocol=6 | dir=in | app=e:\utility\di-524zcfg.exe |
"TCP Query User{925566D5-867F-476D-B3C9-B4DD28D29F3C}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{ABD8610D-7753-4804-944F-B10A0F8E0BBD}E:\utility\di-524zcfg.exe" = protocol=17 | dir=in | app=e:\utility\di-524zcfg.exe |
"UDP Query User{BD076C3F-A1B2-4BC1-88F0-951B7AEFB8DD}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = AMCap
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}" = Fritz 13
"{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FD902DA9-D9E0-4CAE-9897-6E7FDFCA9C8C}" = Tecnomatix Plant Simulation 9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Aspell6-Dictionary-fr" = Aspell 0.6 Dictionary (Language: fr)
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"furnplan hülsta now!_is1" = furnplan hülsta now! 2011.8.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IsoBuster_is1" = IsoBuster 2.7
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LastFM_is1" = Last.fm 1.5.4.27091
"LyX" = LyX 1.6.6.1-1
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aspell" = Aspell Data (Installed for Current User)
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.09.2012 16:34:32 | Computer Name = ****** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8378

Error - 24.09.2012 16:34:33 | Computer Name = ****** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 24.09.2012 16:34:33 | Computer Name = ****** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9423

Error - 24.09.2012 16:34:33 | Computer Name = ****** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9423

Error - 24.09.2012 16:34:34 | Computer Name = ****** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 24.09.2012 16:34:34 | Computer Name = ****** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10437

Error - 24.09.2012 16:34:34 | Computer Name = ****** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10437

Error - 26.09.2012 12:29:36 | Computer Name = ****** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WSCStub.exe, Version: 16.8.3.6, Zeitstempel:
0x4e7a7207 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00019b17 ID des fehlerhaften Prozesses:
0x1094 Startzeit der fehlerhaften Anwendung: 0x01cd9c041d096690 Pfad der fehlerhaften
Anwendung: C:\Program Files\Norton 360\Engine\3.8.3.6\WSCStub.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 5c07f4b0-07f7-11e2-82a2-00222007dba3

Error - 26.09.2012 12:30:12 | Computer Name = ****** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WSCStub.exe, Version: 16.8.3.6, Zeitstempel:
0x4e7a7207 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00019b17 ID des fehlerhaften Prozesses:
0x9e8 Startzeit der fehlerhaften Anwendung: 0x01cd9c0433910a30 Pfad der fehlerhaften
Anwendung: C:\Program Files\Norton 360\Engine\3.8.3.6\WSCStub.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 714e3eb0-07f7-11e2-82a2-00222007dba3

Error - 26.09.2012 12:32:43 | Computer Name = ****** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WSCStub.exe, Version: 16.8.3.6, Zeitstempel:
0x4e7a7207 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00019b17 ID des fehlerhaften Prozesses:
0x3b8 Startzeit der fehlerhaften Anwendung: 0x01cd9c048d67ba40 Pfad der fehlerhaften
Anwendung: C:\Program Files\Norton 360\Engine\3.8.3.6\WSCStub.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: cb7e1310-07f7-11e2-82a2-00222007dba3

[ System Events ]
Error - 22.09.2012 16:32:38 | Computer Name = ****** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 22.09.2012 16:32:38 | Computer Name = ****** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 22.09.2012 16:32:39 | Computer Name = ****** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 22.09.2012 16:32:40 | Computer Name = ****** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 23.09.2012 16:49:56 | Computer Name = ****** | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.

Error - 24.09.2012 10:59:08 | Computer Name = ****** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst CryptSvc erreicht.

Error - 24.09.2012 12:40:37 | Computer Name = ****** | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 24.09.2012 16:45:28 | Computer Name = ****** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst N360 erreicht.

Error - 24.09.2012 16:45:53 | Computer Name = ****** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 24.09.2012 16:45:54 | Computer Name = ****** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


< End of report >

 

Themen zu Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org?
.com, 32 bit, ad-aware, autorun, bho, bonjour, document, ebay, error, firefox, flash player, format, helper, home, install.exe, malware, mozilla, object, plug-in, realtek, registry, rundll, security, senden, server, svchost.exe, symantec, usb 2.0, vorschaubilder, windows


« BKA Trojaner kann NICHT entfernt werden? | Hacktool - Virus - skype Problem. »


Ähnliche Themen: Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org?


  1. unerwünschte Seiten gehen beim surfen auf
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (12)
  2. Windows 7: Popups, unerwünschte Seiten, unerwünschte Weiterleitungen bei Internetnutzung
    Log-Analyse und Auswertung - 11.04.2014 (13)
  3. Unerwünschte Seiten werden geladen
    Plagegeister aller Art und deren Bekämpfung - 20.03.2014 (9)
  4. Unerwünschte Umleitungen zu Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (13)
  5. Firefox ungewollte umleitungen auf verdächtige Seiten
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (21)
  6. Google Weiterleitung auf unerwünschte Seiten, Microsoft Security Essentials und Windows Defender funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (10)
  7. Google redirect (unerwünschte Umleitungen auf andere Seiten)
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (20)
  8. Google öffnet unerwünschte Seiten
    Log-Analyse und Auswertung - 03.01.2013 (3)
  9. Google, Umleitung auf unerwünschte Seiten
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (18)
  10. Google-Weiterleitung auf unerwünschte Seiten
    Log-Analyse und Auswertung - 07.06.2011 (33)
  11. 'Windows Recovery' Rogue Malware / nun unerwünschte Umleitungen auf andere Seiten
    Log-Analyse und Auswertung - 14.04.2011 (1)
  12. Google leitet auf unerwünschte Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (16)
  13. Unerwünschte Seiten nach google-Suche!
    Log-Analyse und Auswertung - 24.03.2011 (1)
  14. Firefox leitet bei google auf unerwünschte Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 10.03.2010 (1)
  15. Browser öffnet unerwünschte Seiten-bitte HJT Auswertung
    Log-Analyse und Auswertung - 13.02.2008 (7)
  16. Werde auf unerwünschte Seiten geleitet
    Plagegeister aller Art und deren Bekämpfung - 03.03.2006 (1)
  17. IE6 öffnet unerwünschte Seiten !!!!!
    Log-Analyse und Auswertung - 14.11.2004 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org? - Hallo zusammen, ich habe schon oft Problemchen durch passives Lesen auf eurer Seite lösen können, jetzt muss ich aktiv um Hilfe bitten. Probleme 1.) Unerwünschte Umleitungen auf andere Seiten. Sehr - Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org?...
Archiv
Du betrachtest: Unerwünschte Umleitungen, nicht ladende Seiten(elemente), sherlocksearch.org? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19