| |
| |||||||
Log-Analyse und Auswertung: ungewolltes öffnen von WebseitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.11.2009, 11:18
| #1 |
 |  ungewolltes öffnen von Webseiten Hallo zusammen, habe folgendes Problem, wenn ich meinen Internetbrowser (Mozilla) öffne und dann im Internet surf öffnen sich immer ungwollt Webseiten. Wie kann ich diesen Problem beheben ? Ich habe etwas von HijackThis gelesen und dieses auch bereits angefertigt. Mein AntiVir Programm hab ich ebenfalls regelmäßig gestartet und den CCleaner. Wie bekomm ich die lässtigen Seiten weg, kann mir bitte jemand helfen ich bin ein totaler Laie. hier noch der Bericht des hijackthis- editor: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:48:18, on 03.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe C:\Programme\Cisco Systems\HBC-VPN-Client\cvpnd.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\RIB\License\RIB.License.Server.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\TpShocks.exe C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\Lenovo\Client Security Solution\cssauth.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\DNA\btdna.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Windows Desktop Search\WindowsSearch.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programme\Media Access Startup\2.0.0.1050\HPIEAddOn.dll (file missing) O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programme\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Programme\System Search Dispatcher\1.4.3.1040\ssd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RelevantKnowledge] C:\programme\relevantknowledge\rlvknlg.exe -boot O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe" O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe O4 - Global Startup: Hochschule Biberach VPN Client.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programme/Chessmaster%20Challenge/Images/stg_drm.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Programme/Chessmaster%20Challenge/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Hochschule Biberach, Rechenzentrum VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\HBC-VPN-Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: RIB License Server (RIB.License.Server) - RIB Software AG - C:\Programme\RIB\License\RIB.License.Server.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sukoku Service - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sukoku\sukoku123.exe (file missing) O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 15588 bytes gruß Andi Danke im voraus Geändert von andi_1984 (03.11.2009 um 11:50 Uhr) |
|
03.11.2009, 12:22
| #2 |
| /// Selecta Jahrusso   | ungewolltes öffnen von Webseiten Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab. Poste bitte alle Logfiles in Code-Tags. Klicke antworten --> # danach [code]text[/code] So sollte das dann hier aussehen nach dem antworten: Code:
ATTFilter deine Logfile
schritt 1 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
schritt 2
__________________ |
|
03.11.2009, 12:52
| #3 |
| | ungewolltes öffnen von Webseiten [CODE]
__________________OTL Extras logfile created on: 03.11.2009 12:29:31 - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 58,59% Memory free 3,81 Gb Paging File | 3,05 Gb Available in Paging File | 79,88% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 142,44 Gb Total Space | 15,93 Gb Free Space | 11,19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 231,88 Gb Total Space | 229,58 Gb Free Space | 99,01% Space Free | Partition Type: NTFS Computer Name: LENOVO-5745C956 Current User Name: Andreas Schäfer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:192.168.2.24/255.255.255.255:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- File not found "D:\setup\hponicifs01.exe" = D:\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found "C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*  isabled: -- ()"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled NA -- (BitTorrent, Inc.)"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis) "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG) "c:\programme\relevantknowledge\rlvknlg.exe" = c:\programme\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{014CF29F-D3C0-4303-B3E9-CA10AD1E6085}" = Dlubal-Anwendungen RSTAB "{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5 "{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2 "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject' "{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Hochschule Biberach VPN Client 5.0.01.0600 "{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series "{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1" = Media Access Startup "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext "{2CCB6855-A029-40FC-8C89-B3B78AECC777}" = RIB Lizenzmanagement "{30C50520-1B5E-4FD1-A87B-444F86E21031}" = Nero 7 Premium "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera "{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help "{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{5783F2D7-4001-0407-0002-0060B0CE6BBA}" = AutoCAD 2006 - Deutsch "{5783F2D7-7001-0407-0002-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400 "{607999F2-4F5E-4FBD-8E98-A1094B3E6DC4}" = ARRIBA® bauen 12.4 (Single) "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor "{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1 "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.2 "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5096216-7703-409E-B85A-8A6EE7395128}}_is1" = System Search Dispatcher "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "ABViewer 7_is1" = ABViewer 7 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "Ask Toolbar_is1" = Ask Toolbar "AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch "Autodesk DWF Viewer" = Autodesk DWF Viewer "Azureus" = Azureus "CCleaner" = CCleaner (remove only) "Chessmaster Challenge" = Chessmaster Challenge "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem "ENTERPRISE" = Microsoft Office Enterprise 2007 "Falco Chess_is1" = Falco Chess 3.0 "Free FLV Converter_is1" = Free FLV Converter V 6.7.3 "HijackThis" = HijackThis 2.0.2 "HP Document Manager" = HP Document Manager 1.0 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "ICQToolbar" = ICQ Toolbar "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "OnScreenDisplay" = Anzeige am Bildschirm "PCMCIAPW" = ThinkPad PC Card Power Policy "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "Remove Multimedia Center" = Remove Multimedia Center "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "VLC media player" = VLC media player 1.0.2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.5 "WinRAR archiver" = WinRAR archiver "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== |
|
03.11.2009, 12:53
| #4 |
| | ungewolltes öffnen von Webseiten [ Application Events ] Error - 03.11.2009 05:37:25 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:26 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:27 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:28 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:29 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:30 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:31 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:32 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:33 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. Error - 03.11.2009 05:37:34 | Computer Name = LENOVO-5745C956 | Source = TrueVector Service | ID = 5003 Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: Das System kann die angegebene Datei nicht finden. [ OSession Events ] Error - 19.08.2009 06:23:37 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13017 seconds with 8160 seconds of active time. This session ended with a crash. Error - 21.09.2009 04:12:29 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2371 seconds with 540 seconds of active time. This session ended with a crash. Error - 24.09.2009 10:29:02 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2510 seconds with 600 seconds of active time. This session ended with a crash. Error - 25.09.2009 10:57:54 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12786 seconds with 3420 seconds of active time. This session ended with a crash. Error - 26.09.2009 10:44:24 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3840 seconds with 2520 seconds of active time. This session ended with a crash. Error - 28.09.2009 10:13:11 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10217 seconds with 1560 seconds of active time. This session ended with a crash. Error - 29.09.2009 15:44:59 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41851 seconds with 2880 seconds of active time. This session ended with a crash. Error - 06.10.2009 08:09:53 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 113 seconds with 0 seconds of active time. This session ended with a crash. Error - 06.10.2009 08:10:36 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash. Error - 26.10.2009 13:11:50 | Computer Name = LENOVO-5745C956 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 360 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 31.10.2009 06:14:04 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter. Error - 31.10.2009 06:14:04 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 01.11.2009 10:21:17 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 02.11.2009 05:08:37 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 02.11.2009 11:02:45 | Computer Name = LENOVO-5745C956 | Source = Print | ID = 6161 Description = Das Dokument Microsoft Word - Dokument1, im Besitz von Andreas Schäfer, konnte nicht auf dem Drucker HP Officejet J6400 series gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 65536. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\LENOVO-5745C956. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 6 (0x6). Error - 02.11.2009 11:08:30 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 02.11.2009 11:18:04 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 02.11.2009 11:43:11 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 03.11.2009 05:09:52 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 03.11.2009 05:37:42 | Computer Name = LENOVO-5745C956 | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. < End of report > [/CODE] |
|
03.11.2009, 12:55
| #5 |
| | ungewolltes öffnen von Webseiten [CODE] OTL logfile created on: 03.11.2009 12:29:29 - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 58,59% Memory free 3,81 Gb Paging File | 3,05 Gb Available in Paging File | 79,88% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 142,44 Gb Total Space | 15,93 Gb Free Space | 11,19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 231,88 Gb Total Space | 229,58 Gb Free Space | 99,01% Space Free | Partition Type: NTFS Computer Name: LENOVO-5745C956 Current User Name: Andreas Schäfer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\RIB\License\RIB.License.Server.exe (RIB Software AG) PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC) PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.) PRC - C:\Programme\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.) PRC - C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) PRC - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) PRC - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Cisco Systems\HBC-VPN-Client\vpngui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco Systems\HBC-VPN-Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) PRC - C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) ========== Win32 Services (SafeList) ========== SRV - (Sukoku Service) -- File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (RIB.License.Server) -- C:\Programme\RIB\License\RIB.License.Server.exe (RIB Software AG) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirScheduler) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (hpqcxs08) -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (hpqddsvc) -- C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (HPSLPSVC) -- C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (TSSCoreService) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM) SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (CVPND) -- C:\Programme\Cisco Systems\HBC-VPN-Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (TVT Backup Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation) DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.) DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo) DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (AEAudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation) DRV - (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (fxusbase) -- C:\WINDOWS\system32\drivers\fxusbase.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (ac97intc) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM Berlin) DRV - (SSIPDDP) -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.130:8080 ========== FireFox ========== |
|
03.11.2009, 12:58
| #6 |
| | ungewolltes öffnen von Webseiten FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..extensions.enabledItems: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}:4.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:2.0.0.1050 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.8.1.4690 FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2 FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.04.28 12:46:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.07 10:59:58 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Programme\Internet Saving Optimizer\3.8.1.4690\FF [2009.09.14 18:34:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Programme\Media Access Startup\2.0.0.1050\FF [2009.09.14 18:34:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.10.30 16:42:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.30 16:42:53 | 00,000,000 | ---D | M] [2009.10.07 12:47:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Extensions [2009.10.07 12:47:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.11.02 15:42:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Firefox\Profiles\1jov09i7.default\extensions [2009.10.07 12:53:05 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Firefox\Profiles\1jov09i7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.02 10:14:29 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.15 15:30:09 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2009.10.28 11:57:19 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9} [2008.12.24 13:32:21 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.10.30 16:42:53 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.04.28 12:47:02 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.10.15 15:30:16 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2009.10.30 16:42:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll [2009.10.30 16:42:44 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll [2008.09.04 01:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll [2009.04.28 12:46:49 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll [2008.11.21 22:45:04 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll [2008.11.21 22:45:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2009.10.30 16:42:48 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll [2006.10.26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL [2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll [2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml [2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.10.21 23:00:49 | 00,002,381 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\sukoku123.xml [2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml [2009.10.15 15:30:17 | 00,000,878 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (716 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Media Access Startup) - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programme\Media Access Startup\2.0.0.1050\HPIEAddOn.dll File not found O2 - BHO: (NP Helper Class) - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programme\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll () O2 - BHO: (System Search Dispatcher) - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Programme\System Search Dispatcher\1.4.3.1040\ssd.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [MaxMenuMgr] C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RelevantKnowledge] C:\programme\relevantknowledge\rlvknlg.exe File not found O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe (Autodesk, Inc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hochschule Biberach VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Programme/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Programme/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 03:18:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.11.03 12:25:58 | 00,000,044 | ---- | M] () - K:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{49f478ef-e496-11dd-9f71-00215c56e355}\Shell - "" = AutoRun O33 - MountPoints2\{49f478ef-e496-11dd-9f71-00215c56e355}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{49f478ef-e496-11dd-9f71-00215c56e355}\Shell\AutoRun\command - "" = E:\OnSpcLCK.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== |
|
03.11.2009, 12:59
| #7 |
| | ungewolltes öffnen von Webseiten [2009.11.03 12:27:40 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe [2009.11.02 23:17:05 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Recent [2009.11.02 23:06:39 | 00,000,000 | ---D | C] -- C:\!KillBox [2009.11.02 16:39:46 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\backups [2009.11.02 16:30:24 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\HiJackThis.exe [2009.11.02 15:57:53 | 00,040,960 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Look2Me-Destroyer.exe [2009.10.23 11:28:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\vlc [2009.10.15 22:24:34 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Search Settings [2009.10.15 22:24:32 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Dealio [2009.10.15 15:30:16 | 00,000,000 | ---D | C] -- C:\Programme\Search Settings [2009.10.15 15:30:08 | 00,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar [2009.10.15 15:26:54 | 00,315,392 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe [2009.10.15 15:26:53 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2009.10.15 15:26:53 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2009.10.15 15:26:53 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2009.10.15 15:26:53 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX [2009.10.15 15:26:53 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPFR.DLL [2009.10.15 15:26:52 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2009.10.15 15:26:52 | 00,000,000 | ---D | C] -- C:\Programme\Free FLV Converter [2009.10.15 15:26:52 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\FreeFLVConverter [2009.10.15 10:45:30 | 00,000,000 | ---D | C] -- C:\Programme\VideoLAN [2009.10.15 09:15:53 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2009.10.15 09:15:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2009.10.09 09:44:59 | 00,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009.10.09 09:44:54 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll [2009.10.07 15:23:55 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Eigene Dateien\Downloads [2009.10.05 17:15:02 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys [2009.10.05 17:15:02 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2008.11.16 14:27:19 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2008.11.16 14:27:19 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009.11.03 12:27:41 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe [2009.11.03 11:51:24 | 00,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Hochschule Biberach VPN Client.lnk [2009.11.03 10:37:51 | 00,000,320 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2009.11.03 10:37:48 | 00,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hochschule Biberach VPN Client.lnk [2009.11.03 10:37:16 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.11.03 10:36:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.11.03 10:36:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.11.03 10:36:02 | 21,121,39264 | -HS- | M] () -- C:\hiberfil.sys [2009.11.02 23:38:21 | 07,340,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\NTUSER.DAT [2009.11.02 23:37:47 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\ntuser.ini [2009.11.02 23:14:49 | 00,000,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\.recently-used.xbel [2009.11.02 16:30:25 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\HiJackThis.exe [2009.11.02 16:15:06 | 00,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009.11.02 15:57:53 | 00,040,960 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Look2Me-Destroyer.exe [2009.11.02 15:56:24 | 00,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Microsoft Office Word 2007.lnk [2009.11.02 11:02:36 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.10.29 22:16:53 | 00,086,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.29 13:17:34 | 00,029,696 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Angebot_AluLine.doc [2009.10.26 12:39:59 | 01,114,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009.10.26 12:39:59 | 00,487,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2009.10.26 12:39:59 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009.10.26 12:39:59 | 00,095,538 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2009.10.26 12:39:59 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009.10.23 11:33:10 | 00,000,783 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Free FLV Converter.lnk [2009.10.23 11:22:12 | 00,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe [2009.10.23 11:13:32 | 00,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2009.10.09 10:03:34 | 00,000,781 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Windows Media Player.lnk [2009.10.09 09:58:19 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009.10.09 09:58:19 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009.10.09 09:44:54 | 00,000,837 | ---- | M] () -- C:\WINDOWS\win.ini [2009.10.07 12:47:35 | 00,001,585 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2009.10.05 17:13:03 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf [2009.10.05 17:13:01 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.11.02 23:14:49 | 00,000,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\.recently-used.xbel [2009.10.29 13:00:48 | 00,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Angebot_AluLine.doc [2009.10.23 11:13:32 | 00,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2009.10.15 15:26:55 | 00,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Free FLV Converter.lnk [2009.10.15 15:26:53 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx [2009.10.15 15:26:53 | 00,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb [2009.10.15 15:26:52 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx [2009.10.07 12:47:35 | 00,001,585 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2009.10.05 17:13:03 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf [2009.10.05 17:13:01 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2009.06.05 18:35:55 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.04.17 10:28:14 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2009.04.06 21:12:42 | 00,001,292 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI [2009.03.06 15:31:48 | 00,010,122 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2008.12.31 18:42:12 | 00,000,035 | ---- | C] () -- C:\WINDOWS\render.ini [2008.11.26 16:16:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.26 16:16:40 | 00,086,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.21 22:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.11.21 22:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.11.21 22:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008.11.21 22:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008.11.18 22:09:04 | 00,055,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIPDDP.SYS [2008.11.18 21:47:58 | 00,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini [2008.11.18 21:47:52 | 00,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll [2008.11.18 21:47:52 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll [2008.11.18 21:47:52 | 00,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll [2008.11.16 16:04:13 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.11.16 14:57:45 | 00,109,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2008.11.16 14:52:02 | 03,667,688 | -H-- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2008.11.16 14:52:02 | 00,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.11.16 14:52:02 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\desktop.ini [2008.11.16 14:47:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.11.16 14:41:58 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2008.11.16 14:39:04 | 00,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008.11.16 14:37:39 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.11.16 14:37:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.11.16 14:37:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.11.16 14:37:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.11.16 14:37:39 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.11.16 14:37:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.11.16 14:32:14 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.11.16 14:32:14 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.11.16 14:32:13 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.11.16 14:32:13 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.11.16 14:28:56 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008.11.16 14:27:19 | 09,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2008.11.16 14:27:19 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2008.11.16 14:26:20 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2008.05.26 22:23:36 | 00,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 00,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 00,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007.07.16 11:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2007.07.16 11:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.02.27 17:48:38 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.02.27 17:29:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006.01.27 18:18:01 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 18:05:14 | 00,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.01.27 02:01:34 | 00,000,837 | ---- | C] () -- C:\WINDOWS\win.ini [2006.01.27 02:01:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2006.01.26 18:09:23 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini [2005.02.17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 158BAF9@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:93E9C78D < End of report > [/CODE] |
|
03.11.2009, 15:22
| #8 |
| | ungewolltes öffnen von Webseiten Hallo, erstmals recht herzlichen Dank. Habe die Scans ordnungsgemäß durchgeführt. Die ersten beiden Logfiles habe ich bereits in den Antworten mitgeschickt. Den Scan mit GMER habe ich auch durchgeführt. Der Text besthet aus mehr als 450000 Zeichen gibt es eine Möglichkeit diesen anzuhängen, oder muss ich die Antwort in mehrer Teile aufteilen? Gruß Andi |
|
03.11.2009, 15:53
| #9 |
| /// Selecta Jahrusso | ungewolltes öffnen von Webseiten Kannst anhängen 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.11.2009, 16:20
| #10 |
| | ungewolltes öffnen von Webseiten [CODE] GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-11-03 15:04:51 Windows 5.1.2600 Service Pack 3 Running: df8efhso.exe; Driver: C:\DOKUME~1\ANDREA~1\LOKALE~1\Temp\ufdyapoc.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[2396] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A4F5C2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A4F5C560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A4F5C6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A4F5C450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A4F5C450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A4F5C2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A4F5C560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\psNdisOpenAdapter] [A4F5C560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driveched.sys[NDIS.SYS!NdisCloseAdapter] [A4F5C6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A4F5C2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A4F5C450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A4F5C6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS! r/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A4F5C6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A4F5C560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A4F5C2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A4F5C450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A4F5C2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A4F5C560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A4F5C6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A4F5C6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A4F5C560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A4F5C450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A4F5C2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A4F5C2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A4F5C450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A4F5C6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A4F5C560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \FileSystem\Fastfat \Fat A2E55D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\RRbackups\C 0 bytes File C:\RRbackups\C\0 0 bytes File C:\RRbackups\C\0\Data479 50003968 bytes File C:\RRbackups\C\0\Data0 50003968 bytes File C:\RRbackups\C\0\Data1 50003968 bytes File C:\RRbackups\C\0\Data10 50003968 bytes File C:\RRbackups\C\0\Data100 50003968 bytes File C:\RRbackups\C\0\Data1000 50003968 bytes File C:\RRbackups\C\0\Data1001 50003968 bytes File C:\RRbackups\C\0\Data1002 50003968 bytes File C:\RRbackups\C\0\Data1003 50003968 bytes File C:\RRbackups\C\0\Data1004 50003968 bytes File C:\RRbackups\C\0\Data1005 50003968 bytes File C:\RRbackups\C\0\Data1006 50003968 bytes File C:\RRbackups\C\0\Data1007 50003968 bytes File C:\RRbackups\C\0\Data1008 50003968 bytes File C:\RRbackups\C\0\Data1009 50003968 bytes File C:\RRbackups\C\0\Data101 50003968 bytes File C:\RRbackups\C\0\Data1010 50003968 bytes File C:\RRbackups\C\0\Data1011 50003968 bytes File C:\RRbackups\C\0\Data1012 50003968 bytes File C:\RRbackups\C\0\Data1013 50003968 bytes File C:\RRbackups\C\0\Data270 50003968 bytes File C:\RRbackups\C\0\Data271 50003968 bytes File C:\RRbackups\C\0\Data272 50003968 bytes File C:\RRbackups\C\0\Data273 50003968 bytes File C:\RRbackups\C\0\Data274 50003968 bytes File C:\RRbackups\C\0\Data275 50003968 bytes File C:\RRbackups\C\0\Data276 50003968 bytes File C:\RRbackups\C\0\Data277 50003968 bytes File C:\RRbackups\C\0\Data278 50003968 bytes File C:\RRbackups\C\0\Data279 50003968 bytes File C:\RRbackups\C\0\Data28 50003968 bytes File C:\RRbackups\C\0\Data280 50003968 bytes File C:\RRbackups\C\0\Data281 50003968 bytes File C:\RRbackups\C\0\Data282 50003968 bytes File C:\RRbackups\C\0\Data283 50003968 bytes File C:\RRbackups\C\0\Data284 50003968 bytes |
|
03.11.2009, 16:22
| #11 |
| | ungewolltes öffnen von Webseiten File C:\RRbackups\C\0\Data285 50003968 bytes File C:\RRbackups\C\0\Data286 50003968 bytes File C:\RRbackups\C\0\Data287 50003968 bytes File C:\RRbackups\C\0\Data288 50003968 bytes File C:\RRbackups\C\0\Data460 50003968 bytes File C:\RRbackups\C\0\Data461 50003968 bytes File C:\RRbackups\C\0\Data462 50003968 bytes File C:\RRbackups\C\0\Data463 50003968 bytes File C:\RRbackups\C\0\Data464 50003968 bytes File C:\RRbackups\C\0\Data465 50003968 bytes File C:\RRbackups\C\0\Data466 50003968 bytes File C:\RRbackups\C\0\Data467 50003968 bytes File C:\RRbackups\C\0\Data468 50003968 bytes File C:\RRbackups\C\0\Data469 50003968 bytes File C:\RRbackups\C\0\Data47 50003968 bytes File C:\RRbackups\C\0\Data470 50003968 bytes File C:\RRbackups\C\0\Data471 50003968 bytes File C:\RRbackups\C\0\Data472 50003968 bytes File C:\RRbackups\C\0\Data473 50003968 bytes File C:\RRbackups\C\0\Data474 50003968 bytes File C:\RRbackups\C\0\Data475 50003968 bytes File C:\RRbackups\C\0\Data476 50003968 bytes File C:\RRbackups\C\0\Data477 50003968 bytes File C:\RRbackups\C\0\Data478 50003968 bytes File C:\RRbackups\C\0\Data650 50003968 bytes File C:\RRbackups\C\0\Data651 50003968 bytes File C:\RRbackups\C\0\Data652 50003968 bytes File C:\RRbackups\C\0\Data653 50003968 bytes File C:\RRbackups\C\0\Data654 50003968 bytes File C:\RRbackups\C\0\Data655 50003968 bytes File C:\RRbackups\C\0\Data656 50003968 bytes File C:\RRbackups\C\0\Data657 50003968 bytes File C:\RRbackups\C\0\Data658 50003968 bytes File C:\RRbackups\C\0\Data659 50003968 bytes File C:\RRbackups\C\0\Data66 50003968 bytes File C:\RRbackups\C\0\Data660 50003968 bytes File C:\RRbackups\C\0\Data661 50003968 bytes File C:\RRbackups\C\0\Data662 50003968 bytes File C:\RRbackups\C\0\Data663 50003968 bytes File C:\RRbackups\C\0\Data664 50003968 bytes File C:\RRbackups\C\0\Data665 50003968 bytes File C:\RRbackups\C\0\Data666 50003968 bytes File C:\RRbackups\C\0\Data667 50003968 bytes File C:\RRbackups\C\0\Data668 50003968 bytes File C:\RRbackups\C\0\Data117 50003968 bytes File C:\RRbackups\C\0\Data118 50003968 bytes File C:\RRbackups\C\0\Data119 50003968 bytes File C:\RRbackups\C\0\Data12 50003968 bytes File C:\RRbackups\C\0\Data120 50003968 bytes File C:\RRbackups\C\0\Data121 50003968 bytes File C:\RRbackups\C\0\Data122 50003968 bytes File C:\RRbackups\C\0\Data123 50003968 bytes File C:\RRbackups\C\0\Data124 50003968 bytes File C:\RRbackups\C\0\Data125 50003968 bytes File C:\RRbackups\C\0\Data126 50003968 bytes File C:\RRbackups\C\0\Data127 50003968 bytes File C:\RRbackups\C\0\Data128 50003968 bytes File C:\RRbackups\C\0\Data129 50003968 bytes File C:\RRbackups\C\0\Data13 50003968 bytes File C:\RRbackups\C\0\Data130 50003968 bytes File C:\RRbackups\C\0\Data131 50003968 bytes File C:\RRbackups\C\0\Data132 50003968 bytes File C:\RRbackups\C\0\Data133 50003968 bytes File C:\RRbackups\C\0\Data134 50003968 bytes File C:\RRbackups\C\0\Data136 50003968 bytes File C:\RRbackups\C\0\Data137 50003968 bytes File C:\RRbackups\C\0\Data138 50003968 bytes File C:\RRbackups\C\0\Data139 50003968 bytes File C:\RRbackups\C\0\Data14 50003968 bytes File C:\RRbackups\C\0\Data140 50003968 bytes File C:\RRbackups\C\0\Data141 50003968 bytes File C:\RRbackups\C\0\Data142 50003968 bytes File C:\RRbackups\C\0\Data143 50003968 bytes File C:\RRbackups\C\0\Data144 50003968 bytes File C:\RRbackups\C\0\Data145 50003968 bytes File C:\RRbackups\C\0\Data146 50003968 bytes File C:\RRbackups\C\0\Data147 50003968 bytes File C:\RRbackups\C\0\Data148 50003968 bytes File C:\RRbackups\C\0\Data149 50003968 bytes File C:\RRbackups\C\0\Data15 50003968 bytes File C:\RRbackups\C\0\Data150 50003968 bytes |
|
03.11.2009, 16:23
| #12 |
| | ungewolltes öffnen von Webseiten File C:\RRbackups\C\0\Data151 50003968 bytes File C:\RRbackups\C\0\Data152 50003968 bytes File C:\RRbackups\C\0\Data153 50003968 bytes File C:\RRbackups\C\0\Data155 50003968 bytes File C:\RRbackups\C\0\Data156 50003968 bytes File C:\RRbackups\C\0\Data157 50003968 bytes File C:\RRbackups\C\0\Data158 50003968 bytes File C:\RRbackups\C\0\Data159 50003968 bytes File C:\RRbackups\C\0\Data16 50003968 bytes File C:\RRbackups\C\0\Data160 50003968 bytes File C:\RRbackups\C\0\Data161 50003968 bytes File C:\RRbackups\C\0\Data162 50003968 bytes File C:\RRbackups\C\0\Data163 50003968 bytes File C:\RRbackups\C\0\Data164 50003968 bytes File C:\RRbackups\C\0\Data165 50003968 bytes File C:\RRbackups\C\0\Data166 50003968 bytes File C:\RRbackups\C\0\Data167 50003968 bytes File C:\RRbackups\C\0\Data168 50003968 bytes File C:\RRbackups\C\0\Data169 50003968 bytes File C:\RRbackups\C\0\Data17 50003968 bytes File C:\RRbackups\C\0\Data170 50003968 bytes File C:\RRbackups\C\0\Data171 50003968 bytes File C:\RRbackups\C\0\Data172 50003968 bytes File C:\RRbackups\C\0\Data1014 50003968 bytes File C:\RRbackups\C\0\Data116 50003968 bytes File C:\RRbackups\C\0\Data135 50003968 bytes File C:\RRbackups\C\0\Data154 50003968 bytes File C:\RRbackups\C\0\Data173 50003968 bytes File C:\RRbackups\C\0\Data192 50003968 bytes File C:\RRbackups\C\0\Data210 50003968 bytes File C:\RRbackups\C\0\Data23 50003968 bytes File C:\RRbackups\C\0\Data249 50003968 bytes File C:\RRbackups\C\0\Data27 50003968 bytes File C:\RRbackups\C\0\Data289 50003968 bytes File C:\RRbackups\C\0\Data307 50003968 bytes File C:\RRbackups\C\0\Data326 50003968 bytes File C:\RRbackups\C\0\Data345 50003968 bytes File C:\RRbackups\C\0\Data364 50003968 bytes File C:\RRbackups\C\0\Data383 50003968 bytes File C:\RRbackups\C\0\Data401 50003968 bytes File C:\RRbackups\C\0\Data420 50003968 bytes File C:\RRbackups\C\0\Data44 50003968 bytes File C:\RRbackups\C\0\Data46 50003968 bytes File C:\RRbackups\C\0\Data174 50003968 bytes File C:\RRbackups\C\0\Data175 50003968 bytes File C:\RRbackups\C\0\Data176 50003968 bytes File C:\RRbackups\C\0\Data177 50003968 bytes File C:\RRbackups\C\0\Data178 50003968 bytes File C:\RRbackups\C\0\Data179 50003968 bytes File C:\RRbackups\C\0\Data18 50003968 bytes File C:\RRbackups\C\0\Data180 50003968 bytes File C:\RRbackups\C\0\Data181 50003968 bytes File C:\RRbackups\C\0\Data182 50003968 bytes File C:\RRbackups\C\0\Data183 50003968 bytes File C:\RRbackups\C\0\Data184 50003968 bytes File C:\RRbackups\C\0\Data185 50003968 bytes File C:\RRbackups\C\0\Data186 50003968 bytes File C:\RRbackups\C\0\Data187 50003968 bytes File C:\RRbackups\C\0\Data188 50003968 bytes File C:\RRbackups\C\0\Data189 50003968 bytes File C:\RRbackups\C\0\Data19 50003968 bytes File C:\RRbackups\C\0\Data190 50003968 bytes File C:\RRbackups\C\0\Data191 50003968 bytes File C:\RRbackups\C\0\Data193 50003968 bytes File C:\RRbackups\C\0\Data194 50003968 bytes File C:\RRbackups\C\0\Data195 50003968 bytes File C:\RRbackups\C\0\Data196 50003968 bytes File C:\RRbackups\C\0\Data197 50003968 bytes File C:\RRbackups\C\0\Data198 50003968 bytes File C:\RRbackups\C\0\Data199 50003968 bytes File C:\RRbackups\C\0\Data2 50003968 bytes File C:\RRbackups\C\0\Data20 50003968 bytes File C:\RRbackups\C\0\Data200 50003968 bytes File C:\RRbackups\C\0\Data201 50003968 bytes File C:\RRbackups\C\0\Data202 50003968 bytes File C:\RRbackups\C\0\Data203 50003968 bytes File C:\RRbackups\C\0\Data204 50003968 bytes File C:\RRbackups\C\0\Data205 50003968 bytes File C:\RRbackups\C\0\Data206 50003968 bytes File C:\RRbackups\C\0\Data207 50003968 bytes File C:\RRbackups\C\0\Data208 50003968 bytes |
|
03.11.2009, 16:24
| #13 |
| | ungewolltes öffnen von Webseiten File C:\RRbackups\C\0\Data209 50003968 bytes File C:\RRbackups\C\0\Data21 50003968 bytes File C:\RRbackups\C\0\Data211 50003968 bytes File C:\RRbackups\C\0\Data212 50003968 bytes File C:\RRbackups\C\0\Data213 50003968 bytes File C:\RRbackups\C\0\Data214 50003968 bytes File C:\RRbackups\C\0\Data215 50003968 bytes File C:\RRbackups\C\0\Data216 50003968 bytes File C:\RRbackups\C\0\Data217 50003968 bytes File C:\RRbackups\C\0\Data218 50003968 bytes File C:\RRbackups\C\0\Data219 50003968 bytes File C:\RRbackups\C\0\Data22 50003968 bytes File C:\RRbackups\C\0\Data220 50003968 bytes File C:\RRbackups\C\0\Data221 50003968 bytes File C:\RRbackups\C\0\Data222 50003968 bytes File C:\RRbackups\C\0\Data223 50003968 bytes File C:\RRbackups\C\0\Data224 50003968 bytes File C:\RRbackups\C\0\Data225 50003968 bytes File C:\RRbackups\C\0\Data226 50003968 bytes File C:\RRbackups\C\0\Data227 50003968 bytes File C:\RRbackups\C\0\Data228 50003968 bytes File C:\RRbackups\C\0\Data229 50003968 bytes File C:\RRbackups\C\0\Data230 50003968 bytes File C:\RRbackups\C\0\Data231 50003968 bytes File C:\RRbackups\C\0\Data232 50003968 bytes File C:\RRbackups\C\0\Data233 50003968 bytes File C:\RRbackups\C\0\Data234 50003968 bytes File C:\RRbackups\C\0\Data235 50003968 bytes File C:\RRbackups\C\0\Data236 50003968 bytes File C:\RRbackups\C\0\Data237 50003968 bytes File C:\RRbackups\C\0\Data238 50003968 bytes File C:\RRbackups\C\0\Data239 50003968 bytes File C:\RRbackups\C\0\Data24 50003968 bytes File C:\RRbackups\C\0\Data240 50003968 bytes File C:\RRbackups\C\0\Data241 50003968 bytes File C:\RRbackups\C\0\Data242 50003968 bytes File C:\RRbackups\C\0\Data243 50003968 bytes File C:\RRbackups\C\0\Data244 50003968 bytes File C:\RRbackups\C\0\Data245 50003968 bytes File C:\RRbackups\C\0\Data246 50003968 bytes File C:\RRbackups\C\0\Data247 50003968 bytes File C:\RRbackups\C\0\Data248 50003968 bytes File C:\RRbackups\C\0\Data25 50003968 bytes File C:\RRbackups\C\0\Data250 50003968 bytes File C:\RRbackups\C\0\Data251 50003968 bytes File C:\RRbackups\C\0\Data252 50003968 bytes File C:\RRbackups\C\0\Data253 50003968 bytes File C:\RRbackups\C\0\Data254 50003968 bytes File C:\RRbackups\C\0\Data255 50003968 bytes File C:\RRbackups\C\0\Data256 50003968 bytes File C:\RRbackups\C\0\Data257 50003968 bytes File C:\RRbackups\C\0\Data258 50003968 bytes File C:\RRbackups\C\0\Data259 50003968 bytes File C:\RRbackups\C\0\Data26 50003968 bytes File C:\RRbackups\C\0\Data260 50003968 bytes File C:\RRbackups\C\0\Data261 50003968 bytes File C:\RRbackups\C\0\Data262 50003968 bytes File C:\RRbackups\C\0\Data263 50003968 bytes File C:\RRbackups\C\0\Data264 50003968 bytes File C:\RRbackups\C\0\Data265 50003968 bytes File C:\RRbackups\C\0\Data266 50003968 bytes File C:\RRbackups\C\0\Data267 50003968 bytes File C:\RRbackups\C\0\Data268 50003968 bytes File C:\RRbackups\C\0\Data269 50003968 bytes File C:\RRbackups\C\0\Data29 50003968 bytes File C:\RRbackups\C\0\Data290 50003968 bytes File C:\RRbackups\C\0\Data291 50003968 bytes File C:\RRbackups\C\0\Data292 50003968 bytes File C:\RRbackups\C\0\Data293 50003968 bytes File C:\RRbackups\C\0\Data294 50003968 bytes File C:\RRbackups\C\0\Data295 50003968 bytes File C:\RRbackups\C\0\Data296 50003968 bytes File C:\RRbackups\C\0\Data297 50003968 bytes File C:\RRbackups\C\0\Data298 50003968 bytes File C:\RRbackups\C\0\Data299 50003968 bytes File C:\RRbackups\C\0\Data3 50003968 bytes File C:\RRbackups\C\0\Data30 50003968 bytes File C:\RRbackups\C\0\Data300 50003968 bytes File C:\RRbackups\C\0\Data301 50003968 bytes File C:\RRbackups\C\0\Data302 50003968 bytes File C:\RRbackups\C\0\Data303 50003968 bytes |
|
03.11.2009, 16:25
| #14 |
| | ungewolltes öffnen von Webseiten File C:\RRbackups\C\0\Data304 50003968 bytes File C:\RRbackups\C\0\Data305 50003968 bytes File C:\RRbackups\C\0\Data306 50003968 bytes File C:\RRbackups\C\0\Data308 50003968 bytes File C:\RRbackups\C\0\Data309 50003968 bytes File C:\RRbackups\C\0\Data31 50003968 bytes File C:\RRbackups\C\0\Data310 50003968 bytes File C:\RRbackups\C\0\Data311 50003968 bytes File C:\RRbackups\C\0\Data312 50003968 bytes File C:\RRbackups\C\0\Data313 50003968 bytes File C:\RRbackups\C\0\Data314 50003968 bytes File C:\RRbackups\C\0\Data315 50003968 bytes File C:\RRbackups\C\0\Data316 50003968 bytes File C:\RRbackups\C\0\Data317 50003968 bytes File C:\RRbackups\C\0\Data318 50003968 bytes File C:\RRbackups\C\0\Data319 50003968 bytes File C:\RRbackups\C\0\Data32 50003968 bytes File C:\RRbackups\C\0\Data320 50003968 bytes File C:\RRbackups\C\0\Data321 50003968 bytes File C:\RRbackups\C\0\Data322 50003968 bytes File C:\RRbackups\C\0\Data323 50003968 bytes File C:\RRbackups\C\0\Data324 50003968 bytes File C:\RRbackups\C\0\Data325 50003968 bytes File C:\RRbackups\C\0\Data327 50003968 bytes File C:\RRbackups\C\0\Data328 50003968 bytes File C:\RRbackups\C\0\Data329 50003968 bytes File C:\RRbackups\C\0\Data33 50003968 bytes File C:\RRbackups\C\0\Data330 50003968 bytes File C:\RRbackups\C\0\Data331 50003968 bytes File C:\RRbackups\C\0\Data332 50003968 bytes File C:\RRbackups\C\0\Data333 50003968 bytes File C:\RRbackups\C\0\Data334 50003968 bytes File C:\RRbackups\C\0\Data335 50003968 bytes File C:\RRbackups\C\0\Data336 50003968 bytes File C:\RRbackups\C\0\Data337 50003968 bytes File C:\RRbackups\C\0\Data338 50003968 bytes File C:\RRbackups\C\0\Data339 50003968 bytes File C:\RRbackups\C\0\Data34 50003968 bytes File C:\RRbackups\C\0\Data340 50003968 bytes File C:\RRbackups\C\0\Data341 50003968 bytes File C:\RRbackups\C\0\Data342 50003968 bytes File C:\RRbackups\C\0\Data343 50003968 bytes File C:\RRbackups\C\0\Data344 50003968 bytes File C:\RRbackups\C\0\Data346 50003968 bytes File C:\RRbackups\C\0\Data347 50003968 bytes File C:\RRbackups\C\0\Data348 50003968 bytes File C:\RRbackups\C\0\Data349 50003968 bytes File C:\RRbackups\C\0\Data35 50003968 bytes File C:\RRbackups\C\0\Data350 50003968 bytes File C:\RRbackups\C\0\Data351 50003968 bytes File C:\RRbackups\C\0\Data352 50003968 bytes File C:\RRbackups\C\0\Data353 50003968 bytes File C:\RRbackups\C\0\Data354 50003968 bytes File C:\RRbackups\C\0\Data355 50003968 bytes File C:\RRbackups\C\0\Data356 50003968 bytes File C:\RRbackups\C\0\Data357 50003968 bytes File C:\RRbackups\C\0\Data358 50003968 bytes File C:\RRbackups\C\0\Data359 50003968 bytes File C:\RRbackups\C\0\Data36 50003968 bytes File C:\RRbackups\C\0\Data360 50003968 bytes File C:\RRbackups\C\0\Data361 50003968 bytes File C:\RRbackups\C\0\Data362 50003968 bytes File C:\RRbackups\C\0\Data363 50003968 bytes File C:\RRbackups\C\0\Data365 50003968 bytes File C:\RRbackups\C\0\Data366 50003968 bytes File C:\RRbackups\C\0\Data367 50003968 bytes File C:\RRbackups\C\0\Data368 50003968 bytes File C:\RRbackups\C\0\Data369 50003968 bytes File C:\RRbackups\C\0\Data37 50003968 bytes File C:\RRbackups\C\0\Data370 50003968 bytes File C:\RRbackups\C\0\Data371 50003968 bytes File C:\RRbackups\C\0\Data372 50003968 bytes File C:\RRbackups\C\0\Data373 50003968 bytes File C:\RRbackups\C\0\Data374 50003968 bytes File C:\RRbackups\C\0\Data375 50003968 bytes File C:\RRbackups\C\0\Data376 50003968 bytes File C:\RRbackups\C\0\Data377 50003968 bytes File C:\RRbackups\C\0\Data378 50003968 bytes File C:\RRbackups\C\0\Data379 50003968 bytes File C:\RRbackups\C\0\Data38 50003968 bytes File C:\RRbackups\C\0\Data380 50003968 bytes |
|
03.11.2009, 16:26
| #15 |
| | ungewolltes öffnen von Webseiten File C:\RRbackups\C\0\Data381 50003968 bytes File C:\RRbackups\C\0\Data382 50003968 bytes File C:\RRbackups\C\0\Data384 50003968 bytes File C:\RRbackups\C\0\Data385 50003968 bytes File C:\RRbackups\C\0\Data386 50003968 bytes File C:\RRbackups\C\0\Data387 50003968 bytes File C:\RRbackups\C\0\Data388 50003968 bytes File C:\RRbackups\C\0\Data389 50003968 bytes File C:\RRbackups\C\0\Data39 50003968 bytes File C:\RRbackups\C\0\Data390 50003968 bytes File C:\RRbackups\C\0\Data391 50003968 bytes File C:\RRbackups\C\0\Data392 50003968 bytes File C:\RRbackups\C\0\Data393 50003968 bytes File C:\RRbackups\C\0\Data394 50003968 bytes File C:\RRbackups\C\0\Data395 50003968 bytes File C:\RRbackups\C\0\Data396 50003968 bytes File C:\RRbackups\C\0\Data397 50003968 bytes File C:\RRbackups\C\0\Data398 50003968 bytes File C:\RRbackups\C\0\Data399 50003968 bytes File C:\RRbackups\C\0\Data4 50003968 bytes File C:\RRbackups\C\0\Data40 50003968 bytes File C:\RRbackups\C\0\Data400 50003968 bytes File C:\RRbackups\C\0\Data402 50003968 bytes File C:\RRbackups\C\0\Data403 50003968 bytes File C:\RRbackups\C\0\Data404 50003968 bytes File C:\RRbackups\C\0\Data405 50003968 bytes File C:\RRbackups\C\0\Data406 50003968 bytes File C:\RRbackups\C\0\Data407 50003968 bytes File C:\RRbackups\C\0\Data408 50003968 bytes File C:\RRbackups\C\0\Data409 50003968 bytes File C:\RRbackups\C\0\Data41 50003968 bytes File C:\RRbackups\C\0\Data410 50003968 bytes File C:\RRbackups\C\0\Data411 50003968 bytes File C:\RRbackups\C\0\Data412 50003968 bytes File C:\RRbackups\C\0\Data413 50003968 bytes File C:\RRbackups\C\0\Data414 50003968 bytes File C:\RRbackups\C\0\Data415 50003968 bytes File C:\RRbackups\C\0\Data416 50003968 bytes File C:\RRbackups\C\0\Data417 50003968 bytes File C:\RRbackups\C\0\Data418 50003968 bytes File C:\RRbackups\C\0\Data419 50003968 bytes File C:\RRbackups\C\0\Data42 50003968 bytes File C:\RRbackups\C\0\Data421 50003968 bytes File C:\RRbackups\C\0\Data422 50003968 bytes File C:\RRbackups\C\0\Data423 50003968 bytes File C:\RRbackups\C\0\Data424 50003968 bytes File C:\RRbackups\C\0\Data425 50003968 bytes File C:\RRbackups\C\0\Data426 50003968 bytes File C:\RRbackups\C\0\Data427 50003968 bytes File C:\RRbackups\C\0\Data428 50003968 bytes File C:\RRbackups\C\0\Data429 50003968 bytes File C:\RRbackups\C\0\Data43 50003968 bytes File C:\RRbackups\C\0\Data430 50003968 bytes File C:\RRbackups\C\0\Data431 50003968 bytes File C:\RRbackups\C\0\Data432 50003968 bytes File C:\RRbackups\C\0\Data433 50003968 bytes File C:\RRbackups\C\0\Data434 50003968 bytes File C:\RRbackups\C\0\Data435 50003968 bytes File C:\RRbackups\C\0\Data436 50003968 bytes File C:\RRbackups\C\0\Data437 50003968 bytes File C:\RRbackups\C\0\Data438 50003968 bytes File C:\RRbackups\C\0\Data439 50003968 bytes File C:\RRbackups\C\0\Data440 50003968 bytes File C:\RRbackups\C\0\Data441 50003968 bytes File C:\RRbackups\C\0\Data442 50003968 bytes File C:\RRbackups\C\0\Data443 50003968 bytes File C:\RRbackups\C\0\Data444 50003968 bytes File C:\RRbackups\C\0\Data445 50003968 bytes File C:\RRbackups\C\0\Data446 50003968 bytes File C:\RRbackups\C\0\Data447 50003968 bytes File C:\RRbackups\C\0\Data448 50003968 bytes File C:\RRbackups\C\0\Data449 50003968 bytes File C:\RRbackups\C\0\Data45 50003968 bytes File C:\RRbackups\C\0\Data450 50003968 bytes File C:\RRbackups\C\0\Data451 50003968 bytes File C:\RRbackups\C\0\Data452 50003968 bytes File C:\RRbackups\C\0\Data453 50003968 bytes File C:\RRbackups\C\0\Data454 50003968 bytes File C:\RRbackups\C\0\Data455 50003968 bytes File C:\RRbackups\C\0\Data456 50003968 bytes File C:\RRbackups\C\0\Data457 50003968 bytes |
|
| Themen zu ungewolltes öffnen von Webseiten |
| antivir, ask toolbar, askbar, beheben, bereits, browser, dealio, ebenfalls, folge, folgendes, gestartet, hallo zusammen, hijack, hijackthis, hkus\s-1-5-18, inter, interne, internetbrowser, lenovo, lässtige, mozilla, plug-in, problem, programm, regelmäßig, saving, search settings, thinkvantage registry monitor service, toolbars, totaler, webseite, webseiten, zusammen, öffnen |
Linear-Darstellung
