Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Explorer öffnet ständig seiten -> hier HiJack Protokoll

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.06.2010, 06:35   #1
ceviz82
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Hallo Leute

auf meinem Rechner öffnen sich ab und zu irgendwelche Websiten. Ich habe Spy Bot & Malware schon laufen lassen. Hier das HiJack Protokoll Bitte helfen:

Code:
ATTFilter
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
C:\Program Files\iPass\iPassConnect\ProxyConnectEngine.exe
C:\Program Files\iPass\iPassConnect\bindOp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iPass\iPassConnect\downloader\iPCCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SAP_WUS_UNT] "C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
O4 - HKLM\..\Run: [iPassConnect] "C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe" /S
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [SignIn] "C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Microsoft Taskmanager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
         

Alt 07.06.2010, 09:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.06.2010, 10:00   #3
ceviz82
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Halloo

hier einmal die OTL Datei

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.06.2010 10:54:47 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\ciyanya1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 24,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227,06 Gb Total Space | 205,47 Gb Free Space | 90,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LMCR810VYH
Current User Name: ciyanya1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\ciyanya1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\iPass\iPassConnect\bindOp.exe (iPass, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\NET6\net6vpn.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe (TechSmith Corporation)
PRC - C:\Program Files\TechSmith\Snagit 9\TscHelp.exe (TechSmith Corporation)
PRC - C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe (TechSmith Corporation)
PRC - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
PRC - C:\WINDOWS\system32\DTS.exe ()
PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\iPass\iPassConnect\ProxyConnectEngine.exe (iPass, Inc.)
PRC - C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe (iPass, Inc.)
PRC - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.)
PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.)
PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.)
PRC - C:\Program Files\iPass\iPassConnect\downloader\iPCCheck.exe (iPass, Inc.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe (SAP AG, Walldorf)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\ciyanya1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\NET6\ctxsysmon.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TpKmpSVC) --  File not found
SRV - (SessionLauncher) --  File not found
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)
SRV - (dtsvc) -- C:\WINDOWS\system32\DTS.exe ()
SRV - (ADMonitor) -- C:\WINDOWS\system32\ADMonitor.exe ()
SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (iPassConnectEngine) -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (iPassPeriodicUpdateService) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.)
SRV - (iPassPeriodicUpdateApp) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (iPassP) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\iPassP.sys (Cisco Systems, Inc.)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (iastor) -- C:\WINDOWS\System32\Drivers\iaStor.sys (Intel Corporation)
DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (Net6IM) -- C:\WINDOWS\system32\drivers\net6im51.sys (Net6, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 B5 A4 C3 0E F8 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.02 13:29:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 18:23:11 | 000,000,000 | ---D | M]
 
[2009.01.28 13:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Extensions
[2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions
[2010.05.20 12:10:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.25 18:23:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.25 18:22:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010.05.26 09:20:30 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [iPassConnect] C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe (iPass, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: E:\02 Bilder\PICT0532.JPG
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.27 18:13:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.07 10:54:24 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ciyanya1\Desktop\OTL.exe
[2010.06.07 10:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\NET6
[2010.06.06 21:28:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ciyanya1\Recent
[2010.06.02 14:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Help
[2010.06.01 15:17:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.01 15:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Meetings
[2010.05.31 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2010.05.30 17:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\dvdcss
[2010.05.30 16:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\gtk-2.0
[2010.05.27 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010.05.27 12:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010.05.26 16:08:36 | 000,102,400 | ---- | C] (Andersen Consulting) -- C:\WINDOWS\System32\PIEkmCBT.dll
[2010.05.26 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\AC Applications
[2010.05.26 16:08:35 | 000,000,000 | ---D | C] -- C:\data
[2010.05.26 16:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Andersen Consulting
[2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.05.26 09:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\WinRAR
[2010.05.26 09:19:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010.05.25 18:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.05.25 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.05.25 18:23:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.05.25 18:23:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.05.25 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.05.25 18:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010.05.25 13:58:05 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.05.25 13:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010.05.21 09:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010.05.21 09:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010.05.20 21:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010.05.20 13:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.05.20 13:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.05.20 12:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Malwarebytes
[2010.05.20 12:26:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.20 12:26:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.05.20 09:50:26 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2010.05.20 09:40:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.05.20 09:01:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.05.19 17:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010.05.18 10:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Skype
[2010.05.15 01:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\vlc
[2010.05.15 01:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.05.14 11:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.thumbnails
[2010.05.12 14:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.gimp-2.6
[2010.05.12 14:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\gegl-0.0
[2010.05.12 14:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010.05.11 08:30:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Shapes
[2009.01.27 19:06:03 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009.01.27 19:05:59 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.07 10:54:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ciyanya1\Desktop\OTL.exe
[2010.06.07 09:37:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010.06.06 12:51:58 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.06 12:51:58 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.06 12:51:58 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.06 12:48:33 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.06.06 12:48:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.06 12:45:33 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010.06.06 12:45:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.06 12:45:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.06 12:45:28 | 2038,456,320 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.06 12:44:30 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\NTUSER.DAT
[2010.06.06 12:44:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ciyanya1\ntuser.ini
[2010.06.06 12:34:38 | 004,305,958 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\IconCache.db
[2010.06.04 13:52:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.06.01 14:27:09 | 000,058,156 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel
[2010.05.26 11:54:34 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.26 09:20:30 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010.05.25 18:22:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.05.25 18:22:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.05.25 13:58:03 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.05.20 09:59:52 | 000,002,016 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010.05.20 09:08:32 | 000,183,296 | ---- | M] () -- C:\WINDOWS\Omagoa.exe
[2010.05.14 11:06:41 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.ufrawrc
[2010.05.10 10:50:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.06 12:45:32 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010.06.05 14:21:24 | 2038,456,320 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.01 14:27:09 | 000,058,156 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel
[2010.05.25 13:55:05 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.05.20 09:59:52 | 000,002,016 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010.05.20 09:08:35 | 000,183,296 | ---- | C] () -- C:\WINDOWS\Omagoa.exe
[2010.05.12 14:53:28 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.ufrawrc
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.01.28 11:28:45 | 000,003,429 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2009.01.27 22:22:09 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2009.01.27 22:22:09 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2009.01.27 22:22:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2009.01.27 22:22:09 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2009.01.27 22:22:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2009.01.27 22:22:06 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2009.01.27 22:11:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.01.27 21:51:30 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009.01.27 21:35:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.01.27 21:35:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.01.27 21:35:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.01.27 21:35:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009.01.27 19:31:15 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009.01.27 19:25:00 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009.01.27 19:06:03 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009.01.27 19:06:03 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009.01.27 19:06:03 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009.01.27 18:46:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2008.08.18 19:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.04.14 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008.04.14 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008.04.14 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008.04.14 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008.04.14 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >
         
--- --- ---
__________________

Alt 07.06.2010, 10:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Mach bitte zuerst den Vollscan mit Malwarebytes.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.06.2010, 08:02   #5
ceviz82
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Hallo..

ich habe nun Zeit gefunden das alles druchlaufen zu lassen. Bitte helfen..

Hier ist das Malware Protokoll..



Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org



Database version: 4182



Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702



09.06.2010 08:17:30

mbam-log-2010-06-09 (08-17-30).txt



Scan type: Quick scan

Objects scanned: 148231

Time elapsed: 6 minute(s), 53 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

(No malicious items detected)


________________


Hier sind die weiteren Protokolle



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.06.2010 08:25:50 - Run 2

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 18,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 227,06 Gb Total Space | 204,22 Gb Free Space | 89,94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: LMCR810VYH

Current User Name: ciyanya1

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\All Users\Application Data\5S0bbX21.exe ()

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe ()

PRC - C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\HiJackThis204.exe (Trend Micro Inc.)

PRC - C:\Program Files\Microsoft Office Communicator\communicator .exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Online Services\Sign In\SignIn .exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Java\Java Update\jusched .exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)

PRC - C:\Program Files\iPass\iPassConnect\bindOp.exe (iPass, Inc.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

PRC - C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 9\TscHelp.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)

PRC - C:\WINDOWS\system32\DTS.exe ()

PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)

PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp .exe (Lenovo Group Ltd.)

PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT .exe (McAfee, Inc.)

PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

PRC - C:\Program Files\iPass\iPassConnect\ProxyConnectEngine.exe (iPass, Inc.)

PRC - C:\Program Files\iPass\iPassConnect\iPassConnectGUI .exe (iPass, Inc.)

PRC - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.)

PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)

PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.)

PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.)

PRC - C:\Program Files\iPass\iPassConnect\downloader\iPCCheck.exe (iPass, Inc.)

PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR .exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK .exe (Lenovo Group Limited)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\WINDOWS\system32\TpShocks .exe (Lenovo.)

PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh .exe (Synaptics, Inc.)

PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)

PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient .exe (Intel Corporation)

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\udaterui .exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)

PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)

PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool .exe (SAP AG)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (TpKmpSVC) --  File not found

SRV - (SessionLauncher) --  File not found

SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)

SRV - (dtsvc) -- C:\WINDOWS\system32\DTS.exe ()

SRV - (ADMonitor) -- C:\WINDOWS\system32\ADMonitor.exe ()

SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.)

SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

SRV - (iPassConnectEngine) -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.)

SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

SRV - (iPassPeriodicUpdateService) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.)

SRV - (iPassPeriodicUpdateApp) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)

SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)

DRV - (iPassP) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\iPassP.sys (Cisco Systems, Inc.)

DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()

DRV - (iastor) -- C:\WINDOWS\System32\Drivers\iaStor.sys (Intel Corporation)

DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)

DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()

DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)

DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)

DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (Net6IM) -- C:\WINDOWS\system32\drivers\net6im51.sys (Net6, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lodestonemc.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.lodestonemc.com/";

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.02 13:29:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 18:23:11 | 000,000,000 | ---D | M]

 

[2009.01.28 13:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Extensions

[2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions

[2010.05.20 12:10:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010.05.25 18:23:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.05.25 18:22:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2010.06.08 13:28:32 | 000,403,618 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1      007guard.com

O1 - Hosts: 127.0.0.1      www.007guard.com

O1 - Hosts: 127.0.0.1      008i.com

O1 - Hosts: 127.0.0.1      008k.com

O1 - Hosts: 127.0.0.1      www.008k.com

O1 - Hosts: 127.0.0.1      00hq.com

O1 - Hosts: 127.0.0.1      www.00hq.com

O1 - Hosts: 127.0.0.1      010402.com

O1 - Hosts: 127.0.0.1      032439.com

O1 - Hosts: 127.0.0.1      www.032439.com

O1 - Hosts: 127.0.0.1      0scan.com

O1 - Hosts: 127.0.0.1      www.0scan.com

O1 - Hosts: 127.0.0.1      1-2005-search.com

O1 - Hosts: 127.0.0.1      www.1-2005-search.com

O1 - Hosts: 127.0.0.1      1-domains-registrations.com

O1 - Hosts: 127.0.0.1      www.1-domains-registrations.com

O1 - Hosts: 127.0.0.1      1000gratisproben.com

O1 - Hosts: 127.0.0.1      www.1000gratisproben.com

O1 - Hosts: 127.0.0.1      1001namen.com

O1 - Hosts: 127.0.0.1      www.1001namen.com

O1 - Hosts: 127.0.0.1      100888290cs.com

O1 - Hosts: 127.0.0.1      www.100888290cs.com

O1 - Hosts: 127.0.0.1      100sexlinks.com

O1 - Hosts: 127.0.0.1      www.100sexlinks.com

O1 - Hosts: 13963 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe ()

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe ()

O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe ()

O4 - HKLM..\Run: [iPassConnect] C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe ()

O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.exe ()

O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.exe ()

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe ()

O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe ()

O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe ()

O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE ()

O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe ()

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet)

O15 - HKCU\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.)

O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)

O24 - Desktop WallPaper: E:\02 Bilder\PICT0532.JPG

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.01.27 18:13:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.08 12:26:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ciyanya1\Recent

[2010.06.08 12:21:58 | 000,032,768 | ---- | C] (*) -- C:\WINDOWS\System32\chipxum.dll

[2010.06.08 12:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool

[2010.06.07 10:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\NET6

[2010.06.02 14:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Help

[2010.06.01 15:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Meetings

[2010.05.31 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player

[2010.05.30 17:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\dvdcss

[2010.05.30 16:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\gtk-2.0

[2010.05.27 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2010.05.27 12:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2010.05.26 16:08:36 | 000,102,400 | ---- | C] (Andersen Consulting) -- C:\WINDOWS\System32\PIEkmCBT.dll

[2010.05.26 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\AC Applications

[2010.05.26 16:08:35 | 000,000,000 | ---D | C] -- C:\data

[2010.05.26 16:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Andersen Consulting

[2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010.05.26 09:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\WinRAR

[2010.05.26 09:19:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2010.05.25 18:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010.05.25 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010.05.25 18:23:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.05.25 18:23:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.05.25 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010.05.25 18:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010.05.25 13:58:05 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010.05.25 13:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010.05.21 09:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010.05.21 09:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010.05.20 21:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX

[2010.05.20 13:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010.05.20 13:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010.05.20 12:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Malwarebytes

[2010.05.20 12:26:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.05.20 12:26:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010.05.20 09:50:26 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2010.05.20 09:40:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2010.05.20 09:01:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010.05.19 17:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2010.05.18 10:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Skype

[2010.05.15 01:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\vlc

[2010.05.15 01:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2010.05.14 11:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.thumbnails

[2010.05.12 14:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.gimp-2.6

[2010.05.12 14:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\gegl-0.0

[2010.05.12 14:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2010.05.11 08:30:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Shapes

[2009.01.27 19:06:03 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009.01.27 19:05:59 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010.06.09 08:15:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010.06.09 08:11:43 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8ee1EL6.dat

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job

[2010.06.09 08:11:38 | 000,070,148 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5S0bbX21.exe

[2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job

[2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job

[2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job

[2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job

[2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job

[2010.06.09 07:59:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.06.09 07:59:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010.06.08 20:59:55 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\NTUSER.DAT

[2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job

[2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job

[2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job

[2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job

[2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job

[2010.06.08 17:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job

[2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job

[2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job

[2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job

[2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job

[2010.06.08 16:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job

[2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job

[2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job

[2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job

[2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job

[2010.06.08 15:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job

[2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job

[2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job

[2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job

[2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job

[2010.06.08 14:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job

[2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job

[2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job

[2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job

[2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job

[2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job

[2010.06.08 13:55:18 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.08 13:55:18 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.08 13:55:18 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.08 13:53:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010.06.08 13:52:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.06.08 13:51:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.08 13:50:47 | 000,001,024 | ---- | M] () -- C:\.rnd

[2010.06.08 13:50:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.08 13:50:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.08 13:50:41 | 2038,456,320 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.08 13:49:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ciyanya1\ntuser.ini

[2010.06.08 13:49:25 | 003,777,368 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\IconCache.db

[2010.06.08 13:28:32 | 000,403,618 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2010.06.08 12:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010.06.08 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job

[2010.06.08 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job

[2010.06.08 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job

[2010.06.08 11:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010.06.08 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job

[2010.06.08 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job

[2010.06.08 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job

[2010.06.08 10:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010.06.08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job

[2010.06.08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job

[2010.06.08 09:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010.06.08 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job

[2010.06.08 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job

[2010.06.07 18:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010.06.07 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job

[2010.06.07 16:22:46 | 000,000,000 | ---- | M] () -- C:\debug

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010.06.07 15:42:21 | 000,038,916 | ---- | M] () -- C:\WINDOWS\System32\TpShocks.exe

[2010.06.01 14:27:09 | 000,058,156 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel

[2010.05.26 11:54:34 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.05.26 09:20:30 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-132832.backup

[2010.05.25 18:22:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.05.25 18:22:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.05.25 13:58:03 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010.05.20 09:59:52 | 000,002,016 | ---- | M] () -- C:\WINDOWS\lsrslt.ini

[2010.05.14 11:06:41 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.ufrawrc

[2010.05.10 10:50:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job

[2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job

[2010.06.09 08:11:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job

[2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job

[2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job

[2010.06.08 13:55:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job

[2010.06.08 13:50:46 | 000,001,024 | ---- | C] () -- C:\.rnd

[2010.06.08 13:44:54 | 2038,456,320 | -HS- | C] () -- C:\hiberfil.sys

[2010.06.08 12:21:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\DriveInfo.dll

[2010.06.08 10:44:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job

[2010.06.08 10:44:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job

[2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job

[2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job

[2010.06.08 08:10:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.06.07 16:22:46 | 000,000,000 | ---- | C] () -- C:\debug

[2010.06.07 16:19:00 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8ee1EL6.dat

[2010.06.07 16:18:55 | 000,070,148 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5S0bbX21.exe

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job

[2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job

[2010.06.07 15:42:22 | 000,038,912 | ---- | C] () -- C:\WINDOWS\Fonts\3wtVk3fb.com

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010.06.01 14:27:09 | 000,058,156 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel

[2010.05.25 13:55:05 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.05.20 09:59:52 | 000,002,016 | ---- | C] () -- C:\WINDOWS\lsrslt.ini

[2010.05.12 14:53:28 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.ufrawrc

[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009.01.28 11:28:45 | 000,003,429 | ---- | C] () -- C:\WINDOWS\saplogon.ini

[2009.01.27 22:22:09 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll

[2009.01.27 22:22:09 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll

[2009.01.27 22:22:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll

[2009.01.27 22:22:09 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll

[2009.01.27 22:22:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll

[2009.01.27 22:22:06 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll

[2009.01.27 22:11:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.01.27 21:51:30 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009.01.27 21:35:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009.01.27 21:35:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009.01.27 21:35:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009.01.27 21:35:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009.01.27 19:31:15 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2009.01.27 19:25:00 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009.01.27 19:06:03 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009.01.27 19:06:03 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009.01.27 19:06:03 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2009.01.27 18:46:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll

[2008.08.18 19:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >
         
--- --- ---


Alt 09.06.2010, 08:03   #6
ceviz82
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Und hier das letzte.. Vielen dank im Voraus...





OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2010 08:25:50 - Run 2

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 18,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 227,06 Gb Total Space | 204,22 Gb Free Space | 89,94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: LMCR810VYH

Current User Name: ciyanya1

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

"E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\01 - citrixsaclient.exe" = E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\01 - citrixsaclient.exe:*:Enabled:Citrix Secure Access Agent -- File not found

"E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\02 - win2kvpn.exe" = E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\02 - win2kvpn.exe:*:Enabled:Citrix Secure Access Client -- File not found

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- ()

"C:\Program Files\NET6\net6vpn.exe" = C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Client -- (Citrix Systems, Inc.)

"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent

"{065717D4-B980-434B-B778-0F14FBDB4AC3}" = Cisco AnyConnect VPN Client

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2

"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility 

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{1D73A294-D702-47AA-A089-A6E1FC4DED42}" = iPassConnect

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}" = Skype™ 3.8

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera

"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi Software

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12

"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack

"{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack

"{901E0410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Italian User Interface Pack

"{901E0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Dutch User Interface Pack

"{901E0415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Polish User Interface Pack

"{901E0418-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Romanian User Interface Pack

"{901E0816-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Portuguese (Portugal) User Interface Pack

"{901E0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Spanish User Interface Pack

"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent

"{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services Sign In

"{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition

"{B104C813-FB09-4B7B-B675-5EF0C176AF66}" = Microsoft Conferencing Add-in for Microsoft Office Outlook

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (10/02/2008 8.1.2.37)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"CCleaner" = CCleaner

"Chemical Industry Foundations" = Chemical Industry Foundations v1.1

"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15

"ClearProg" = ClearProg 1.5.0 Final

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter

"CutePDF Writer Installation" = CutePDF Writer 2.7

"FLV Player" = FLV Player 2.0 (build 25)

"GPL Ghostscript 8.63" = GPL Ghostscript 8.63

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HECI" = Intel(R) Management Engine Interface

"ie8" = Windows Internet Explorer 8

"ITPM" = Intel® Trusted Platform Module

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MESOL" = Intel® Active Management Technology

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)

"Net6 Vpn" = Citrix Secure Access Client

"OnScreenDisplay" = On Screen Display

"OUTLOOK" = Microsoft Office Outlook 2007

"PC-Doctor for Windows" = Lenovo System Toolbox

"Power Management Driver" = ThinkPad Power Management Driver

"PROSet" = Intel(R) Network Connections Drivers

"SAP_WUS" = SAPSetup Automatic Workstation Update Service

"SAPBI" = SAP Business Explorer

"SAPGUI710" = SAP GUI 7.10

"Security Task Manager" = Security Task Manager 1.7h

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"UFRaw_is1" = UFRaw 0.17

"VLC media player" = VLC media player 1.0.5

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinGimp-2.0_is1" = GIMP 2.6.8

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 08.06.2010 06:30:45 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 08:00:48 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 08:00:49 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

Error - 08.06.2010 08:05:59 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 08:21:24 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

Error - 08.06.2010 11:33:34 | Computer Name = LMCR810VYH | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

 

Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

[ Application Events ]

Error - 08.06.2010 06:30:45 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 08:00:48 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 08:00:49 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

Error - 08.06.2010 08:05:59 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 08:21:24 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

Error - 08.06.2010 11:33:34 | Computer Name = LMCR810VYH | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

 

Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

[ Application Events ]

Error - 08.06.2010 06:30:45 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 08:00:48 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 08:00:49 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

Error - 08.06.2010 08:05:59 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 08:21:24 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,

 P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

 

Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

Error - 08.06.2010 11:33:34 | Computer Name = LMCR810VYH | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

 

Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: The connection with the server was terminated abnormally  

 

Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;

 with error: This network connection does not exist.  

 

[ OSession Events ]

Error - 22.05.2010 06:29:03 | Computer Name = LMCR810VYH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72003

 seconds with 900 seconds of active time.  This session ended with a crash.

 

Error - 24.05.2010 17:00:59 | Computer Name = LMCR810VYH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 210708

 seconds with 120 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 08.06.2010 07:47:22 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

   %%2

 

Error - 08.06.2010 07:47:22 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000

Description = The IBM KCU Service service failed to start due to the following error:

   %%2

 

Error - 08.06.2010 07:51:10 | Computer Name = LMCR810VYH | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

 

Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Themes service to connect.

 

Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000

Description = The Themes service failed to start due to the following error:   %%1053

 

Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000

Description = The Parallel port driver service failed to start due to the following

 error:   %%1058

 

Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000

Description = The SessionLauncher service failed to start due to the following error:

   %%3

 

Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

   %%2

 

Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000

Description = The IBM KCU Service service failed to start due to the following error:

   %%2

 

Error - 08.06.2010 14:52:20 | Computer Name = LMCR810VYH | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

 service and therefore cannot download and install updates according to the set 

schedule. Windows will continue to try to establish a connection.

 

 

< End of report >
         
--- --- ---

Alt 09.06.2010, 14:53   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Ich wollte einen Vollscan von Malwarebytes sehen...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.06.2010, 17:11   #8
ceviz82
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Hi

Hab jetzt noch ein Vollscan hinterher geschoben..

Gruß
ceviz82

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.06.2010 18:10:56
mbam-log-2010-06-09 (18-10-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 192186
Time elapsed: 40 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Alt 09.06.2010, 20:08   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Explorer öffnet ständig seiten -> hier HiJack Protokoll - Standard

Explorer öffnet ständig seiten -> hier HiJack Protokoll



Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
files to delete:
C:\WINDOWS\Omagoa.exe
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Explorer öffnet ständig seiten -> hier HiJack Protokoll
adobe, bho, bot, browseui preloader, clean, defender, desktop, dll, downloader, explorer, hijack, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, lenovo, malware, messenger, microsoft, registry, rundll, seiten, software, system, temp, windows, öffnet



Ähnliche Themen: Explorer öffnet ständig seiten -> hier HiJack Protokoll


  1. Firefox öffnet ständig neue seiten
    Plagegeister aller Art und deren Bekämpfung - 06.04.2014 (9)
  2. Hijack Protokoll Irgendwas stimmt nicht
    Log-Analyse und Auswertung - 13.03.2013 (3)
  3. Google öffnet falsche Seiten - hier ein weiteres Opfer :((
    Plagegeister aller Art und deren Bekämpfung - 11.08.2011 (12)
  4. Google öffnet ständig falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (1)
  5. gomeo tips hier befolgt...folgenedes Protokoll..
    Log-Analyse und Auswertung - 11.12.2010 (37)
  6. Trojaner öffnet ständig neue Seiten in Firefox!
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (10)
  7. Internet Explorer und co öffnet ständig Seiten
    Log-Analyse und Auswertung - 10.06.2010 (30)
  8. IE-Explorer öffnet sich ungefragt! Hier die Logfile...
    Log-Analyse und Auswertung - 04.06.2010 (7)
  9. IE öffnet ständig werbung. im sekundentakt virenmeldungen! hijack log liegt bei!
    Log-Analyse und Auswertung - 07.04.2010 (1)
  10. IE öffnet ständig neue Seiten Popups
    Log-Analyse und Auswertung - 04.02.2009 (3)
  11. google öffnet ständig falsche Seiten
    Log-Analyse und Auswertung - 23.01.2009 (6)
  12. Mein E öffnet ständig selbst Seiten
    Log-Analyse und Auswertung - 23.01.2009 (0)
  13. ie öffnet ständig neue seiten
    Log-Analyse und Auswertung - 20.10.2008 (3)
  14. hijack this protokoll! trojaner iexplore.exe
    Mülltonne - 21.10.2007 (0)
  15. Internet Explorer öffnet ständig falsche Seiten
    Log-Analyse und Auswertung - 18.10.2007 (7)
  16. Explorer öffnet automatisch hier mein Logfile
    Log-Analyse und Auswertung - 07.03.2007 (5)
  17. pFirewall Protokoll...was ist hier los?
    Plagegeister aller Art und deren Bekämpfung - 29.01.2006 (2)

Zum Thema Explorer öffnet ständig seiten -> hier HiJack Protokoll - Hallo Leute auf meinem Rechner öffnen sich ab und zu irgendwelche Websiten. Ich habe Spy Bot & Malware schon laufen lassen. Hier das HiJack Protokoll Bitte helfen: Code: Alles auswählen - Explorer öffnet ständig seiten -> hier HiJack Protokoll...
Archiv
Du betrachtest: Explorer öffnet ständig seiten -> hier HiJack Protokoll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.