| |
| |||||||
Log-Analyse und Auswertung: Explorer öffnet ständig seiten -> hier HiJack ProtokollWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.06.2010, 06:35
| #1 |
| |  Explorer öffnet ständig seiten -> hier HiJack Protokoll Hallo Leute auf meinem Rechner öffnen sich ab und zu irgendwelche Websiten. Ich habe Spy Bot & Malware schon laufen lassen. Hier das HiJack Protokoll Bitte helfen: Code:
ATTFilter Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
C:\Program Files\iPass\iPassConnect\ProxyConnectEngine.exe
C:\Program Files\iPass\iPassConnect\bindOp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iPass\iPassConnect\downloader\iPCCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\HiJackThis204.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SAP_WUS_UNT] "C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
O4 - HKLM\..\Run: [iPassConnect] "C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe" /S
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [SignIn] "C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Microsoft Taskmanager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
|
|
07.06.2010, 09:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Explorer öffnet ständig seiten -> hier HiJack Protokoll Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
07.06.2010, 10:00
| #3 |
| | Explorer öffnet ständig seiten -> hier HiJack Protokoll Halloo
__________________hier einmal die OTL Datei  OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.06.2010 10:54:47 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\ciyanya1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 24,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 227,06 Gb Total Space | 205,47 Gb Free Space | 90,49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LMCR810VYH Current User Name: ciyanya1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\ciyanya1\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Program Files\iPass\iPassConnect\bindOp.exe (iPass, Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files\NET6\net6vpn.exe (Citrix Systems, Inc.) PRC - C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 9\TscHelp.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation) PRC - C:\WINDOWS\system32\DTS.exe () PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) PRC - C:\Program Files\iPass\iPassConnect\ProxyConnectEngine.exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.) PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\downloader\iPCCheck.exe (iPass, Inc.) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.) PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG) PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG) PRC - C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe (SAP AG, Walldorf) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\ciyanya1\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\NET6\ctxsysmon.dll () ========== Win32 Services (SafeList) ========== SRV - (TpKmpSVC) -- File not found SRV - (SessionLauncher) -- File not found SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) SRV - (dtsvc) -- C:\WINDOWS\system32\DTS.exe () SRV - (ADMonitor) -- C:\WINDOWS\system32\ADMonitor.exe () SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (iPassConnectEngine) -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (iPassPeriodicUpdateService) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.) SRV - (iPassPeriodicUpdateApp) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (iPassP) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\iPassP.sys (Cisco Systems, Inc.) DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (iastor) -- C:\WINDOWS\System32\Drivers\iaStor.sys (Intel Corporation) DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited) DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (Net6IM) -- C:\WINDOWS\system32\drivers\net6im51.sys (Net6, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 B5 A4 C3 0E F8 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.02 13:29:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 18:23:11 | 000,000,000 | ---D | M] [2009.01.28 13:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Extensions [2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions [2010.05.20 12:10:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.25 18:23:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.25 18:22:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010.05.26 09:20:30 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [iPassConnect] C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe (iPass, Inc.) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.) O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O24 - Desktop WallPaper: E:\02 Bilder\PICT0532.JPG O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.27 18:13:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.07 10:54:24 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ciyanya1\Desktop\OTL.exe [2010.06.07 10:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\NET6 [2010.06.06 21:28:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ciyanya1\Recent [2010.06.02 14:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Help [2010.06.01 15:17:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.01 15:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Meetings [2010.05.31 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player [2010.05.30 17:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\dvdcss [2010.05.30 16:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\gtk-2.0 [2010.05.27 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2010.05.27 12:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2010.05.26 16:08:36 | 000,102,400 | ---- | C] (Andersen Consulting) -- C:\WINDOWS\System32\PIEkmCBT.dll [2010.05.26 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\AC Applications [2010.05.26 16:08:35 | 000,000,000 | ---D | C] -- C:\data [2010.05.26 16:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Andersen Consulting [2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.05.26 09:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\WinRAR [2010.05.26 09:19:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2010.05.25 18:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.05.25 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.05.25 18:23:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.25 18:23:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.25 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010.05.25 18:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.05.25 13:58:05 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.25 13:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010.05.21 09:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010.05.21 09:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010.05.20 21:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010.05.20 13:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.05.20 13:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.05.20 12:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Malwarebytes [2010.05.20 12:26:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.20 12:26:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.05.20 09:50:26 | 000,000,000 | ---D | C] -- C:\QUARANTINE [2010.05.20 09:40:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.05.20 09:01:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010.05.19 17:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010.05.18 10:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Skype [2010.05.15 01:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\vlc [2010.05.15 01:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.05.14 11:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.thumbnails [2010.05.12 14:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.gimp-2.6 [2010.05.12 14:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\gegl-0.0 [2010.05.12 14:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2010.05.11 08:30:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Shapes [2009.01.27 19:06:03 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2009.01.27 19:05:59 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.07 10:54:38 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ciyanya1\Desktop\OTL.exe [2010.06.07 09:37:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.06.06 12:51:58 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.06 12:51:58 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.06 12:51:58 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.06 12:48:33 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.06.06 12:48:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.06 12:45:33 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.06.06 12:45:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.06 12:45:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.06 12:45:28 | 2038,456,320 | -HS- | M] () -- C:\hiberfil.sys [2010.06.06 12:44:30 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\NTUSER.DAT [2010.06.06 12:44:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ciyanya1\ntuser.ini [2010.06.06 12:34:38 | 004,305,958 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\IconCache.db [2010.06.04 13:52:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.06.01 14:27:09 | 000,058,156 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel [2010.05.26 11:54:34 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.26 09:20:30 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2010.05.25 18:22:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.25 18:22:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.25 13:58:03 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.20 09:59:52 | 000,002,016 | ---- | M] () -- C:\WINDOWS\lsrslt.ini [2010.05.20 09:08:32 | 000,183,296 | ---- | M] () -- C:\WINDOWS\Omagoa.exe [2010.05.14 11:06:41 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.ufrawrc [2010.05.10 10:50:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.06 12:45:32 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.06.05 14:21:24 | 2038,456,320 | -HS- | C] () -- C:\hiberfil.sys [2010.06.01 14:27:09 | 000,058,156 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel [2010.05.25 13:55:05 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.05.20 09:59:52 | 000,002,016 | ---- | C] () -- C:\WINDOWS\lsrslt.ini [2010.05.20 09:08:35 | 000,183,296 | ---- | C] () -- C:\WINDOWS\Omagoa.exe [2010.05.12 14:53:28 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.ufrawrc [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.01.28 11:28:45 | 000,003,429 | ---- | C] () -- C:\WINDOWS\saplogon.ini [2009.01.27 22:22:09 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2009.01.27 22:22:09 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2009.01.27 22:22:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2009.01.27 22:22:09 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2009.01.27 22:22:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2009.01.27 22:22:06 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll [2009.01.27 22:11:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.01.27 21:51:30 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2009.01.27 21:35:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009.01.27 21:35:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009.01.27 21:35:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009.01.27 21:35:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009.01.27 19:31:15 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2009.01.27 19:25:00 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.01.27 19:06:03 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009.01.27 19:06:03 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2009.01.27 19:06:03 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2009.01.27 18:46:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll [2008.08.18 19:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.04.14 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008.04.14 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008.04.14 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008.04.14 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008.04.14 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll < End of report > |
|
07.06.2010, 10:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Explorer öffnet ständig seiten -> hier HiJack Protokoll Mach bitte zuerst den Vollscan mit Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.06.2010, 08:02
| #5 |
| | Explorer öffnet ständig seiten -> hier HiJack Protokoll Hallo.. ich habe nun Zeit gefunden das alles druchlaufen zu lassen. Bitte helfen.. Hier ist das Malware Protokoll.. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4182 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.06.2010 08:17:30 mbam-log-2010-06-09 (08-17-30).txt Scan type: Quick scan Objects scanned: 148231 Time elapsed: 6 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ________________ Hier sind die weiteren Protokolle OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2010 08:25:50 - Run 2 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 18,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 227,06 Gb Total Space | 204,22 Gb Free Space | 89,94% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LMCR810VYH Current User Name: ciyanya1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\All Users\Application Data\5S0bbX21.exe () PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe () PRC - C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\HiJackThis204.exe (Trend Micro Inc.) PRC - C:\Program Files\Microsoft Office Communicator\communicator .exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Online Services\Sign In\SignIn .exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Java\Java Update\jusched .exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Program Files\iPass\iPassConnect\bindOp.exe (iPass, Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe (Safer-Networking Ltd.) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 9\TscHelp.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 9\SnagitEditor.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation) PRC - C:\WINDOWS\system32\DTS.exe () PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp .exe (Lenovo Group Ltd.) PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT .exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) PRC - C:\Program Files\iPass\iPassConnect\ProxyConnectEngine.exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\iPassConnectGUI .exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.) PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.) PRC - C:\Program Files\iPass\iPassConnect\downloader\iPCCheck.exe (iPass, Inc.) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR .exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK .exe (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\WINDOWS\system32\TpShocks .exe (Lenovo.) PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh .exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient .exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\udaterui .exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG) PRC - C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool .exe (SAP AG) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TpKmpSVC) -- File not found SRV - (SessionLauncher) -- File not found SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) SRV - (dtsvc) -- C:\WINDOWS\system32\DTS.exe () SRV - (ADMonitor) -- C:\WINDOWS\system32\ADMonitor.exe () SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (iPassConnectEngine) -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe (iPass, Inc.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (iPassPeriodicUpdateService) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (iPass, Inc.) SRV - (iPassPeriodicUpdateApp) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (iPass, Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (iPassP) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\iPassP.sys (Cisco Systems, Inc.) DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (iastor) -- C:\WINDOWS\System32\Drivers\iaStor.sys (Intel Corporation) DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited) DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (Net6IM) -- C:\WINDOWS\system32\drivers\net6im51.sys (Net6, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lodestonemc.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.lodestonemc.com/"; FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.02 13:29:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 18:23:11 | 000,000,000 | ---D | M] [2009.01.28 13:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Extensions [2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions [2010.05.20 12:10:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ciyanya1\Application Data\Mozilla\Firefox\Profiles\jgmb0vtb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.01 18:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.25 18:23:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.25 18:22:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010.06.08 13:28:32 | 000,403,618 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-domains-registrations.com O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 13963 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe () O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe () O4 - HKLM..\Run: [iPassConnect] C:\Program Files\iPass\iPassConnect\iPassConnectGUI.exe () O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.exe () O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.exe () O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe () O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe () O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe () O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE () O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe () O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet) O15 - HKCU\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.) O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O24 - Desktop WallPaper: E:\02 Bilder\PICT0532.JPG O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.27 18:13:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.08 12:26:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ciyanya1\Recent [2010.06.08 12:21:58 | 000,032,768 | ---- | C] (*) -- C:\WINDOWS\System32\chipxum.dll [2010.06.08 12:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool [2010.06.07 10:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\NET6 [2010.06.02 14:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Help [2010.06.01 15:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Meetings [2010.05.31 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player [2010.05.30 17:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\dvdcss [2010.05.30 16:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\gtk-2.0 [2010.05.27 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2010.05.27 12:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2010.05.26 16:08:36 | 000,102,400 | ---- | C] (Andersen Consulting) -- C:\WINDOWS\System32\PIEkmCBT.dll [2010.05.26 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\AC Applications [2010.05.26 16:08:35 | 000,000,000 | ---D | C] -- C:\data [2010.05.26 16:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Andersen Consulting [2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.05.26 12:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.05.26 09:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\WinRAR [2010.05.26 09:19:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2010.05.25 18:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.05.25 18:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.05.25 18:23:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.25 18:23:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.25 18:23:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.25 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010.05.25 18:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.05.25 13:58:05 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.25 13:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010.05.21 09:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010.05.21 09:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010.05.20 21:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010.05.20 13:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.05.20 13:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.05.20 12:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Malwarebytes [2010.05.20 12:26:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.20 12:26:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.20 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.05.20 09:50:26 | 000,000,000 | ---D | C] -- C:\QUARANTINE [2010.05.20 09:40:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.05.20 09:01:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010.05.19 17:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010.05.18 10:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\Skype [2010.05.15 01:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\Application Data\vlc [2010.05.15 01:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.05.14 11:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.thumbnails [2010.05.12 14:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\.gimp-2.6 [2010.05.12 14:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ciyanya1\My Documents\gegl-0.0 [2010.05.12 14:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2010.05.11 08:30:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ciyanya1\My Documents\My Shapes [2009.01.27 19:06:03 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2009.01.27 19:05:59 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.09 08:15:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010.06.09 08:11:43 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8ee1EL6.dat [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job [2010.06.09 08:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job [2010.06.09 08:11:38 | 000,070,148 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5S0bbX21.exe [2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job [2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job [2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job [2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job [2010.06.09 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job [2010.06.09 07:59:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.06.09 07:59:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.06.08 20:59:55 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\NTUSER.DAT [2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job [2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job [2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job [2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job [2010.06.08 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job [2010.06.08 17:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job [2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job [2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job [2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job [2010.06.08 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job [2010.06.08 16:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job [2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job [2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job [2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job [2010.06.08 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job [2010.06.08 15:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job [2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job [2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job [2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job [2010.06.08 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job [2010.06.08 14:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job [2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job [2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job [2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job [2010.06.08 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job [2010.06.08 13:57:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job [2010.06.08 13:55:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job [2010.06.08 13:55:18 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.08 13:55:18 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.08 13:55:18 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.08 13:53:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.06.08 13:52:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.06.08 13:51:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.08 13:50:47 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.06.08 13:50:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.08 13:50:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.08 13:50:41 | 2038,456,320 | -HS- | M] () -- C:\hiberfil.sys [2010.06.08 13:49:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ciyanya1\ntuser.ini [2010.06.08 13:49:25 | 003,777,368 | -H-- | M] () -- C:\Documents and Settings\ciyanya1\Local Settings\Application Data\IconCache.db [2010.06.08 13:28:32 | 000,403,618 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2010.06.08 12:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010.06.08 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job [2010.06.08 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job [2010.06.08 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job [2010.06.08 11:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010.06.08 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job [2010.06.08 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job [2010.06.08 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job [2010.06.08 10:44:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job [2010.06.08 10:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010.06.08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job [2010.06.08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job [2010.06.08 09:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010.06.08 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job [2010.06.08 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job [2010.06.08 08:14:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job [2010.06.07 18:15:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010.06.07 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job [2010.06.07 16:22:46 | 000,000,000 | ---- | M] () -- C:\debug [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job [2010.06.07 16:18:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010.06.07 15:42:22 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010.06.07 15:42:21 | 000,038,916 | ---- | M] () -- C:\WINDOWS\System32\TpShocks.exe [2010.06.01 14:27:09 | 000,058,156 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel [2010.05.26 11:54:34 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.26 09:20:30 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-132832.backup [2010.05.25 18:22:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.25 18:22:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.25 18:22:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.25 13:58:03 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010.05.20 09:59:52 | 000,002,016 | ---- | M] () -- C:\WINDOWS\lsrslt.ini [2010.05.14 11:06:41 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\ciyanya1\.ufrawrc [2010.05.10 10:50:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job [2010.06.09 08:11:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job [2010.06.09 08:11:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job [2010.06.08 13:57:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job [2010.06.08 13:55:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job [2010.06.08 13:55:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job [2010.06.08 13:50:46 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.06.08 13:44:54 | 2038,456,320 | -HS- | C] () -- C:\hiberfil.sys [2010.06.08 12:21:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\DriveInfo.dll [2010.06.08 10:44:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job [2010.06.08 10:44:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job [2010.06.08 10:44:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job [2010.06.08 10:44:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job [2010.06.08 08:14:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job [2010.06.08 08:10:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.06.07 16:22:46 | 000,000,000 | ---- | C] () -- C:\debug [2010.06.07 16:19:00 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8ee1EL6.dat [2010.06.07 16:18:55 | 000,070,148 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5S0bbX21.exe [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job [2010.06.07 16:18:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job [2010.06.07 15:42:22 | 000,038,912 | ---- | C] () -- C:\WINDOWS\Fonts\3wtVk3fb.com [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010.06.07 15:42:22 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010.06.01 14:27:09 | 000,058,156 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.recently-used.xbel [2010.05.25 13:55:05 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.05.20 09:59:52 | 000,002,016 | ---- | C] () -- C:\WINDOWS\lsrslt.ini [2010.05.12 14:53:28 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\ciyanya1\.ufrawrc [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.01.28 11:28:45 | 000,003,429 | ---- | C] () -- C:\WINDOWS\saplogon.ini [2009.01.27 22:22:09 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2009.01.27 22:22:09 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2009.01.27 22:22:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2009.01.27 22:22:09 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2009.01.27 22:22:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2009.01.27 22:22:06 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll [2009.01.27 22:11:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.01.27 21:51:30 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2009.01.27 21:35:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009.01.27 21:35:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009.01.27 21:35:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009.01.27 21:35:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009.01.27 21:35:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009.01.27 19:31:15 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2009.01.27 19:25:00 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.01.27 19:06:03 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009.01.27 19:06:03 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2009.01.27 19:06:03 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2009.01.27 18:46:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll [2008.08.18 19:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll < End of report > |
|
09.06.2010, 08:03
| #6 |
| | Explorer öffnet ständig seiten -> hier HiJack Protokoll Und hier das letzte.. Vielen dank im Voraus... OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2010 08:25:50 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\ciyanya1\Desktop\Documents\03 - Privat
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 18,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227,06 Gb Total Space | 204,22 Gb Free Space | 89,94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LMCR810VYH
Current User Name: ciyanya1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\01 - citrixsaclient.exe" = E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\01 - citrixsaclient.exe:*:Enabled:Citrix Secure Access Agent -- File not found
"E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\02 - win2kvpn.exe" = E:\Lenovo T400\20 - Lodestone Applications\01 - Citrix\02 - win2kvpn.exe:*:Enabled:Citrix Secure Access Client -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- ()
"C:\Program Files\NET6\net6vpn.exe" = C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Client -- (Citrix Systems, Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{065717D4-B980-434B-B778-0F14FBDB4AC3}" = Cisco AnyConnect VPN Client
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1D73A294-D702-47AA-A089-A6E1FC4DED42}" = iPassConnect
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}" = Skype™ 3.8
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi Software
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack
"{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack
"{901E0410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Italian User Interface Pack
"{901E0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Dutch User Interface Pack
"{901E0415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Polish User Interface Pack
"{901E0418-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Romanian User Interface Pack
"{901E0816-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Portuguese (Portugal) User Interface Pack
"{901E0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Spanish User Interface Pack
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services Sign In
"{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B104C813-FB09-4B7B-B675-5EF0C176AF66}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"Chemical Industry Foundations" = Chemical Industry Foundations v1.1
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"ClearProg" = ClearProg 1.5.0 Final
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CutePDF Writer Installation" = CutePDF Writer 2.7
"FLV Player" = FLV Player 2.0 (build 25)
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"ie8" = Windows Internet Explorer 8
"ITPM" = Intel® Trusted Platform Module
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"Net6 Vpn" = Citrix Secure Access Client
"OnScreenDisplay" = On Screen Display
"OUTLOOK" = Microsoft Office Outlook 2007
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel(R) Network Connections Drivers
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"Security Task Manager" = Security Task Manager 1.7h
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"UFRaw_is1" = UFRaw 0.17
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2010 06:30:45 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 08:00:48 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 08:00:49 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
Error - 08.06.2010 08:05:59 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 08:21:24 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
Error - 08.06.2010 11:33:34 | Computer Name = LMCR810VYH | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
[ Application Events ]
Error - 08.06.2010 06:30:45 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 08:00:48 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 08:00:49 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
Error - 08.06.2010 08:05:59 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 08:21:24 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
Error - 08.06.2010 11:33:34 | Computer Name = LMCR810VYH | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
[ Application Events ]
Error - 08.06.2010 06:30:45 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 08:00:48 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 08:00:49 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
Error - 08.06.2010 08:05:59 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 08:21:24 | Computer Name = LMCR810VYH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 10:50:51 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
Error - 08.06.2010 11:33:34 | Computer Name = LMCR810VYH | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: The connection with the server was terminated abnormally
Error - 08.06.2010 12:51:50 | Computer Name = LMCR810VYH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>;
with error: This network connection does not exist.
[ OSession Events ]
Error - 22.05.2010 06:29:03 | Computer Name = LMCR810VYH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72003
seconds with 900 seconds of active time. This session ended with a crash.
Error - 24.05.2010 17:00:59 | Computer Name = LMCR810VYH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 210708
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.06.2010 07:47:22 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
Error - 08.06.2010 07:47:22 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000
Description = The IBM KCU Service service failed to start due to the following error:
%%2
Error - 08.06.2010 07:51:10 | Computer Name = LMCR810VYH | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Themes service to connect.
Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000
Description = The Themes service failed to start due to the following error: %%1053
Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
Error - 08.06.2010 07:51:15 | Computer Name = LMCR810VYH | Source = Service Control Manager | ID = 7000
Description = The IBM KCU Service service failed to start due to the following error:
%%2
Error - 08.06.2010 14:52:20 | Computer Name = LMCR810VYH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
< End of report >
|
|
09.06.2010, 14:53
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Explorer öffnet ständig seiten -> hier HiJack Protokoll Ich wollte einen Vollscan von Malwarebytes sehen...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2010, 17:11
| #8 |
| | Explorer öffnet ständig seiten -> hier HiJack Protokoll Hi Hab jetzt noch ein Vollscan hinterher geschoben.. Gruß ceviz82 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4183 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.06.2010 18:10:56 mbam-log-2010-06-09 (18-10-56).txt Scan type: Full scan (C:\|) Objects scanned: 192186 Time elapsed: 40 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
09.06.2010, 20:08
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Explorer öffnet ständig seiten -> hier HiJack Protokoll Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
C:\WINDOWS\Omagoa.exe
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Explorer öffnet ständig seiten -> hier HiJack Protokoll |
| adobe, bho, bot, browseui preloader, clean, defender, desktop, dll, downloader, explorer, hijack, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, lenovo, malware, messenger, microsoft, plug-in, registry, rundll, seiten, software, system, temp, windows, öffnet |
Linear-Darstellung
