Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Komisches Programm - Hab Verdacht auf einen Keylogger.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.04.2010, 22:17   #1
Prevof
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Hallöchen.
Hab heute ein Programm gedownloadet, es war 10 Sekunden offen und dann kam nichts mehr. Sieht böse aus.
Zudem startet sich, immer wenn ich den PC starte, immer im TaskManager "Dg1.exe" , was sich aber Problemlos raushauen lässt.

Zitat:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3765
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.04.2010 22:06:47
mbam-log-2010-04-10 (22-06-47).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 111069
Laufzeit: 8 minute(s), 53 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Scanbericht. Gleicher "Virus" wie letzes mal (Bei meinem letzen Test)
Ich denke mal, dass es ein "Möchtegern-Keylogger" war,der nicht funktioniert hat.

Ich werde über macht einen vollen Scan mit MBAM drüberlaufen lassen und melde mich morgen.

Geändert von Prevof (10.04.2010 um 22:27 Uhr)

Alt 11.04.2010, 11:11   #2
Prevof
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Zitat:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3765
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.04.2010 04:21:31
mbam-log-2010-04-11 (04-21-31).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 347678
Laufzeit: 4 hour(s), 12 minute(s), 45 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Documents and Settings\Owner\Desktop\Injectoren\PerX.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51EA43D2-5D16-40CE-B671-336E4758F05D}\RP51\A0094366.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Hmm,wurden 4 gefunden. Aber der Keylogger wird nicht angezeigt. Vllt. ein schlecht programmierter...

[Hab grade bemerkt,es gibt eine kleine neuere Version, die macht aber bestimmt nichts aus, oder?]
__________________


Alt 11.04.2010, 11:18   #3
Larusso
/// Selecta Jahrusso
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extra.txt
__________________
__________________

Alt 11.04.2010, 11:52   #4
Prevof
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



OTL.txt

Zitat:
OTL logfile created on: 11.04.2010 11:40:22 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd.MM.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3825 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,49 Gb Total Space | 12,00 Gb Free Space | 33,82% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 8,94 Gb Free Space | 22,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORK-BCF7C2
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.11 11:39:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010.04.02 23:15:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.20 16:46:32 | 000,175,888 | ---- | M] () -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2009.11.19 23:05:09 | 000,051,824 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\ScanFrm.exe
PRC - [2009.11.19 23:03:17 | 000,129,648 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RavTask.exe
PRC - [2009.11.19 23:03:00 | 000,494,192 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\rsnetsvr.exe
PRC - [2009.11.19 23:02:25 | 000,133,744 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RavMonD.exe
PRC - [2009.11.19 21:35:21 | 000,141,936 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RsTray.exe
PRC - [2009.04.20 20:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2002.10.15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010.04.11 11:39:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009.04.20 20:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.10 02:01:00 | 003,589,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010.01.02 09:56:34 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009.11.19 23:05:09 | 000,051,824 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Stopped] -- C:\Program Files\Rising\Rav\ScanFrm.exe -- (RsScanSrv)
SRV - [2009.11.19 23:03:17 | 000,129,648 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\Rav\RavTask.exe -- (RavTask)
SRV - [2009.11.19 23:02:25 | 000,133,744 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Stopped] -- C:\Program Files\Rising\Rav\RavMonD.exe -- (RsRavMon)
SRV - [2009.11.19 21:35:38 | 000,113,264 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Stopped] -- C:\Program Files\Rising\Rav\CCenter.exe -- (RavCCenter)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.05.06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.10.14 02:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 02:51:46 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005.10.14 02:51:14 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 08:37:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 23:15:36 | 000,000,000 | ---D | M]

[2010.04.04 02:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010.04.04 02:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\fwapp@fireworksconstructionset.com
[2010.04.11 11:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions
[2010.02.23 01:47:44 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.02.16 22:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.01.07 22:43:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.04 02:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\staged-xpis
[2010.03.17 22:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\Strata40@SpewBoy(2).au
[2010.03.17 22:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\StrataBuddy@ReduxTeam(2)
[2010.03.28 00:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\toolbar@ask.com
[2010.04.04 02:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\yyginstantplay@yoyogames.com
[2010.03.11 22:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\extensions\Strata40@SpewBoy(2).au\chrome(2)\mozapps(2)\extensions(2)
[2010.01.16 03:27:53 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\searchplugins\google-und-download-suche.xml
[2010.04.09 10:26:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\searchplugins\icqplugin-1.xml
[2010.03.25 18:01:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\searchplugins\icqplugin-2.xml
[2010.04.02 23:15:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\searchplugins\icqplugin-3.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\searchplugins\icqplugin.src
[2010.03.18 17:46:56 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xeg3ohf4.default\searchplugins\icqplugin.xml
[2010.04.10 11:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.09 22:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.21 23:03:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.21 23:03:51 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.21 23:03:51 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.21 23:03:51 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.21 23:03:51 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RavTray] C:\Program Files\Rising\Rav\RsTray.exe (Beijing Rising Information Technology Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\DOCUME~1\Owner\LOCALS~1\Temp\Dg1.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258660808718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.03 01:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 19:24:44 | 000,000,051 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bsmain) - C:\WINDOWS\System32\bsmain.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.11.19 20:58:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 14 Days ==========

[2010.04.11 11:39:27 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010.04.11 04:21:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010.04.10 17:09:42 | 003,589,384 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010.04.10 17:09:25 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2010.04.08 20:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010.04.08 20:00:50 | 000,000,000 | ---D | C] -- C:\67c6ba395d6982998de18e51e09d9734
[2010.04.08 19:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\San Andreas Mod Installer
[2010.04.08 19:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2010.04.07 21:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\³Ø½¼ Ç÷¯±×
[2010.04.05 09:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Meine Seite
[2010.04.05 08:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\phase5
[2010.04.05 08:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PYF
[2010.04.05 02:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\FWsim
[2010.04.05 00:49:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010.04.05 00:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.04.05 00:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010.04.04 17:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Roy's Music
[2010.04.04 02:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FW-Sim
[2010.04.04 02:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FINALE Fireworks
[2010.04.04 02:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fireworksconstructionset.com
[2010.04.04 02:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\fireworksconstructionset.com
[2010.04.04 02:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\FINALE Fireworks
[2010.04.03 16:49:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.04.01 23:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CAE_Report_Generator
[2010.04.01 23:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CAE_Report_Generator
[2010.03.29 06:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010.03.26 13:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.03.25 15:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010.02.27 21:27:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010.02.25 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009.12.10 12:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009.11.19 21:10:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.11.19 21:10:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.04.11 11:39:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010.04.11 11:38:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.11 11:36:41 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B7F3D6F5-A2AE-42D1-A86F-2B6C5984A37B}.job
[2010.04.11 11:35:50 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.11 11:35:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.11 11:35:23 | 1341,710,336 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.11 11:32:22 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010.04.11 11:32:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010.04.10 22:37:07 | 001,409,542 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Untitled.png
[2010.04.10 22:13:27 | 000,039,344 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.04.10 22:09:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.10 22:09:38 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.10 22:07:23 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010.04.10 21:54:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\chrtmp
[2010.04.10 16:59:00 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CABAL Online.lnk
[2010.04.10 15:30:51 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.04.10 13:14:08 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\San Andreas Mod Installer.lnk
[2010.04.08 23:44:04 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.08 22:20:41 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to samp.exe.lnk
[2010.04.08 21:26:03 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2010.04.08 21:22:24 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 23:11:29 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010.04.05 22:58:35 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010.04.05 21:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.04.05 08:46:16 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HTML Editor.lnk
[2010.04.05 08:43:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Index.htm
[2010.04.05 08:39:32 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2010.04.05 02:22:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FWsim.lnk
[2010.04.05 01:36:52 | 000,179,712 | ---- | M] () -- C:\WINDOWS\Dkyxoa.exe
[2010.04.05 00:48:58 | 000,487,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.05 00:48:58 | 000,088,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.05 00:48:57 | 000,522,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.03 16:49:27 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.10 22:37:06 | 001,409,542 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Untitled.png
[2010.04.10 21:54:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\chrtmp
[2010.04.10 17:09:25 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2010.04.10 16:59:00 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CABAL Online.lnk
[2010.04.08 22:20:43 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to samp.exe.lnk
[2010.04.08 21:26:03 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GTA San Andreas.lnk
[2010.04.08 19:17:45 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\San Andreas Mod Installer.lnk
[2010.04.08 18:15:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2010.04.08 18:14:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System\vorbisfile.dll
[2010.04.05 08:46:16 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HTML Editor.lnk
[2010.04.05 08:43:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Index.htm
[2010.04.05 08:39:19 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2010.04.05 02:22:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FWsim.lnk
[2010.04.05 01:36:59 | 000,179,712 | ---- | C] () -- C:\WINDOWS\Dkyxoa.exe
[2010.03.27 13:25:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\jagex__preferences3.dat
[2010.03.26 21:00:50 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.03.24 14:54:51 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010.03.18 01:12:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010.03.18 00:30:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010.03.11 21:00:20 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010.02.27 21:27:44 | 000,203,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.02.18 13:31:12 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010.02.05 21:52:18 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.02.01 09:22:34 | 000,004,083 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010.01.24 03:27:17 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.01.21 22:35:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010.01.21 22:02:57 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Smiley.ico
[2010.01.04 18:09:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009.12.12 01:59:11 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\d1kQbhBU.dll
[2009.12.09 16:57:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.12.02 23:35:29 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\f8KcxTLnwcQ.dll
[2009.12.02 22:11:53 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\gmibWINNXK.dll
[2009.12.02 22:10:03 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\8h76ItWMxDK.dll
[2009.12.02 15:12:57 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\e8Jv41TrhCE.dll
[2009.12.02 15:04:30 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\WgtyNeP.dll
[2009.12.02 15:03:43 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Kcn8xWo.dll
[2009.12.02 15:00:46 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\jpiEp8kkpDA1.dll
[2009.12.02 14:55:38 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\75vTdHOOS.dll
[2009.12.02 14:43:28 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\yNghK1m.dll
[2009.12.02 14:43:06 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\a9m4bwYAJmkXC.dll
[2009.12.02 14:42:55 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\cSraCve4.dll
[2009.12.02 14:42:45 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\xcyaZyXihN2tm.dll
[2009.12.02 14:41:57 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\O9wA4w2ixK.dll
[2009.12.02 14:41:05 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\GZ2HbHC.dll
[2009.12.02 10:19:09 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\q7MlGsrKa1sje.dll
[2009.12.02 09:59:38 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\oENNFEaqt.dll
[2009.12.02 02:55:03 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Nf96BrnucA5S.dll
[2009.12.01 23:33:06 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\ePhUS8UCALK.dll
[2009.12.01 16:00:21 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Pjc8BevUlbhP9.dll
[2009.12.01 02:19:30 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\SZiAJYVgXeC9.dll
[2009.12.01 02:04:56 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\DGh11S9hhGti.dll
[2009.12.01 02:04:14 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\6GGt8Gx.dll
[2009.11.30 09:11:05 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\S7aDi53.dll
[2009.11.30 09:09:36 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\xPfCfTZcn2CRC.dll
[2009.11.30 07:53:58 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\yuES7iv15K4.dll
[2009.11.30 07:52:34 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\btpINhq4Qc.dll
[2009.11.30 06:25:38 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Qf146jH5y.dll
[2009.11.30 02:58:51 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\lHRrSpSbU.dll
[2009.11.30 02:51:06 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\lUGGRrLqWuImu.dll
[2009.11.30 02:41:12 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Wc1UUQrv5A676.dll
[2009.11.29 21:23:22 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\eGBDsHSR4.dll
[2009.11.29 19:17:58 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\1LGm8HSfUe.dll
[2009.11.29 18:21:11 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\cgqBdpF.dll
[2009.11.29 18:20:20 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\BWe6DcPv.dll
[2009.11.29 06:07:17 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\AQEPIQy.dll
[2009.11.29 06:05:37 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\MvVuaUnT6Kii3.dll
[2009.11.29 05:52:53 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\myxQW7tvSHZX8.dll
[2009.11.29 05:47:33 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\AkYyc8V7tSF.dll
[2009.11.29 00:49:11 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\2DQXu1tmqXx.dll
[2009.11.29 00:46:58 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\dMJkh5K6.dll
[2009.11.28 21:28:47 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\jC1kT7N.dll
[2009.11.28 17:47:52 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\NFLMhsv.dll
[2009.11.27 23:37:24 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\4oOij8jP.dll
[2009.11.27 19:14:35 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\rJ4VeJ3puGaU4.dll
[2009.11.27 19:13:52 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\j5gii8D.dll
[2009.11.27 19:13:11 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\ephaa4gY1.dll
[2009.11.27 16:22:05 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\bnZehSePgO7L.dll
[2009.11.27 00:33:25 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\GgIchHn.dll
[2009.11.27 00:29:47 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\CEJr442L.dll
[2009.11.26 20:22:55 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\5GHdZG6.dll
[2009.11.26 20:21:25 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\HclM5sEnW.dll
[2009.11.26 18:54:17 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\lu8aKhtptD4l.dll
[2009.11.26 15:39:11 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\5XEeckEaf1A.dll
[2009.11.26 13:41:30 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\JKbEpcK24UPRv.dll
[2009.11.26 13:39:58 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\iwndH4YDZ.dll
[2009.11.25 22:52:23 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\7wMPQYQImVP.dll
[2009.11.25 17:58:48 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\fCV14qMQAlnT.dll
[2009.11.25 14:34:32 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\TFCFEKo37okX.dll
[2009.11.25 13:55:21 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\K5e24KsF.dll
[2009.11.25 00:07:47 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\VqU4mLL.dll
[2009.11.24 21:45:33 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009.11.24 14:46:44 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\9EbROcDPW.dll
[2009.11.24 14:46:08 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\8pLaBASUyep.dll
[2009.11.23 21:21:49 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\QecjS5xpRdf.dll
[2009.11.23 14:08:01 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\mS5dXvRTwFhY.dll
[2009.11.23 14:01:51 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\5vVsLjAO.dll
[2009.11.23 14:00:02 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\cRyvanTYFR44O.dll
[2009.11.23 13:57:36 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\wYesjtXs.dll
[2009.11.23 13:41:48 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009.11.23 13:26:17 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\B9QwMCM5Y.dll
[2009.11.23 13:07:14 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\btia8s4q3Y.dll
[2009.11.23 13:05:42 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\HlA2BQwTRXFOM.dll
[2009.11.23 13:01:16 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\3xmZ69ZN.dll
[2009.11.23 06:00:37 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\aBhuyryp36.dll
[2009.11.23 03:13:45 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\LSlFalbdVZ.dll
[2009.11.23 00:00:42 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\OHuulY2H.dll
[2009.11.22 19:51:54 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\ZK2o8IXTLaTE.dll
[2009.11.22 19:48:50 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\mukYly9ha.dll
[2009.11.22 19:46:15 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Y1iu1qMw2F.dll
[2009.11.22 08:36:52 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\NdsK9SPHN.dll
[2009.11.22 08:28:18 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\fQIBVZ6VOBEk.dll
[2009.11.22 08:24:58 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\9CSYs3D2cNmQq.dll
[2009.11.21 18:04:38 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\LWabLT3h.dll
[2009.11.21 14:33:21 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\ysO89xN.dll
[2009.11.21 14:32:12 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\B115dAlf5.dll
[2009.11.21 14:02:53 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Ii4pkhHGOK.dll
[2009.11.21 13:54:59 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\gDLZp5PseBM.dll
[2009.11.21 09:11:39 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2009.11.21 09:10:46 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2009.11.21 02:13:21 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\LwPoHxLE3.dll
[2009.11.20 23:05:14 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\CoYRwcNJ3D.dll
[2009.11.20 23:01:35 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Yt4MArhL2Xd4.dll
[2009.11.20 08:56:47 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Xtv6AS3s.dll
[2009.11.20 08:18:40 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\KUrG68JeP2Ibp.dll
[2009.11.20 08:04:53 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\uV12aEJM.dll
[2009.11.20 08:02:29 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\ZdJq86LXe.dll
[2009.11.20 07:58:08 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\rBMWOr6dynX.dll
[2009.11.20 07:56:26 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\4A6A5vk7uAav.dll
[2009.11.20 07:53:57 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Im3Tijf1l.dll
[2009.11.20 01:20:52 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.19 21:45:13 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.11.19 21:45:05 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.11.19 21:45:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.11.19 21:45:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.11.19 21:41:18 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\BsMain.ini
[2009.11.19 21:38:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Rav.ini
[2009.11.19 21:34:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.11.19 21:12:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009.11.19 21:10:42 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009.11.19 21:10:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2009.07.29 08:35:54 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.04.20 20:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

========== LOP Check ==========

[2010.01.21 22:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1038A
[2010.01.02 09:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010.01.03 22:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010.02.09 22:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010.04.05 00:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010.01.24 03:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009.11.20 07:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010.01.21 22:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009.11.19 21:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010.02.09 02:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010.02.22 13:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2009.12.09 17:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009.12.09 23:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2010.04.01 23:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CAE_Report_Generator
[2010.01.04 12:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2010.04.04 02:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fireworksconstructionset.com
[2010.02.16 06:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FOG Downloader
[2009.11.19 21:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010.02.01 09:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010.03.02 22:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2010.02.18 00:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010.01.24 03:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAGIX
[2010.03.28 00:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ManyCam
[2010.03.17 22:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nettalk
[2010.01.21 12:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009.12.18 19:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010.03.21 00:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010.02.13 16:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teeworlds
[2010.02.18 00:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VSO
[2010.01.03 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinFAQ
[2010.02.16 22:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X-Chat 2
[2010.04.05 21:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010.04.11 11:36:41 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7F3D6F5-A2AE-42D1-A86F-2B6C5984A37B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009.04.20 20:29:38 | 009,141,880 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2009.04.20 20:29:38 | 009,141,880 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009.04.20 20:18:21 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.11.19 21:33:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.11.19 21:33:14 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.11.19 21:33:14 | 000,847,872 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2009.11.04 05:10:55 | 000,000,000 | ---D | M](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2008.10.27 13:22:20 | 000,000,000 | ---D | C](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
< End of report >
Extras.txt

Zitat:
OTL Extras logfile created on: 11.04.2010 11:40:22 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd.MM.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3825 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,49 Gb Total Space | 12,00 Gb Free Space | 33,82% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 8,94 Gb Free Space | 22,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORK-BCF7C2
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"D:\Games\Nexon\Combat Arms EU\CombatArms.exe" = D:\Games\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"D:\Games\Nexon\Combat Arms EU\Engine.exe" = D:\Games\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exets and Settings\All Users\Application Data\IsolatedStorage -- (Nexon)
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, Inc.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"D:\Games\Nexon\Combat Arms EU\CombatArms.exe" = D:\Games\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"D:\Games\Nexon\Combat Arms EU\Engine.exe" = D:\Games\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exeloader -- (Nexon)
"D:\Games\Nexon\Combat Arms EU\NMService.exe" = D:\Games\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, Inc.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Wings of the Goddess
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99925A23-ACED-498A-86DA-EE2DCABA70F1}" = PC SpeedScan Pro
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A887F3-0A50-455C-9292-1988E1A209C1}" = Microsoft SQL Server VSS Writer
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F7849D41-0A46-457D-827D-00FF47AF2D85}_is1" = CAE Report Generator v1.05
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CABAL Online_is1" = CABAL Online
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"Combat Arms EU" = Combat Arms EU
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch
"EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FINALE_Fireworks" = FINALE Fireworks
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Game Booster_is1" = Game Booster
"InstallShield_{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Die Flügel der Göttin
"InstallShield_{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"InstallShield_{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTA: Race for San Andreas" = MTA: Race for San Andreas 1.1.1
"MTA:SA Race" = MTA:SA Race 1.1.2
"Nettalk_is1" = Nettalk 6.6
"PCI Audio Driver" = PCI Audio Driver
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Rav" = Rising Antivirus
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.02.2010 07:31:30 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 1013
Description = Produkt: PlayOnline Viewer & Tetra Master -- Diese Installation kann
nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe
ausführen.

Error - 23.02.2010 19:15:15 | Computer Name = HOMEWORK-BCF7C2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3685, faulting module
xul.dll, version 1.9.1.3685, fault address 0x0007d2db.

Error - 27.02.2010 15:25:17 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1706.An
installation package for the product Microsoft .NET Framework 2.0 Service Pack
2 cannot be found. Try the installation again using a valid copy of the installation
package 'Netfx20a_x86.msi'.

Error - 27.02.2010 15:27:39 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 2004.
Method SHGetFolderPath failed. HRESULT: 0x80004005.

Error - 27.02.2010 15:27:39 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 2004.
Method GetFontCacheDataFolder failed. HRESULT: 0x80004005.

Error - 27.02.2010 15:37:07 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1706.An
installation package for the product Microsoft .NET Framework 2.0 Service Pack
2 cannot be found. Try the installation again using a valid copy of the installation
package 'Netfx20a_x86.msi'.

Error - 27.02.2010 15:38:48 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 2004.
Method SHGetFolderPath failed. HRESULT: 0x80004005.

Error - 27.02.2010 15:38:48 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 2004.
Method GetFontCacheDataFolder failed. HRESULT: 0x80004005.

Error - 02.03.2010 15:58:58 | Computer Name = HOMEWORK-BCF7C2 | Source = MsiInstaller | ID = 1013
Description = Produkt: FINAL FANTASY XI: Chains of Promathia -- Diese Installation
kann nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe
ausführen.

Error - 04.03.2010 11:14:48 | Computer Name = HOMEWORK-BCF7C2 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 11.04.2010 05:31:28 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 11.04.2010 05:31:28 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The Rising RavTask Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 11.04.2010 05:31:29 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 11.04.2010 05:31:30 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The User Profile Hive Cleanup service terminated unexpectedly. It
has done this 1 time(s).

Error - 11.04.2010 05:37:56 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 11.04.2010 05:37:56 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The TeamViewer 5 service terminated unexpectedly. It has done this
1 time(s).

Error - 11.04.2010 05:37:56 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The FABS - Helping agent for MAGIX media database service terminated
unexpectedly. It has done this 1 time(s).

Error - 11.04.2010 05:37:56 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has
done this 1 time(s).

Error - 11.04.2010 05:37:56 | Computer Name = HOMEWORK-BCF7C2 | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 11.04.2010 05:37:58 | Computer Name = HOMEWORK-BCF7C2 | Source = DCOM | ID = 10010
Description = The server {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} did not register
with DCOM within the required timeout.


< End of report >

Alt 11.04.2010, 12:00   #5
Larusso
/// Selecta Jahrusso
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
  • Füge das Log aus der Zwischenablage in Deine Antwort hier ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 11.04.2010, 12:03   #6
Prevof
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Zitat:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-11 12:54:11
Windows 5.1.2600 Service Pack 3
Running: tizvfvhb.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgedypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwAssignProcessToJobObject [0xF77DB073]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateKey [0xF77DB15A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateMutant [0xF77DB0F7]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcess [0xF77DAE00]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcessEx [0xF77DAE21]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateThread [0xF77DAEA5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDebugActiveProcess [0xF77DAFEF]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteKey [0xF77DB1BD]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteValueKey [0xF77DB19C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeviceIoControlFile [0xF77DB094]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLoadDriver [0xF77DAE63]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLockVirtualMemory [0xF77DAFAD]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenKey [0xF77DB241]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenProcess [0xF77DB139]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenSection [0xF77DAEC6]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwProtectVirtualMemory [0xF77DAF8C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryDirectoryFile [0xF77DB0D6]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryValueKey [0xF77DB052]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueueApcThread [0xF77DAF6B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRenameKey [0xF77DB1DE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRequestWaitReplyPort [0xF77DB031]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRestoreKey [0xF77DB220]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetContextThread [0xF77DAF29]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSecurityObject [0xF77DB1FF]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemInformation [0xF77DAFCE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemTime [0xF77DB0B5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetValueKey [0xF77DB17B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendProcess [0xF77DAF4A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendThread [0xF77DAF08]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSystemDebugControl [0xF77DB010]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateProcess [0xF77DAE42]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateThread [0xF77DAEE7]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xADF0A6D0]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwUnmapViewOfSection [0xF77DB118]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwWriteVirtualMemory [0xF77DAE84]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 400 804E2A6C 1 Byte [FF]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [4A, AF, 7D, F7, 08, AF, 7D, ...] {DEC EDX; SCASD ; JGE 0xfffffffffffffffb; OR [EDI-0x4fef0883], CH; JGE 0x3}
? pete.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9B84000, 0x1C5D38, 0xE8000020]
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xBA710280, 0x7B1C, 0xE8000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT Ntfs.sys[ntoskrnl.exe!MmFlushImageSection] [B124F20E] \SystemRoot\system32\drivers\HookSys.sys (Hooksys.sys/Beijing Rising Information Technology Co., Ltd.)
IAT Ntfs.sys[ntoskrnl.exe!IoCheckShareAccess] [B124F188] \SystemRoot\system32\drivers\HookSys.sys (Hooksys.sys/Beijing Rising Information Technology Co., Ltd.)
IAT Ntfs.sys[ntoskrnl.exe!SeAccessCheck] [B124F288] \SystemRoot\system32\drivers\HookSys.sys (Hooksys.sys/Beijing Rising Information Technology Co., Ltd.)
IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!KeAddSystemServiceTable] [F77DB59B] \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
IAT \SystemRoot\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [F77DBDA0] \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Tcpip \Device\Ip HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\RAW \Device\RawTape HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Tcpip \Device\Tcp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Rdbss \Device\FsWrap HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Tcpip \Device\Udp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Tcpip \Device\RawIp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\RAW \Device\RawDisk HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\RAW \Device\RawCdRom HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Cdfs \Cdfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

---- EOF - GMER 1.0.15 ----
Hab das jetzt mal gestoppt,ist doch nicht normal, dass er seit 30 Minuten das Spiel "RailSimulator" durchsucht, obwohl ich es legal gekauft habe und überhaupt keine Viren draufsein können.

Naja, ist schon irgendwas in den anderen Logs aufgefallen?
Da ich eigt. nichts bemerke ... Keine Verlangsamung des PC's, keine PopUps... Nur beim Start des PC's "Dg1.exe" , was aber jetzt nicht mehr kommt.

Geändert von Prevof (11.04.2010 um 12:59 Uhr)

Alt 11.04.2010, 21:42   #7
Larusso
/// Selecta Jahrusso
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Was hast Du gestoppt ?
Wenn Du GMER gestoppt hast, darfst du es erneut laufen lassen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 12.04.2010, 00:07   #8
Prevof
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Hab auf den GMER echt keine Lust, der braucht bestimmt 2 Stunden für ein Spiel! Das kanns nicht sein. Da leb ich lieber mit dem Risiko einen Keylogger zu haben ...

War anscheinend fast am Ende - den Log hab ich ja gepostet.

Können wir weitermachen und diesen Schritt überspringen >.>?

Alt 12.04.2010, 14:55   #9
Larusso
/// Selecta Jahrusso
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Dann habe ich einfach mal keine Lust Dir weiterhin zu helfen.

NUBs
Zitat:
Lies die Hinweise der Helfer sorgfältig und befolge sie. Verstehst Du etwas nicht, frage höflich nach. Hast Du Dein Problem erfolgreich gelöst, melde Dich. Vergiß nicht, Dich zu bedanken. Deine Helfer werden es nicht vergessen.
Anleitung zum Neu aufsetzten

Ich bin raus
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 12.04.2010, 15:04   #10
Prevof
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Dann bedanke ich mich trotzdem bei dir, da du durch deine Methode komischerweiße die "DG1.exe" gelöst hast :P

Auch wenn das jetzt so endet :P
Ich denke, dass es ein "verfehlter" Keylogger war (Typisch Virenkiddies).
Ich weiß auch, wie man den PC neuaufsetzt, so neu bin ich auch noch nicht :P

Aber trotzdem, Danke für deine Hilfe.

Kann geschlossen werden, außer jemand hat noch etwas entdeckt :P

Alt 12.04.2010, 15:23   #11
Larusso
/// Selecta Jahrusso
 
Komisches Programm - Hab Verdacht auf einen Keylogger. - Standard

Komisches Programm - Hab Verdacht auf einen Keylogger.



Wenn du mir das erklären kannst ^^
Ich würd formatieren

Code:
ATTFilter
[2009.12.02 23:35:29 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\f8KcxTLnwcQ.dll
[2009.12.02 22:11:53 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\gmibWINNXK.dll
[2009.12.02 22:10:03 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\8h76ItWMxDK.dll
[2009.12.02 15:12:57 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\e8Jv41TrhCE.dll
[2009.12.02 15:04:30 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\WgtyNeP.dll
[2009.12.02 15:03:43 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\Kcn8xWo.dll
[2009.12.02 15:00:46 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\jpiEp8kkpDA1.dll
[2009.12.02 14:55:38 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\75vTdHOOS.dll
[2009.12.02 14:43:28 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\yNghK1m.dll
[2009.12.02 14:43:06 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\a9m4bwYAJmkXC.dll
[2009.12.02 14:42:55 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\cSraCve4.dll
[2009.12.02 14:42:45 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\xcyaZyXihN2tm.dll
[2009.12.02 14:41:57 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\O9wA4w2ixK.dll
[2009.12.02 14:41:05 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\GZ2HbHC.dll
         
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Komisches Programm - Hab Verdacht auf einen Keylogger.
anti-malware, bösartige, dateien, explorer, funktioniert, heute, keylogger, komisches, loader, malwarebytes, malwarebytes' anti-malware, minute, nichts, offen, programm, sekunden, service, software, tasks, test, troja, trojan.downloader, trojan.fakealert, verdacht, version, verzeichnisse, virus



Ähnliche Themen: Komisches Programm - Hab Verdacht auf einen Keylogger.


  1. Verdacht auf KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (14)
  2. Komisches Verhalten bei Programstart + IExplorer und Mozilla springen auf nicht gewählte Seiten + Meldung "Diese Programm wurde durch ein Gr
    Log-Analyse und Auswertung - 24.12.2014 (9)
  3. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 28.05.2014 (5)
  4. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 03.03.2014 (9)
  5. Verdacht auf keylogger
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (17)
  6. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 19.09.2011 (1)
  7. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 07.05.2011 (16)
  8. Verdacht auf KeyLogger
    Log-Analyse und Auswertung - 21.02.2010 (2)
  9. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 02.01.2010 (4)
  10. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 11.12.2009 (1)
  11. Keylogger Verdacht!
    Plagegeister aller Art und deren Bekämpfung - 15.09.2009 (6)
  12. Verdacht auf einen Keylogger
    Log-Analyse und Auswertung - 05.09.2008 (1)
  13. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 10.08.2008 (1)
  14. Verdacht auf keylogger!
    Log-Analyse und Auswertung - 01.11.2007 (11)
  15. verdacht auf keylogger!
    Log-Analyse und Auswertung - 23.10.2007 (7)
  16. Hey leute ich habe den verdacht einen keylogger auf meinen rechner zu haben
    Log-Analyse und Auswertung - 12.07.2007 (8)
  17. Komisches Programm in systemsteuerung
    Überwachung, Datenschutz und Spam - 27.07.2006 (1)

Zum Thema Komisches Programm - Hab Verdacht auf einen Keylogger. - Hallöchen. Hab heute ein Programm gedownloadet, es war 10 Sekunden offen und dann kam nichts mehr. Sieht böse aus. Zudem startet sich, immer wenn ich den PC starte, immer im - Komisches Programm - Hab Verdacht auf einen Keylogger....
Archiv
Du betrachtest: Komisches Programm - Hab Verdacht auf einen Keylogger. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.