Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe


Plagegeister aller Art und deren Bekämpfung: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.08.2011, 08:01   #1
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe


Teil 2 (OTL.Txt):
Code:
ATTFilter
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA

< End of report >
und dann noch Extras.Txt:

Code:
ATTFilter
OTL Extras logfile created on: 17.08.2011 08:27:50 - Run 1
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\Familie Pichler\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,18% Memory free
6,00 Gb Paging File | 4,57 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 520,59 Gb Free Space | 87,34% Space Free | Partition Type: NTFS
 
Computer Name: PICHLER | User Name: Familie Pichler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [explore] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.7
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7D38898-283C-4720-BF42-4ABC90375904}" = System Requirements Lab CYRI
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}" = BitDefender Free Edition v10
"{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6E0EB79-CB6B-4540-9FC1-3D215CE25AD4}" = Nokia Ovi Suite
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"1489-3350-5074-6281" = JDownloader 0.9
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.5.0" = AGEIA PhysX v2.5.0
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"Desperados - Ein Wild West Abenteuer 1.01" = Desperados - Ein Wild West Abenteuer 1.01
"Free Audio Dub_is1" = Free Audio Dub version 1.7.8.426
"GimpLqRPlugIn" = GIMP LqR Plug-In
"GML Matting_is1" = GML Matting 0.3
"GrowCut3_is1" = GrowCut 3.0.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MapUtility" = Canon Utilities Map Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.48
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag 2_is1" = Smart Defrag 2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinSysClean X" = WinSysClean X
"XMedia Recode" = XMedia Recode 2.3.1.3
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GeoGebra WebStart" = GeoGebra WebStart
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2011 05:58:18 | Computer Name = Pichler | Source = Windows Backup | ID = 4103
Description = 
 
Error - 13.04.2011 13:38:14 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0xaf4  Startzeit der fehlerhaften Anwendung: 0x01cbfa0188492f40  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 ced64790-65f4-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:39:07 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0x1070  Startzeit der fehlerhaften Anwendung: 0x01cbfa01a2fef400  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 edfe3380-65f4-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:41:00 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0x924  Startzeit der fehlerhaften Anwendung: 0x01cbfa01e9db5580  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 315e9570-65f5-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:51:28 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: qagamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd036b1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fa29  ID des fehlerhaften Prozesses:
 0xbc0  Startzeit der fehlerhaften Anwendung: 0x01cbfa021d4b3610  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\qagamex86.dll  Berichtskennung:
 a82b67e0-65f6-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:53:51 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0xbe4  Startzeit der fehlerhaften Anwendung: 0x01cbfa03b2ffce90  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 fcfd45e0-65f6-11e0-ae20-40618601b217
 
Error - 14.04.2011 15:28:09 | Computer Name = Pichler | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 15.04.2011 09:12:36 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TFService.exe, Version: 4.10.1.14,
 Zeitstempel: 0x4b4fa1c8  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4927,
 Zeitstempel: 0x4a2752ff  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00014ba1  ID des fehlerhaften
 Prozesses: 0x184  Startzeit der fehlerhaften Anwendung: 0x01cbfb6e8192a1e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\ThreatFire\TFService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Berichtskennung:
 078d3ee0-6762-11e0-bdee-40618601b217
 
Error - 15.04.2011 09:13:24 | Computer Name = Pichler | Source = VSS | ID = 8194
Description = 
 
Error - 19.04.2011 07:23:07 | Computer Name = Pichler | Source = McLogEvent | ID = 259
Description = Der Scan hat Entdeckungen gefunden. Scan-Modul der Version 5400.1158
 DAT-Version 6320.
 
[ System Events ]
Error - 16.08.2011 14:49:01 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 16.08.2011 14:49:18 | Computer Name = Pichler | Source = ipnathlp | ID = 34001
Description = 
 
Error - 17.08.2011 02:05:13 | Computer Name = Pichler | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01
 
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Application Popup | ID = 875
Description = Treiber bdfdll.sys konnte nicht geladen werden.
 
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfdll" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 17.08.2011 02:06:09 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 17.08.2011 02:06:09 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 17.08.2011 02:32:44 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.08.2011 02:32:49 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >

Antwort

Themen zu FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
boot, c:\windows, clean, code, data, defender, edition, ergebnis, fakealert, file, files, free, g-data, hochfahren, infected, mcafee, nicht mehr, nichts, rootkit, scan, starten, stinger, test, trojaner-board, version, windows


« Facebookvirus | Malware? Und evt. andere Sachen? »


Ähnliche Themen: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe


  1. Trojan.FakeAlert in C:\Program Files (x86)\OpenOffice 4 \program\calc.dll
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  2. Windows 8: RunDLL - Problem beim Starten von C:\Program Files (86x)\Home Tab\TBUpdater.dll
    Log-Analyse und Auswertung - 27.10.2013 (5)
  3. Windows 7 C:\Program Files(x86)\HomeTab\TBUpdater.dll bekomme ständig diese meldung.
    Log-Analyse und Auswertung - 20.09.2013 (20)
  4. Problem beim Windows 7 Start program files\hometab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (13)
  5. O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSetting
    Mülltonne - 02.07.2012 (0)
  6. tr/fakealert.grb.440
    Log-Analyse und Auswertung - 19.02.2012 (2)
  7. FakeAlert gbR und SystemCheck auf Windows Vista
    Log-Analyse und Auswertung - 16.02.2012 (40)
  8. FakeAlert!grb
    Log-Analyse und Auswertung - 29.10.2011 (8)
  9. rootkit Trojaner FakeAlert!grb auf Windows XP Notebook
    Log-Analyse und Auswertung - 18.07.2011 (24)
  10. FakeAlert!fakealert-REP virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (22)
  11. Windows recovery, FakeALert!gbr- kein Zugriff mehr auf Dateien, teilweise Desktop verschwunden
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (31)
  12. Festplatte Cluster beschädigt/Windows Xp Recovery/FakeAlert vermutlich TR/Kazy.mekml1
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  13. Windows Sicherheitscenter und Defender nicht mehr aktivierbar. FakeAlert?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2011 (22)
  14. C:\Program Files\Windows Install\csrss.exe
    Log-Analyse und Auswertung - 17.03.2010 (4)
  15. TR/Fakealert.QF, TR/FakeAV.bak.2
    Log-Analyse und Auswertung - 28.10.2008 (5)
  16. TR/Fakealert.QE und XP Antispy
    Plagegeister aller Art und deren Bekämpfung - 20.10.2008 (4)
  17. TR/Fakealert.AAF
    Mülltonne - 22.09.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Teil 2 (OTL.Txt): Code: Alles auswählen Aufklappen ATTFilter < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 - FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe...
Archiv
Du betrachtest: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131