| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2011, 15:49
| #1 |
 |  FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Hallo liebes Trojaner-Board Team! Ich habe heute einen Scan Mit McAfee Stinger gemacht mit fogendem Ergebnis: Code:
ATTFilter McAfee(r) Labs Stinger(tm) Version 10.2.0.115 built on Jun 16 2011
Copyright (c) 2011 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Jun 16 2011.
Ready to scan for 2487 viruses, trojans and variants.
Scan initiated on Sun Aug 14 13:31:46 2011
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Found the FakeAlert!fakealert-REP trojan !!!
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe is infected with the FakeAlert!fakealert-REP virus !!!
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe has been deleted.
Number of clean files: 421386
Number of infected files: 1
Number of files cleaned: 1
Nun zu meinen Schutzprogrammen: -McAfee Virus Scan Enterprise 8.7i (hab ich von einem Freund, der eine IT-Firma besitzt) -Threat Fire -Spybot Search&Destroy(Lässt sich nicht mehr im Administratormodus starten) -Bit Defender Free Edition v10 (zum Wöchentlichen Test) McAfee, Spybot und Bit Defender finden nichts, Threat Fire habe ich noch nicht probiert. Ich wollte jetzt mal die G-Data Boot CD probieren, aber ich dachte ich melde mich vorher noch bei euch. Bitte sagt mir wenn ihr noch Logs von Malwarebytes usw. braucht... Mit freundlichen Grüßen Pich103  Geändert von Pich103 (14.08.2011 um 16:19 Uhr) |
|
16.08.2011, 11:55
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
16.08.2011, 19:42
| #3 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Hallo!
__________________Sorry für die späte Antwort, war heute bei Bekannten. Malwarebytes findet nichts, hier der Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7480
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
16.08.2011 20:20:31
mbam-log-2011-08-16 (20-20-31).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 289200
Laufzeit: 1 Stunde(n), 5 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Es könnte auch sein, dass mein System schon sauber ist, aber ich will am Besten auf Nummer sicher gehen.  Bis dann, Pich 103 |
|
17.08.2011, 07:59
| #4 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Guten Morgen! Konnte gestern den Scan nicht mehr machen, mein Bruder musste noch Kinokarten ausdrucken. Hier die Logs, ich hoffe du kannst damit was anfangen: OTL.Txt: Code:
ATTFilter OTL logfile created on: 17.08.2011 08:27:50 - Run 1 OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Familie Pichler\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,18% Memory free 6,00 Gb Paging File | 4,57 Gb Available in Paging File | 76,18% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 596,07 Gb Total Space | 520,59 Gb Free Space | 87,34% Space Free | Partition Type: NTFS Computer Name: PICHLER | User Name: Familie Pichler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.16 19:10:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Familie Pichler\Desktop\OTL.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.07.14 19:28:02 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Common Files\Softwin\BitDefender Update Service\livesrv.exe PRC - [2011.07.14 19:27:57 | 000,466,944 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender10\vsserv.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.01.14 17:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFTray.exe PRC - [2010.01.14 17:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe PRC - [2009.10.26 10:20:02 | 001,499,136 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009.10.21 10:24:00 | 000,272,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe PRC - [2009.09.17 10:33:26 | 000,651,776 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2009.09.17 10:31:18 | 000,132,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2009.09.17 10:31:06 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.09.29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2008.09.29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2008.09.29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2008.09.29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2008.09.29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2008.09.29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2006.12.20 17:33:08 | 000,081,920 | ---- | M] () -- C:\Programme\Common Files\Softwin\BitDefender Scan Server\bdss.exe PRC - [2006.11.09 13:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Programme\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe ========== Modules (No Company Name) ========== MOD - [2011.03.15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.10.21 10:24:00 | 000,272,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe MOD - [2009.08.31 11:33:34 | 000,016,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\qtsecurestorage.dll MOD - [2009.08.31 11:33:32 | 000,014,336 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\cryptodll.dll MOD - [2009.08.31 11:33:32 | 000,013,824 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\qtsecurestorageserver.dll MOD - [2009.08.31 11:11:16 | 000,025,088 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\wrtserviceipcserver.dll MOD - [2009.08.24 11:29:52 | 002,013,184 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtCore4.dll MOD - [2009.06.20 11:21:30 | 007,464,448 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtGui4.dll MOD - [2009.06.20 11:10:32 | 000,875,520 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtNetwork4.dll MOD - [2009.06.20 11:09:26 | 000,337,408 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtXml4.dll MOD - [2006.05.15 18:02:16 | 000,058,368 | ---- | M] () -- C:\Programme\Softwin\BitDefender10\bdshelxt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.14 19:28:02 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2011.07.14 19:27:57 | 000,466,944 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.07.31 20:30:56 | 000,057,008 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2010.06.26 12:08:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.01.14 17:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2009.09.17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.09.29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2008.09.29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2008.09.29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2008.09.29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2006.12.20 17:33:08 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -- (bdss) SRV - [2006.11.09 13:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.02.23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010.11.19 11:23:10 | 000,914,816 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.01.14 17:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - [2010.01.14 17:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2010.01.14 17:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.09.29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2008.09.29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2008.09.29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2008.09.29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2008.09.29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2008.09.29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.02.08 15:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog) DRV - [2006.12.04 16:51:44 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Softwin\BitDefender10\bdfdll.sys -- (bdfdll) DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FE 6D 94 8D 14 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.12.18 11:23:47 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Familie Pichler\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Familie Pichler\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2010.07.31 20:31:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.26 18:55:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.10 17:24:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 11:59:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.26 18:55:40 | 000,000,000 | ---D | M] [2010.09.13 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Extensions [2010.07.17 13:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.05.21 12:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions [2011.05.11 14:22:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.12.07 19:45:03 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.20 15:01:04 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.05.11 14:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\USERS\FAMILIE PICHLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VK3ESTUD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\FAMILIE PICHLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VK3ESTUD.DEFAULT\EXTENSIONS\CLICKCLEAN@HOTCLEANER.COM.XPI [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.09.29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.13 19:41:35 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.19 14:39:27 | 000,000,735 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Familie Pichler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Users^Familie Pichler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: BDAgent - hkey= - key= - C:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.) MsConfig - StartUpReg: BDMCon - hkey= - key= - C:\Program Files\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.) MsConfig - StartUpReg: dvd43 - hkey= - key= - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: PrintDisp - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: McAfeeEngineService - C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.16 19:12:32 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Roaming\Malwarebytes [2011.08.16 19:12:20 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.16 19:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.16 19:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.16 19:12:07 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.16 19:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.16 19:10:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Familie Pichler\Desktop\OTL.exe [2011.08.14 13:29:14 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\Pavark [2011.08.14 12:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011.08.14 12:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011.08.14 11:56:36 | 000,000,000 | ---D | C] -- C:\Windows\MiniDump [2011.08.13 15:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.08.13 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2011.08.12 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Local\SKIDROW [2011.08.10 17:24:26 | 000,340,592 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2011.08.10 17:24:26 | 000,090,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2011.08.10 17:24:26 | 000,074,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys [2011.08.10 17:24:26 | 000,067,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2011.08.10 17:24:26 | 000,064,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2011.08.10 17:24:26 | 000,062,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys [2011.08.10 17:24:26 | 000,042,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2011.08.10 17:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011.08.10 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2011.07.31 11:24:40 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\Mali Losinj 2.0 [2011.07.20 13:33:57 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.17 08:31:05 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin [2011.08.17 08:13:09 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 08:13:09 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 08:06:01 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000UA.job [2011.08.17 08:05:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.17 08:05:19 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2011.08.16 19:10:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Familie Pichler\Desktop\OTL.exe [2011.08.15 14:52:13 | 000,726,476 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.15 14:52:13 | 000,676,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.15 14:52:13 | 000,155,048 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.15 14:52:13 | 000,126,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.13 19:49:31 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk [2011.08.12 13:42:59 | 000,001,223 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\LIMBO.lnk [2011.08.10 17:06:58 | 000,002,450 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Google Chrome.lnk [2011.08.08 11:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000Core.job [2011.07.31 12:16:07 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.31 11:59:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.07.22 10:42:58 | 007,964,786 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Alexandra Stan - Mr Saxobeat.mp3 [2011.07.22 10:41:26 | 007,371,527 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Cascada - San Francisco.mp3 [2011.07.22 10:40:26 | 008,032,161 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\David Guetta - Little Bad Girl (Feat. Taio Cruz & Ludacris).mp3 [2011.07.22 10:39:10 | 007,372,119 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Inna - Sun is Up.mp3 [2011.07.22 10:38:26 | 007,984,375 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\DJ Antoine vs. Timati feat. Kalenna - Welcome To St. Tropez.mp3 [2011.07.22 10:25:28 | 007,332,383 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Jedward - Bad Behaviour.mp3 [2011.07.20 13:57:58 | 000,003,117 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Microsoft ICE.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.15 14:50:32 | 011,750,500 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\The Black Eyed Peas - Don't Stop the Party (Yanis.S Remix).mp3 [2011.08.13 19:49:32 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011.08.13 19:49:31 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011.08.12 13:42:59 | 000,001,223 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\LIMBO.lnk [2011.07.22 15:05:44 | 007,371,527 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Cascada - San Francisco.mp3 [2011.07.22 15:05:43 | 007,964,786 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Alexandra Stan - Mr Saxobeat.mp3 [2011.07.22 15:05:43 | 007,332,383 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Jedward - Bad Behaviour.mp3 [2011.07.22 15:05:42 | 007,372,119 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Inna - Sun is Up.mp3 [2011.07.22 15:05:41 | 008,032,161 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\David Guetta - Little Bad Girl (Feat. Taio Cruz & Ludacris).mp3 [2011.07.22 15:05:41 | 007,984,375 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\DJ Antoine vs. Timati feat. Kalenna - Welcome To St. Tropez.mp3 [2011.07.20 13:57:58 | 000,003,117 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Microsoft ICE.lnk [2011.05.31 18:53:39 | 000,000,620 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.21 12:21:58 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin [2011.05.20 14:52:54 | 000,000,036 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\housecall.guid.cache [2011.04.15 15:18:19 | 000,022,328 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Roaming\PnkBstrK.sys [2011.04.15 15:18:04 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.04.15 15:17:56 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.04.12 16:53:36 | 000,000,810 | ---- | C] () -- C:\Windows\Rtcw.INI [2011.03.26 21:07:11 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2011.03.20 14:47:15 | 000,000,173 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\msmathematics.qat.Familie Pichler [2011.01.22 21:02:48 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2011.01.22 20:48:30 | 000,226,480 | ---- | C] () -- C:\Windows\hpoins18.dat [2011.01.22 20:48:30 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2010.11.02 12:25:31 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe [2010.11.02 12:25:30 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe [2010.10.02 15:50:41 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.10.02 13:05:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.10 16:19:13 | 000,000,600 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\PUTTY.RND [2010.09.10 15:27:21 | 000,007,606 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\Resmon.ResmonCfg [2010.09.10 09:38:44 | 000,000,600 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Roaming\winscp.rnd [2010.08.03 14:31:43 | 000,000,911 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Roaming\burnaware.ini [2010.08.02 13:29:42 | 000,000,008 | -HS- | C] () -- C:\Users\Familie Pichler\AppData\Local\systemCurUses [2010.08.02 13:29:41 | 000,000,006 | -HS- | C] () -- C:\Users\Familie Pichler\AppData\Local\systemHdID [2010.07.21 19:05:18 | 000,005,120 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.16 18:51:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 10:47:43 | 000,726,476 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,155,048 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,407,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,676,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,126,636 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll [2006.07.20 22:07:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.12.30 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\aicon [2011.01.29 13:55:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\AntiBrowserSpy 2009 [2011.01.19 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Audacity [2011.05.21 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bitdefender [2010.07.23 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bump Technologies, Inc [2010.07.16 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canneverbe Limited [2011.07.01 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canon [2010.12.07 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.07 19:52:41 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Free Audio Editor [2010.09.08 11:36:29 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFixer [2010.09.16 15:17:26 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFLVConverter [2010.09.11 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Get from YouTube [2010.09.13 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\GrabPro [2010.06.26 13:35:53 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Groove Games [2011.02.05 21:11:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gsmartcontrol [2011.07.09 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gtk-2.0 [2010.10.09 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Gutscheinmieze [2011.05.21 19:36:42 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\IObit [2011.06.11 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Mp3tag [2011.06.25 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Nokia [2010.12.18 11:28:54 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Notepad++ [2010.09.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Orbit [2011.06.25 13:23:45 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\PC Suite [2010.09.13 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\ProgSense [2011.08.13 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickScan [2010.10.09 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickStoresToolbar [2010.07.13 13:18:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\SharePod [2011.07.08 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TeamViewer [2011.02.19 14:07:25 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TuneUp Software [2010.08.12 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Uniblue [2011.01.07 11:17:44 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions [2010.11.02 11:42:40 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\XMedia Recode [2011.01.17 20:44:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Youtube Downloader HD [2011.06.23 11:18:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.26 13:05:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Adobe [2010.12.30 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\aicon [2011.01.29 13:55:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\AntiBrowserSpy 2009 [2010.07.15 16:59:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Apple Computer [2011.01.19 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Audacity [2011.05.21 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bitdefender [2010.07.23 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bump Technologies, Inc [2010.07.16 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canneverbe Limited [2011.07.01 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canon [2011.07.01 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\CANON INC [2010.07.23 19:06:15 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\DivX [2010.12.07 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.07 19:52:41 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Free Audio Editor [2010.09.08 11:36:29 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFixer [2010.09.16 15:17:26 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFLVConverter [2010.09.11 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Get from YouTube [2010.09.13 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\GrabPro [2010.06.26 13:35:53 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Groove Games [2011.02.05 21:11:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gsmartcontrol [2011.07.09 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gtk-2.0 [2010.10.09 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Gutscheinmieze [2010.08.24 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\HP [2011.01.23 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\HpUpdate [2010.06.25 19:14:48 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Identities [2011.05.21 19:36:42 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\IObit [2010.06.26 13:05:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Macromedia [2011.08.16 19:12:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Media Center Programs [2010.11.15 22:11:31 | 000,000,000 | --SD | M] -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft [2010.06.26 11:47:16 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Mozilla [2011.06.11 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Mp3tag [2011.06.25 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Nokia [2010.12.18 11:28:54 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Notepad++ [2011.02.03 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\NVIDIA [2010.09.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Orbit [2011.06.25 13:23:45 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\PC Suite [2010.09.13 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\ProgSense [2011.08.13 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickScan [2010.10.09 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickStoresToolbar [2010.07.13 13:18:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\SharePod [2011.08.03 15:48:00 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Skype [2011.02.16 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\skypePM [2011.07.08 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TeamViewer [2011.02.19 14:07:25 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TuneUp Software [2010.08.12 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Uniblue [2011.06.26 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\vlc [2011.01.07 11:17:44 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions [2010.07.08 15:09:59 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\WinRAR [2010.11.02 11:42:40 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\XMedia Recode [2011.01.17 20:44:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Youtube Downloader HD < %APPDATA%\*.exe /s > [2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Familie Pichler\AppData\Roaming\Gutscheinmieze\uninstall.exe [2011.07.20 13:33:57 | 000,043,385 | R--- | M] () -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_112D608FD02CD87FDC7735.exe [2011.07.20 13:33:57 | 000,043,385 | R--- | M] () -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_1A508631B9BA7A5663EE5C.exe [2011.07.20 13:33:57 | 000,032,579 | R--- | M] () -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_853F67D554F05449430E7E.exe [2011.05.19 18:49:30 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2010.03.10 15:13:58 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Familie Pichler\AppData\Roaming\QuickStoresToolbar\Update.exe [2010.08.12 11:03:58 | 005,276,088 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Familie Pichler\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe [2011.04.02 09:50:24 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe [2011.05.19 18:03:54 | 007,594,104 | ---- | M] (WindSolutions) -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2011.01.07 11:17:38 | 004,508,864 | ---- | M] (WindSolutions) -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransTuneSwift.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll Hoffe dass du was findest, und wenn nicht ist's natürlich noch besser!  Ich geh dann mal frühstcken, Bis bald!  |
|
17.08.2011, 08:01
| #5 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Teil 2 (OTL.Txt): Code:
ATTFilter < MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 17.08.2011 08:27:50 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Familie Pichler\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,18% Memory free
6,00 Gb Paging File | 4,57 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 520,59 Gb Free Space | 87,34% Space Free | Partition Type: NTFS
Computer Name: PICHLER | User Name: Familie Pichler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [explore] -- Reg Error: Value error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.7
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7D38898-283C-4720-BF42-4ABC90375904}" = System Requirements Lab CYRI
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}" = BitDefender Free Edition v10
"{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6E0EB79-CB6B-4540-9FC1-3D215CE25AD4}" = Nokia Ovi Suite
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"1489-3350-5074-6281" = JDownloader 0.9
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.5.0" = AGEIA PhysX v2.5.0
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"Desperados - Ein Wild West Abenteuer 1.01" = Desperados - Ein Wild West Abenteuer 1.01
"Free Audio Dub_is1" = Free Audio Dub version 1.7.8.426
"GimpLqRPlugIn" = GIMP LqR Plug-In
"GML Matting_is1" = GML Matting 0.3
"GrowCut3_is1" = GrowCut 3.0.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MapUtility" = Canon Utilities Map Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.48
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag 2_is1" = Smart Defrag 2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinSysClean X" = WinSysClean X
"XMedia Recode" = XMedia Recode 2.3.1.3
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GeoGebra WebStart" = GeoGebra WebStart
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.03.2011 05:58:18 | Computer Name = Pichler | Source = Windows Backup | ID = 4103
Description =
Error - 13.04.2011 13:38:14 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
0x3cd036dd Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
0x3cd0369e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000369b ID des fehlerhaften Prozesses:
0xaf4 Startzeit der fehlerhaften Anwendung: 0x01cbfa0188492f40 Pfad der fehlerhaften
Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll Berichtskennung:
ced64790-65f4-11e0-ae20-40618601b217
Error - 13.04.2011 13:39:07 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
0x3cd036dd Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
0x3cd0369e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000369b ID des fehlerhaften Prozesses:
0x1070 Startzeit der fehlerhaften Anwendung: 0x01cbfa01a2fef400 Pfad der fehlerhaften
Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll Berichtskennung:
edfe3380-65f4-11e0-ae20-40618601b217
Error - 13.04.2011 13:41:00 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
0x3cd036dd Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
0x3cd0369e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000369b ID des fehlerhaften Prozesses:
0x924 Startzeit der fehlerhaften Anwendung: 0x01cbfa01e9db5580 Pfad der fehlerhaften
Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll Berichtskennung:
315e9570-65f5-11e0-ae20-40618601b217
Error - 13.04.2011 13:51:28 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
0x3cd036dd Name des fehlerhaften Moduls: qagamex86.dll, Version: 0.0.0.0, Zeitstempel:
0x3cd036b1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fa29 ID des fehlerhaften Prozesses:
0xbc0 Startzeit der fehlerhaften Anwendung: 0x01cbfa021d4b3610 Pfad der fehlerhaften
Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Return to Castle Wolfenstein\qagamex86.dll Berichtskennung:
a82b67e0-65f6-11e0-ae20-40618601b217
Error - 13.04.2011 13:53:51 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
0x3cd036dd Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
0x3cd0369e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000369b ID des fehlerhaften Prozesses:
0xbe4 Startzeit der fehlerhaften Anwendung: 0x01cbfa03b2ffce90 Pfad der fehlerhaften
Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll Berichtskennung:
fcfd45e0-65f6-11e0-ae20-40618601b217
Error - 14.04.2011 15:28:09 | Computer Name = Pichler | Source = Windows Search Service | ID = 3007
Description =
Error - 15.04.2011 09:12:36 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TFService.exe, Version: 4.10.1.14,
Zeitstempel: 0x4b4fa1c8 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4927,
Zeitstempel: 0x4a2752ff Ausnahmecode: 0xc000000d Fehleroffset: 0x00014ba1 ID des fehlerhaften
Prozesses: 0x184 Startzeit der fehlerhaften Anwendung: 0x01cbfb6e8192a1e0 Pfad der
fehlerhaften Anwendung: C:\Program Files\ThreatFire\TFService.exe Pfad des fehlerhaften
Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Berichtskennung:
078d3ee0-6762-11e0-bdee-40618601b217
Error - 15.04.2011 09:13:24 | Computer Name = Pichler | Source = VSS | ID = 8194
Description =
Error - 19.04.2011 07:23:07 | Computer Name = Pichler | Source = McLogEvent | ID = 259
Description = Der Scan hat Entdeckungen gefunden. Scan-Modul der Version 5400.1158
DAT-Version 6320.
[ System Events ]
Error - 16.08.2011 14:49:01 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 16.08.2011 14:49:18 | Computer Name = Pichler | Source = ipnathlp | ID = 34001
Description =
Error - 17.08.2011 02:05:13 | Computer Name = Pichler | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Application Popup | ID = 875
Description = Treiber bdfdll.sys konnte nicht geladen werden.
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfdll" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 17.08.2011 02:06:09 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.08.2011 02:06:09 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.08.2011 02:32:44 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 17.08.2011 02:32:49 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
< End of report >
|
|
17.08.2011, 10:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Führe auch bitte ESET aus, danach sehen wir weiter. ESET Online Scanner
n.
__________________ --> FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe |
|
17.08.2011, 12:10
| #7 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Hallo! Ich habe mit ESET Online Scanner so meine Probleme. Wenn ich die Stelle erreiche, wo er die Datenbank updatet, kommt eine Fehlermeldung: "Can not get update. Is Proxy Fixed?" Habe es jetzt schon mit IE9, Firefox und Chrome versucht, immer das selbe.  Hast du eine Idee, was das Problem sein könnte? MFG Pich103 PS: Ich hänge noch 2 Screenshots von den Fenstern an, eines vor der Meldung und eins mit. |
|
17.08.2011, 13:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.08.2011, 14:31
| #9 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Hab ich, aber bei den Proxy Einstellungen Stimmt alles. Und das Internet funktioniert ja überall anders auch. |
|
17.08.2011, 15:04
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Du hast den Browser für ESET per Rechtsklick als Admin ausgeführt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2011, 16:05
| #11 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Ja hab ich auch gemacht. Keine Ahnung warum es nicht Funktioniert... Und auf meinem Laptop mit Win7 64Bit Funktioniert's auch.... (hab auf dem Stand PC Win7 32 Bit) |
|
17.08.2011, 21:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Hast du beide Browser probiert oder nur einen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2011, 08:23
| #13 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Habe es jetzt nochmal probiert mit IE und siehe da... es FUNKTIONIERT!Werde nachher das Ergebnis posten. Geändert von Pich103 (18.08.2011 um 08:46 Uhr) |
|
18.08.2011, 11:36
| #14 |
| | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Oh... 7 Funde! Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=acb141828105b54f92a5e878477b0864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-18 10:17:26
# local_time=2011-08-18 12:17:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 7826633 7826633 0 0
# compatibility_mode=768 16777215 100 0 35061278 35061278 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 68583 66092745 0 0
# compatibility_mode=8192 67108863 100 0 72186 72186 0 0
# scanned=144272
# found=7
# cleaned=0
# scan_time=8644
C:\Users\Familie Pichler\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Pichler\Downloads\cdbxp_setup_4.3.8.2568.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
F:\PICHLER\Backup Set 2011-02-03 181353\Backup Files 2011-02-03 181353\Backup files 2.zip Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
F:\PICHLER\Backup Set 2011-02-03 181353\Backup Files 2011-02-03 181353\Backup files 4.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 6.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 7.zip Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 8.zip Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
Hatte mal SpeedUpMyPC installiert, und da könnten noch Reste vorhanden sein. Und einen Virus im CD Burner XP Setup kann ich mir auch nicht vorstellen, der ist von Chip.de Es sind nur eigentlich 2 Viren: Win32/SpeedUpMyPC und Win32/OpenCandy. Warum in meinen Backupfiles auf der externen Platte auch welche angezeigt werden ist mir unklar. |
|
18.08.2011, 12:01
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Das sind "halbe" Fehlalarme, die Setups und Backupsets sind eigentlich sauber, aber können Adware-Bestandteile enthalten. Lass von Uniblue die Finger, das ist allerfeinstes Schlangenöl! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.08.12 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Local\SKIDROW
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe |
| boot, c:\windows, clean, code, data, defender, edition, ergebnis, fakealert, file, files, free, g-data, hochfahren, infected, mcafee, nicht mehr, nichts, rootkit, scan, starten, stinger, test, trojaner-board, version, windows |
Textbox.
.
Linear-Darstellung
