| |
| |||||||
Log-Analyse und Auswertung: Win32.fraudload.edt und Laptop spinntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
26.04.2010, 15:25
| #1 |
 |  Win32.fraudload.edt und Laptop spinnt Hallo! Danke für die Antwort. Nach dem Scan mit GMER kommt ein Bluescreen, pfn-list corrupt. Noch bevor die Log-Datei gespeichert werden kann. Während des Scans piept der Laptop während er System32 scannt. Auch im abgesicherten Modus meldet Windows ein Problem und schliesst das Programm. Gmer unbennenen hat auch nichts gebracht. Haben mit Müh und Not ein "halbes" log file erstellt. Weiss nicht obs was hilft. Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-26 15:46:55
Windows 6.0.6002 Service Pack 2
Running: rettemich.com; Driver: C:\Users\Franz\AppData\Local\Temp\pglcypog.sys
---- System - GMER 1.0.15 ----
SSDT 9D5459A4 ZwCreateThread
SSDT 9D545990 ZwOpenProcess
SSDT 9D545995 ZwOpenThread
SSDT 9D54599F ZwTerminateProcess
Code \??\C:\Windows\system32\drivers\aiplrquo.sys ZwResumeThread [0x90604ADA]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 820F2984 4 Bytes [A4, 59, 54, 9D] {MOVSB ; POP ECX; PUSH ESP; POPF }
.text ntkrnlpa.exe!KeSetEvent + 3F1 820F2B54 4 Bytes [90, 59, 54, 9D] {NOP ; POP ECX; PUSH ESP; POPF }
.text ntkrnlpa.exe!KeSetEvent + 40D 820F2B70 4 Bytes [95, 59, 54, 9D] {XCHG EBP, EAX; POP ECX; PUSH ESP; POPF }
.text ntkrnlpa.exe!KeSetEvent + 621 820F2D84 4 Bytes [9F, 59, 54, 9D] {LAHF ; POP ECX; PUSH ESP; POPF }
PAGE ntkrnlpa.exe!ZwResumeThread 822617A5 7 Bytes JMP 90604ADE \??\C:\Windows\system32\drivers\aiplrquo.sys
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F005340, 0x3E0487, 0xE8000020]
C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0xA311441C]
.clc C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0xA3115000, 0x1000, 0xE0000020]
|
|
26.04.2010, 15:29
| #2 |
| | Win32.fraudload.edt und Laptop spinnt hier das OTL logfile im Anhang.
__________________Liebe Grüsse und nochmals Danke!! |
|
26.04.2010, 19:15
| #3 |
| | Win32.fraudload.edt und Laptop spinnt OTL Extras:
__________________Code:
ATTFilter OTL Extras logfile created on: 26.04.2010 16:08:24 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = c:\Users\Franz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 271,13 Gb Free Space | 59,65% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FRANZ-PC
Current User Name: Franz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02207246-4F3C-43C1-B3DA-E609C667758A}" = rport=137 | protocol=17 | dir=out | app=system |
"{2804E73E-0FF6-4F60-9504-ADBF8F03B638}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F209019-BAD4-4849-905B-3D2FF35901E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{30CB5AC4-86BB-425E-8726-689EF6704E22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4C60C6F0-4006-479A-AC5F-58C12CA09F1D}" = rport=445 | protocol=6 | dir=out | app=system |
"{623E5066-2F44-4AA1-BC88-6B0D02BC9CE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7516D101-90F8-49E0-9864-0FE6B61FA2C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{BDCFED65-25BB-47EC-A90E-11C7412ADE26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C3AA5EB2-0798-498A-8B83-F3CDC48A20DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{CAFB905C-4A28-469A-9F4E-171BDA7E9CF5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E6D443E7-31CB-4E69-B92A-73D1F6A58ECF}" = lport=139 | protocol=6 | dir=in | app=system |
"{F7E36FDB-495C-4514-A5D2-0461E89B8E66}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FAC55D-6D39-4EA2-820F-5ED6448533A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0AA754AE-3C36-4E75-8FD3-8DBAE29997A0}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{0E7577F4-9C86-4DD9-8F3B-C4FDA0D50F36}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{1221E528-364F-4479-9380-E3B91F6C99C8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{128F0C7E-6386-4F1F-8DE9-12CC16EE57F8}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{13FB7EE9-194D-48B1-A2AF-0C1F770A392B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2B759265-0FAF-419D-9D94-841FAB2AD748}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{3124E067-D4AF-4C1C-A5AF-B8341F8CEF21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{313F0AA4-7012-4777-AD96-337B93E3EBC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{380905D5-9744-446E-97A0-756CBB92789D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{384F0801-8E6B-4937-9B75-7B5A43B32A96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3BEEE0A7-0B01-4B9D-ACC2-DDA75692A12B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{3D6204E4-3900-4AEE-8762-6E3757FACE96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3F9CB834-3040-4606-B636-D9BD3243E7F8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41482EAE-F8C8-48E0-9C10-A27B0E495710}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4282502B-60A4-48D2-9321-85778B695B85}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{43FE02D4-A2C7-4E98-8687-4C21A55D49C1}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{51C43DA1-4C2A-4194-A22C-B186CC20FD10}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{5ABE8BA7-7D70-4530-BF8A-4472A105A094}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5CDE8FC5-ED5E-4EEB-8D53-91BA3C0DE850}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{64E10C38-1707-41C5-B640-FB4850601446}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{89995A93-826D-400D-A06B-6994E1DF1C0C}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{9DE4CB89-5A8D-490F-8BCB-8C512DAE5384}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{ABABE1C2-5BD4-46A5-A669-3117048D01DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B52772B2-3180-4CCB-BD7A-D1BF0688E04D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BDF43BB3-D7ED-4BC0-9F69-5A059AEC9C3F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C29E06AC-A8E4-472E-BF70-46CBDF6FB2B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4293751-4FAA-4EC6-996A-05F448296343}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{CE61EBD4-8DAF-4592-AF60-BC4ADDA95743}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{CEA7E5D6-6D3C-4315-944D-879B89CBEF93}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D05A2959-FF80-4652-AF43-D790E875D6BE}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{D81F9ED3-D27B-4CB0-AEFC-A86346AC5F00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E1FF77C6-5191-4B4F-A280-D797AE228E52}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{EBD8E55B-5DD4-4909-836B-7AEF2B344FAD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F3A0A009-5D65-4B68-B3FF-7881A0C1AB3C}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{F5AC493D-EF0B-4D68-8A2A-CBB9A9CB80AE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F5C622AB-44FA-4E02-8987-379BDA6C4BF5}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{FC6A6FA8-2AE2-41D7-B387-564F51E2A080}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FE0F81B1-7FE8-4653-B02D-9B47251BC326}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{06D5AAD8-F330-4597-94EE-177BF62A1AF7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{71D1894F-CB5F-48A5-9FA2-8DCCA7E3DEA1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{76664820-624C-4C98-B00B-E2C2C0FA64E7}C:\users\franz\documents\desktop\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\users\franz\documents\desktop\sopcast\sopcast.exe |
"TCP Query User{78330666-3619-424A-8A05-A1C855DAFD7F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B0AA524C-CB4E-4EAB-BEDA-F7B66944F72D}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{B16AAE83-B05D-4B73-9B8B-CBBD5FB02851}C:\users\franz\documents\desktop\routerclient.exe" = protocol=6 | dir=in | app=c:\users\franz\documents\desktop\routerclient.exe |
"TCP Query User{FC9B4AA7-F313-4342-A317-4F49B17D6A43}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FCC2BF21-A5F6-47DA-A58A-CBADFC21018A}C:\users\franz\documents\desktop\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\users\franz\documents\desktop\sopcast\adv\sopadver.exe |
"UDP Query User{5987C3D1-524D-477D-BDEB-D2F732F8C4BA}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{5C64A20E-9E18-41E4-9799-1F7819ED62F7}C:\users\franz\documents\desktop\routerclient.exe" = protocol=17 | dir=in | app=c:\users\franz\documents\desktop\routerclient.exe |
"UDP Query User{6DD3BAF2-9A97-47F8-9C43-F9058DAC1DCB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6FA46BF1-717D-4381-B4E2-B7C1670A1CE3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7DC1ECF4-F874-41F0-9C0D-BDF0C9D45F1E}C:\users\franz\documents\desktop\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\users\franz\documents\desktop\sopcast\adv\sopadver.exe |
"UDP Query User{BC9569A2-01D1-41E4-9D1A-82D6E008A5C4}C:\users\franz\documents\desktop\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\users\franz\documents\desktop\sopcast\sopcast.exe |
"UDP Query User{D70D6D0F-C425-4B69-96FC-B1E886C170A0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FDC8C7CB-B10F-4FC8-925D-C2D5BE4009AE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4C3EF687-803F-4825-B815-04AE32DDEB41}" = YAVIDO
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop 2008
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.1.7
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.250 (D)
"NVIDIA Drivers" = NVIDIA Drivers
"PlagiarismFinder 2.0" = PlagiarismFinder 2.0
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SopCast" = SopCast 3.2.9
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.6
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2010 10:35:25 | Computer Name = Franz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.04.2010 10:35:25 | Computer Name = Franz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.04.2010 12:19:02 | Computer Name = Franz-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2010 12:19:14 | Computer Name = Franz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.04.2010 12:19:14 | Computer Name = Franz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.04.2010 12:21:48 | Computer Name = Franz-PC | Source = EventSystem | ID = 4609
Description =
Error - 23.04.2010 12:22:26 | Computer Name = Franz-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2010 12:37:20 | Computer Name = Franz-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2010 12:37:38 | Computer Name = Franz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.04.2010 12:37:38 | Computer Name = Franz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 26.04.2010 09:51:49 | Computer Name = Franz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.04.2010 09:51:49 | Computer Name = Franz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.04.2010 09:51:53 | Computer Name = Franz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.04.2010 09:55:12 | Computer Name = Franz-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.04.2010 09:56:01 | Computer Name = Franz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.04.2010 09:57:26 | Computer Name = Franz-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 26.04.2010 09:59:47 | Computer Name = Franz-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 26.04.2010 09:59:47 | Computer Name = Franz-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 26.04.2010 09:59:47 | Computer Name = Franz-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 26.04.2010 09:59:47 | Computer Name = Franz-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
|
|
26.04.2010, 19:56
| #4 |
| | Win32.fraudload.edt und Laptop spinnt Sieht nach einem Rootkit aus. Aber so ein halbes Log ist keine gute Grundlage. Versuchen wir einen anderen Scanner: 1. Hol dir Sophos Anti-Rootkit. Eine Registrierung ist notwendig. Du bekommst eine Installationsdatei sarsfx.exe
|
|
27.04.2010, 10:01
| #5 |
| | Win32.fraudload.edt und Laptop spinnt Hier das Logfile von Sophos! Code:
ATTFilter Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 27.04.2010 at 08:59:03
User "Franz" on computer "FRANZ-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Franz\Downloads\[Torrentsworld.net] - Jamie Foxx Ft Timbaland-I Dont Need It-Promo CDS-2009-XXL.torrent
Hidden: file C:\Users\Franz\AppData\Roaming\Skype\XX_XX\etilqs_qeQ01E18y8YJgLR87oUM
Info: Starting disk scan of D: (NTFS).
Info: Starting disk scan of G: (FAT).
Stopped logging on 27.04.2010 at 10:13:45
|
|
27.04.2010, 19:55
| #6 | |
| | Win32.fraudload.edt und Laptop spinnt Hm, versuchen wir es mal so: 1. Hol dir Avenger Entpacke Avenger auf den Desktop. Starte Avenger. Setze unten beide Häkchen. Kopiere in das Skript-Feld rein: Zitat:
Neustart zulassen. Nach dem Neustart sollte ein Log eingeblendet werden, poste es. |
|
27.04.2010, 20:13
| #7 | |
| | Win32.fraudload.edt und Laptop spinnt wird gemacht. Zitat:
 |
|
| Themen zu Win32.fraudload.edt und Laptop spinnt |
| antivir, antivir guard, avg, avira, bho, bluescree, bluescreen, bonjour, desktop, dsl, firefox, gupdate, hijack, hijackthis, hkus\s-1-5-18, hängen, internet explorer, laptop spinnt, launch, magix, malwarebytes' anti-malware, mozilla, object, plug-in, rundll, safer networking, security, senden, server, software, system, trojan.downloader, vista, windows, wlan, worm.allaple |
Hybrid-Darstellung
