Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.08.2011, 16:49   #1
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Hallo liebes Trojaner-Board Team!

Ich habe heute einen Scan Mit McAfee Stinger gemacht mit fogendem Ergebnis:
Code:
ATTFilter
McAfee(r) Labs Stinger(tm) Version 10.2.0.115 built on Jun 16 2011
Copyright (c) 2011 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Jun 16 2011.
Ready to scan for 2487 viruses, trojans and variants.

Scan initiated on Sun Aug 14 13:31:46 2011
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
     Found the FakeAlert!fakealert-REP trojan !!!
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe is infected with the FakeAlert!fakealert-REP virus !!!
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe has been deleted.
  Number of clean files: 421386
  Number of infected files: 1
  Number of files cleaned: 1
         
Außerdem braucht mein PC nach dem hochfahren seit ein Paar Tagen etwas länger als zuvor (ich tippe auf Rootkit).

Nun zu meinen Schutzprogrammen:

-McAfee Virus Scan Enterprise 8.7i (hab ich von einem Freund, der eine IT-Firma besitzt)
-Threat Fire
-Spybot Search&Destroy(Lässt sich nicht mehr im Administratormodus starten)
-Bit Defender Free Edition v10 (zum Wöchentlichen Test)

McAfee, Spybot und Bit Defender finden nichts, Threat Fire habe ich noch nicht probiert. Ich wollte jetzt mal die G-Data Boot CD probieren, aber ich dachte ich melde mich vorher noch bei euch.
Bitte sagt mir wenn ihr noch Logs von Malwarebytes usw. braucht...

Mit freundlichen Grüßen
Pich103

Geändert von Pich103 (14.08.2011 um 17:19 Uhr)

Alt 16.08.2011, 12:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 16.08.2011, 20:42   #3
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Hallo!
Sorry für die späte Antwort, war heute bei Bekannten. Malwarebytes findet nichts, hier der Log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7480

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

16.08.2011 20:20:31
mbam-log-2011-08-16 (20-20-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 289200
Laufzeit: 1 Stunde(n), 5 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Werde gleich noch den OTL.exe Scan machen und wenn möglich heute bzw. morgen hochladen.

Es könnte auch sein, dass mein System schon sauber ist, aber ich will am Besten auf Nummer sicher gehen.

Bis dann,

Pich 103
__________________

Alt 17.08.2011, 08:59   #4
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Guten Morgen!

Konnte gestern den Scan nicht mehr machen, mein Bruder musste noch Kinokarten ausdrucken.

Hier die Logs, ich hoffe du kannst damit was anfangen:

OTL.Txt:
Code:
ATTFilter
OTL logfile created on: 17.08.2011 08:27:50 - Run 1
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\Familie Pichler\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,18% Memory free
6,00 Gb Paging File | 4,57 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 520,59 Gb Free Space | 87,34% Space Free | Partition Type: NTFS
 
Computer Name: PICHLER | User Name: Familie Pichler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.16 19:10:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Familie Pichler\Desktop\OTL.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.07.14 19:28:02 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Common Files\Softwin\BitDefender Update Service\livesrv.exe
PRC - [2011.07.14 19:27:57 | 000,466,944 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender10\vsserv.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.01.14 17:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFTray.exe
PRC - [2010.01.14 17:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2009.10.26 10:20:02 | 001,499,136 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009.10.21 10:24:00 | 000,272,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2009.09.17 10:33:26 | 000,651,776 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.09.17 10:31:18 | 000,132,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.09.17 10:31:06 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.09.29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008.09.29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008.09.29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2008.09.29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008.09.29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008.09.29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2006.12.20 17:33:08 | 000,081,920 | ---- | M] () -- C:\Programme\Common Files\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2006.11.09 13:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Programme\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.10.21 10:24:00 | 000,272,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe
MOD - [2009.08.31 11:33:34 | 000,016,384 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\qtsecurestorage.dll
MOD - [2009.08.31 11:33:32 | 000,014,336 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\cryptodll.dll
MOD - [2009.08.31 11:33:32 | 000,013,824 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\qtsecurestorageserver.dll
MOD - [2009.08.31 11:11:16 | 000,025,088 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\wrtserviceipcserver.dll
MOD - [2009.08.24 11:29:52 | 002,013,184 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtCore4.dll
MOD - [2009.06.20 11:21:30 | 007,464,448 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtGui4.dll
MOD - [2009.06.20 11:10:32 | 000,875,520 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtNetwork4.dll
MOD - [2009.06.20 11:09:26 | 000,337,408 | ---- | M] () -- C:\Programme\Common Files\Nokia\NoA\QtXml4.dll
MOD - [2006.05.15 18:02:16 | 000,058,368 | ---- | M] () -- C:\Programme\Softwin\BitDefender10\bdshelxt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.14 19:28:02 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2011.07.14 19:27:57 | 000,466,944 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.07.31 20:30:56 | 000,057,008 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010.06.26 12:08:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.14 17:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.09.17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.09.29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008.09.29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2008.09.29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008.09.29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006.12.20 17:33:08 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2006.11.09 13:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) [Auto | Running] -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.02.23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010.11.19 11:23:10 | 000,914,816 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.01.14 17:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.01.14 17:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.01.14 17:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.09.29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008.09.29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008.09.29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008.09.29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008.09.29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008.09.29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.08 15:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006.12.04 16:51:44 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FE 6D 94 8D 14 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.12.18 11:23:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Familie Pichler\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Familie Pichler\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2010.07.31 20:31:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.26 18:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.10 17:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 11:59:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.26 18:55:40 | 000,000,000 | ---D | M]
 
[2010.09.13 19:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Extensions
[2010.07.17 13:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.05.21 12:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions
[2011.05.11 14:22:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.12.07 19:45:03 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.20 15:01:04 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Familie Pichler\AppData\Roaming\mozilla\Firefox\Profiles\vk3estud.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.05.11 14:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\FAMILIE PICHLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VK3ESTUD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FAMILIE PICHLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VK3ESTUD.DEFAULT\EXTENSIONS\CLICKCLEAN@HOTCLEANER.COM.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.09.29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.13 19:41:35 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.19 14:39:27 | 000,000,735 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Familie Pichler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^Familie Pichler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: BDAgent - hkey= - key= - C:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)
MsConfig - StartUpReg: BDMCon - hkey= - key= - C:\Program Files\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)
MsConfig - StartUpReg: dvd43 - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PrintDisp - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.16 19:12:32 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Roaming\Malwarebytes
[2011.08.16 19:12:20 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.16 19:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.16 19:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.16 19:12:07 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.16 19:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.16 19:10:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Familie Pichler\Desktop\OTL.exe
[2011.08.14 13:29:14 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\Pavark
[2011.08.14 12:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011.08.14 12:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011.08.14 11:56:36 | 000,000,000 | ---D | C] -- C:\Windows\MiniDump
[2011.08.13 15:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011.08.13 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011.08.12 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Local\SKIDROW
[2011.08.10 17:24:26 | 000,340,592 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011.08.10 17:24:26 | 000,090,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011.08.10 17:24:26 | 000,074,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011.08.10 17:24:26 | 000,067,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011.08.10 17:24:26 | 000,064,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011.08.10 17:24:26 | 000,062,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2011.08.10 17:24:26 | 000,042,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011.08.10 17:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.08.10 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011.07.31 11:24:40 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\Mali Losinj 2.0
[2011.07.20 13:33:57 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.17 08:31:05 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2011.08.17 08:13:09 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 08:13:09 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 08:06:01 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000UA.job
[2011.08.17 08:05:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.17 08:05:19 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.16 19:10:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Familie Pichler\Desktop\OTL.exe
[2011.08.15 14:52:13 | 000,726,476 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.15 14:52:13 | 000,676,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.15 14:52:13 | 000,155,048 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.15 14:52:13 | 000,126,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.13 19:49:31 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011.08.12 13:42:59 | 000,001,223 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\LIMBO.lnk
[2011.08.10 17:06:58 | 000,002,450 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Google Chrome.lnk
[2011.08.08 11:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000Core.job
[2011.07.31 12:16:07 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.31 11:59:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.07.22 10:42:58 | 007,964,786 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Alexandra Stan - Mr Saxobeat.mp3
[2011.07.22 10:41:26 | 007,371,527 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Cascada - San Francisco.mp3
[2011.07.22 10:40:26 | 008,032,161 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\David Guetta - Little Bad Girl (Feat. Taio Cruz & Ludacris).mp3
[2011.07.22 10:39:10 | 007,372,119 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Inna - Sun is Up.mp3
[2011.07.22 10:38:26 | 007,984,375 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\DJ Antoine vs. Timati feat. Kalenna - Welcome To St. Tropez.mp3
[2011.07.22 10:25:28 | 007,332,383 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Jedward - Bad Behaviour.mp3
[2011.07.20 13:57:58 | 000,003,117 | ---- | M] () -- C:\Users\Familie Pichler\Desktop\Microsoft ICE.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 14:50:32 | 011,750,500 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\The Black Eyed Peas - Don't Stop the Party (Yanis.S Remix).mp3
[2011.08.13 19:49:32 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011.08.13 19:49:31 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.08.12 13:42:59 | 000,001,223 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\LIMBO.lnk
[2011.07.22 15:05:44 | 007,371,527 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Cascada - San Francisco.mp3
[2011.07.22 15:05:43 | 007,964,786 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Alexandra Stan - Mr Saxobeat.mp3
[2011.07.22 15:05:43 | 007,332,383 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Jedward - Bad Behaviour.mp3
[2011.07.22 15:05:42 | 007,372,119 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Inna - Sun is Up.mp3
[2011.07.22 15:05:41 | 008,032,161 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\David Guetta - Little Bad Girl (Feat. Taio Cruz & Ludacris).mp3
[2011.07.22 15:05:41 | 007,984,375 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\DJ Antoine vs. Timati feat. Kalenna - Welcome To St. Tropez.mp3
[2011.07.20 13:57:58 | 000,003,117 | ---- | C] () -- C:\Users\Familie Pichler\Desktop\Microsoft ICE.lnk
[2011.05.31 18:53:39 | 000,000,620 | ---- | C] () -- C:\Windows\eReg.dat
[2011.05.21 12:21:58 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2011.05.20 14:52:54 | 000,000,036 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\housecall.guid.cache
[2011.04.15 15:18:19 | 000,022,328 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Roaming\PnkBstrK.sys
[2011.04.15 15:18:04 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.15 15:17:56 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.12 16:53:36 | 000,000,810 | ---- | C] () -- C:\Windows\Rtcw.INI
[2011.03.26 21:07:11 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011.03.20 14:47:15 | 000,000,173 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\msmathematics.qat.Familie Pichler
[2011.01.22 21:02:48 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011.01.22 20:48:30 | 000,226,480 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.01.22 20:48:30 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.11.02 12:25:31 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2010.11.02 12:25:30 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2010.10.02 15:50:41 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.10.02 13:05:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.10 16:19:13 | 000,000,600 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\PUTTY.RND
[2010.09.10 15:27:21 | 000,007,606 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\Resmon.ResmonCfg
[2010.09.10 09:38:44 | 000,000,600 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Roaming\winscp.rnd
[2010.08.03 14:31:43 | 000,000,911 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Roaming\burnaware.ini
[2010.08.02 13:29:42 | 000,000,008 | -HS- | C] () -- C:\Users\Familie Pichler\AppData\Local\systemCurUses
[2010.08.02 13:29:41 | 000,000,006 | -HS- | C] () -- C:\Users\Familie Pichler\AppData\Local\systemHdID
[2010.07.21 19:05:18 | 000,005,120 | ---- | C] () -- C:\Users\Familie Pichler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.16 18:51:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,726,476 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,155,048 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,407,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,676,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,126,636 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006.07.20 22:07:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.07.10 18:54:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.12.30 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\aicon
[2011.01.29 13:55:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\AntiBrowserSpy 2009
[2011.01.19 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Audacity
[2011.05.21 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bitdefender
[2010.07.23 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bump Technologies, Inc
[2010.07.16 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canneverbe Limited
[2011.07.01 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canon
[2010.12.07 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.07 19:52:41 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Free Audio Editor
[2010.09.08 11:36:29 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFixer
[2010.09.16 15:17:26 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFLVConverter
[2010.09.11 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Get from YouTube
[2010.09.13 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\GrabPro
[2010.06.26 13:35:53 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Groove Games
[2011.02.05 21:11:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gsmartcontrol
[2011.07.09 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gtk-2.0
[2010.10.09 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Gutscheinmieze
[2011.05.21 19:36:42 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\IObit
[2011.06.11 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Mp3tag
[2011.06.25 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Nokia
[2010.12.18 11:28:54 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Notepad++
[2010.09.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Orbit
[2011.06.25 13:23:45 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\PC Suite
[2010.09.13 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\ProgSense
[2011.08.13 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickScan
[2010.10.09 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickStoresToolbar
[2010.07.13 13:18:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\SharePod
[2011.07.08 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TeamViewer
[2011.02.19 14:07:25 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TuneUp Software
[2010.08.12 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Uniblue
[2011.01.07 11:17:44 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions
[2010.11.02 11:42:40 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\XMedia Recode
[2011.01.17 20:44:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Youtube Downloader HD
[2011.06.23 11:18:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.26 13:05:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Adobe
[2010.12.30 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\aicon
[2011.01.29 13:55:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\AntiBrowserSpy 2009
[2010.07.15 16:59:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Apple Computer
[2011.01.19 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Audacity
[2011.05.21 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bitdefender
[2010.07.23 16:48:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Bump Technologies, Inc
[2010.07.16 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canneverbe Limited
[2011.07.01 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Canon
[2011.07.01 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\CANON INC
[2010.07.23 19:06:15 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\DivX
[2010.12.07 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.07 19:52:41 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Free Audio Editor
[2010.09.08 11:36:29 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFixer
[2010.09.16 15:17:26 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\FreeFLVConverter
[2010.09.11 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Get from YouTube
[2010.09.13 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\GrabPro
[2010.06.26 13:35:53 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Groove Games
[2011.02.05 21:11:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gsmartcontrol
[2011.07.09 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\gtk-2.0
[2010.10.09 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Gutscheinmieze
[2010.08.24 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\HP
[2011.01.23 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\HpUpdate
[2010.06.25 19:14:48 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Identities
[2011.05.21 19:36:42 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\IObit
[2010.06.26 13:05:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Macromedia
[2011.08.16 19:12:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Media Center Programs
[2010.11.15 22:11:31 | 000,000,000 | --SD | M] -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft
[2010.06.26 11:47:16 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Mozilla
[2011.06.11 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Mp3tag
[2011.06.25 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Nokia
[2010.12.18 11:28:54 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Notepad++
[2011.02.03 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\NVIDIA
[2010.09.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Orbit
[2011.06.25 13:23:45 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\PC Suite
[2010.09.13 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\ProgSense
[2011.08.13 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickScan
[2010.10.09 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\QuickStoresToolbar
[2010.07.13 13:18:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\SharePod
[2011.08.03 15:48:00 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Skype
[2011.02.16 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\skypePM
[2011.07.08 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TeamViewer
[2011.02.19 14:07:25 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\TuneUp Software
[2010.08.12 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Uniblue
[2011.06.26 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\vlc
[2011.01.07 11:17:44 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions
[2010.07.08 15:09:59 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\WinRAR
[2010.11.02 11:42:40 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\XMedia Recode
[2011.01.17 20:44:43 | 000,000,000 | ---D | M] -- C:\Users\Familie Pichler\AppData\Roaming\Youtube Downloader HD
 
< %APPDATA%\*.exe /s >
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Familie Pichler\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2011.07.20 13:33:57 | 000,043,385 | R--- | M] () -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_112D608FD02CD87FDC7735.exe
[2011.07.20 13:33:57 | 000,043,385 | R--- | M] () -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_1A508631B9BA7A5663EE5C.exe
[2011.07.20 13:33:57 | 000,032,579 | R--- | M] () -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_853F67D554F05449430E7E.exe
[2011.05.19 18:49:30 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.03.10 15:13:58 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Familie Pichler\AppData\Roaming\QuickStoresToolbar\Update.exe
[2010.08.12 11:03:58 | 005,276,088 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Familie Pichler\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe
[2011.04.02 09:50:24 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2011.05.19 18:03:54 | 007,594,104 | ---- | M] (WindSolutions) -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
[2011.01.07 11:17:38 | 004,508,864 | ---- | M] (WindSolutions) -- C:\Users\Familie Pichler\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransTuneSwift.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
         
Im nächtsen Posting gehts weiter!

Hoffe dass du was findest, und wenn nicht ist's natürlich noch besser!

Ich geh dann mal frühstcken, Bis bald!

Alt 17.08.2011, 09:01   #5
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Teil 2 (OTL.Txt):
Code:
ATTFilter
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA

< End of report >
         
und dann noch Extras.Txt:

Code:
ATTFilter
OTL Extras logfile created on: 17.08.2011 08:27:50 - Run 1
OTL by OldTimer - Version 3.2.26.4     Folder = C:\Users\Familie Pichler\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,18% Memory free
6,00 Gb Paging File | 4,57 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 520,59 Gb Free Space | 87,34% Space Free | Partition Type: NTFS
 
Computer Name: PICHLER | User Name: Familie Pichler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [explore] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.7
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7D38898-283C-4720-BF42-4ABC90375904}" = System Requirements Lab CYRI
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}" = BitDefender Free Edition v10
"{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6E0EB79-CB6B-4540-9FC1-3D215CE25AD4}" = Nokia Ovi Suite
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"1489-3350-5074-6281" = JDownloader 0.9
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.5.0" = AGEIA PhysX v2.5.0
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"Desperados - Ein Wild West Abenteuer 1.01" = Desperados - Ein Wild West Abenteuer 1.01
"Free Audio Dub_is1" = Free Audio Dub version 1.7.8.426
"GimpLqRPlugIn" = GIMP LqR Plug-In
"GML Matting_is1" = GML Matting 0.3
"GrowCut3_is1" = GrowCut 3.0.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MapUtility" = Canon Utilities Map Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.48
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag 2_is1" = Smart Defrag 2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinSysClean X" = WinSysClean X
"XMedia Recode" = XMedia Recode 2.3.1.3
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GeoGebra WebStart" = GeoGebra WebStart
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2011 05:58:18 | Computer Name = Pichler | Source = Windows Backup | ID = 4103
Description = 
 
Error - 13.04.2011 13:38:14 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0xaf4  Startzeit der fehlerhaften Anwendung: 0x01cbfa0188492f40  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 ced64790-65f4-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:39:07 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0x1070  Startzeit der fehlerhaften Anwendung: 0x01cbfa01a2fef400  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 edfe3380-65f4-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:41:00 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0x924  Startzeit der fehlerhaften Anwendung: 0x01cbfa01e9db5580  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 315e9570-65f5-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:51:28 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: qagamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd036b1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fa29  ID des fehlerhaften Prozesses:
 0xbc0  Startzeit der fehlerhaften Anwendung: 0x01cbfa021d4b3610  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\qagamex86.dll  Berichtskennung:
 a82b67e0-65f6-11e0-ae20-40618601b217
 
Error - 13.04.2011 13:53:51 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WolfSP.exe, Version: 0.0.0.0, Zeitstempel:
 0x3cd036dd  Name des fehlerhaften Moduls: cgamex86.dll, Version: 0.0.0.0, Zeitstempel:
 0x3cd0369e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000369b  ID des fehlerhaften Prozesses:
 0xbe4  Startzeit der fehlerhaften Anwendung: 0x01cbfa03b2ffce90  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Return to Castle Wolfenstein\cgamex86.dll  Berichtskennung:
 fcfd45e0-65f6-11e0-ae20-40618601b217
 
Error - 14.04.2011 15:28:09 | Computer Name = Pichler | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 15.04.2011 09:12:36 | Computer Name = Pichler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TFService.exe, Version: 4.10.1.14,
 Zeitstempel: 0x4b4fa1c8  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4927,
 Zeitstempel: 0x4a2752ff  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00014ba1  ID des fehlerhaften
 Prozesses: 0x184  Startzeit der fehlerhaften Anwendung: 0x01cbfb6e8192a1e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\ThreatFire\TFService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Berichtskennung:
 078d3ee0-6762-11e0-bdee-40618601b217
 
Error - 15.04.2011 09:13:24 | Computer Name = Pichler | Source = VSS | ID = 8194
Description = 
 
Error - 19.04.2011 07:23:07 | Computer Name = Pichler | Source = McLogEvent | ID = 259
Description = Der Scan hat Entdeckungen gefunden. Scan-Modul der Version 5400.1158
 DAT-Version 6320.
 
[ System Events ]
Error - 16.08.2011 14:49:01 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 16.08.2011 14:49:18 | Computer Name = Pichler | Source = ipnathlp | ID = 34001
Description = 
 
Error - 17.08.2011 02:05:13 | Computer Name = Pichler | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01
 
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Application Popup | ID = 875
Description = Treiber bdfdll.sys konnte nicht geladen werden.
 
Error - 17.08.2011 02:06:08 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfdll" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 17.08.2011 02:06:09 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDFsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 17.08.2011 02:06:09 | Computer Name = Pichler | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BDRsDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 17.08.2011 02:32:44 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 17.08.2011 02:32:49 | Computer Name = Pichler | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >
         


Alt 17.08.2011, 11:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Führe auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.
__________________
--> FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Alt 17.08.2011, 13:10   #7
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Hallo!
Ich habe mit ESET Online Scanner so meine Probleme. Wenn ich die Stelle erreiche, wo er die Datenbank updatet, kommt eine Fehlermeldung:
"Can not get update. Is Proxy Fixed?"

Habe es jetzt schon mit IE9, Firefox und Chrome versucht, immer das selbe.

Hast du eine Idee, was das Problem sein könnte?

MFG Pich103

PS: Ich hänge noch 2 Screenshots von den Fenstern an, eines vor der Meldung und eins mit.
Miniaturansicht angehängter Grafiken
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe-scan1.jpg   FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe-scan2.jpg  

Alt 17.08.2011, 14:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Prüfen => http://www.trojaner-board.de/94344-p...n-pruefen.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.08.2011, 15:31   #9
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Hab ich, aber bei den Proxy Einstellungen Stimmt alles. Und das Internet funktioniert ja überall anders auch.
Miniaturansicht angehängter Grafiken
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe-proxy1.jpg   FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe-proxy2.jpg  

Alt 17.08.2011, 16:04   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Du hast den Browser für ESET per Rechtsklick als Admin ausgeführt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.08.2011, 17:05   #11
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Ja hab ich auch gemacht. Keine Ahnung warum es nicht Funktioniert...
Und auf meinem Laptop mit Win7 64Bit Funktioniert's auch.... (hab auf dem Stand PC Win7 32 Bit)

Alt 17.08.2011, 22:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Hast du beide Browser probiert oder nur einen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2011, 09:23   #13
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Habe es jetzt nochmal probiert mit IE und siehe da... es FUNKTIONIERT!
Werde nachher das Ergebnis posten.

Geändert von Pich103 (18.08.2011 um 09:46 Uhr)

Alt 18.08.2011, 12:36   #14
Pich103
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Oh... 7 Funde!

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=acb141828105b54f92a5e878477b0864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-18 10:17:26
# local_time=2011-08-18 12:17:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 7826633 7826633 0 0
# compatibility_mode=768 16777215 100 0 35061278 35061278 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 68583 66092745 0 0
# compatibility_mode=8192 67108863 100 0 72186 72186 0 0
# scanned=144272
# found=7
# cleaned=0
# scan_time=8644
C:\Users\Familie Pichler\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe	Win32/SpeedUpMyPC application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Familie Pichler\Downloads\cdbxp_setup_4.3.8.2568.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
F:\PICHLER\Backup Set 2011-02-03 181353\Backup Files 2011-02-03 181353\Backup files 2.zip	Win32/SpeedUpMyPC application (unable to clean)	00000000000000000000000000000000	I
F:\PICHLER\Backup Set 2011-02-03 181353\Backup Files 2011-02-03 181353\Backup files 4.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 6.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 7.zip	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 8.zip	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
         
Die Infektionen sehen meiner Meinung nach aber sehr verdächtig im Bezug auf Fehlalarm aus...

Hatte mal SpeedUpMyPC installiert, und da könnten noch Reste vorhanden sein.
Und einen Virus im CD Burner XP Setup kann ich mir auch nicht vorstellen, der ist von Chip.de

Es sind nur eigentlich 2 Viren: Win32/SpeedUpMyPC und Win32/OpenCandy.

Warum in meinen Backupfiles auf der externen Platte auch welche angezeigt werden ist mir unklar.

Alt 18.08.2011, 13:01   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe



Das sind "halbe" Fehlalarme, die Setups und Backupsets sind eigentlich sauber, aber können Adware-Bestandteile enthalten. Lass von Uniblue die Finger, das ist allerfeinstes Schlangenöl!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.08.12 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Familie Pichler\AppData\Local\SKIDROW
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
boot, c:\windows, clean, code, data, defender, edition, ergebnis, fakealert, file, files, free, g-data, hochfahren, infected, mcafee, nicht mehr, nichts, rootkit, scan, starten, stinger, test, trojaner-board, version, windows



Ähnliche Themen: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe


  1. Trojan.FakeAlert in C:\Program Files (x86)\OpenOffice 4 \program\calc.dll
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  2. Windows 8: RunDLL - Problem beim Starten von C:\Program Files (86x)\Home Tab\TBUpdater.dll
    Log-Analyse und Auswertung - 27.10.2013 (5)
  3. Windows 7 C:\Program Files(x86)\HomeTab\TBUpdater.dll bekomme ständig diese meldung.
    Log-Analyse und Auswertung - 20.09.2013 (20)
  4. Problem beim Windows 7 Start program files\hometab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (13)
  5. O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSetting
    Mülltonne - 02.07.2012 (0)
  6. tr/fakealert.grb.440
    Log-Analyse und Auswertung - 19.02.2012 (2)
  7. FakeAlert gbR und SystemCheck auf Windows Vista
    Log-Analyse und Auswertung - 16.02.2012 (40)
  8. FakeAlert!grb
    Log-Analyse und Auswertung - 29.10.2011 (8)
  9. rootkit Trojaner FakeAlert!grb auf Windows XP Notebook
    Log-Analyse und Auswertung - 18.07.2011 (24)
  10. FakeAlert!fakealert-REP virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (22)
  11. Windows recovery, FakeALert!gbr- kein Zugriff mehr auf Dateien, teilweise Desktop verschwunden
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (31)
  12. Festplatte Cluster beschädigt/Windows Xp Recovery/FakeAlert vermutlich TR/Kazy.mekml1
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  13. Windows Sicherheitscenter und Defender nicht mehr aktivierbar. FakeAlert?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2011 (22)
  14. C:\Program Files\Windows Install\csrss.exe
    Log-Analyse und Auswertung - 17.03.2010 (4)
  15. TR/Fakealert.QF, TR/FakeAV.bak.2
    Log-Analyse und Auswertung - 28.10.2008 (5)
  16. TR/Fakealert.QE und XP Antispy
    Plagegeister aller Art und deren Bekämpfung - 20.10.2008 (4)
  17. TR/Fakealert.AAF
    Mülltonne - 23.09.2008 (0)

Zum Thema FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Hallo liebes Trojaner-Board Team! Ich habe heute einen Scan Mit McAfee Stinger gemacht mit fogendem Ergebnis: Code: Alles auswählen Aufklappen ATTFilter McAfee(r) Labs Stinger(tm) Version 10.2.0.115 built on Jun 16 - FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe...
Archiv
Du betrachtest: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.