FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Pich103 · 27.08.2011, 14:13

GMER ist während des Scans abgestürzt, werde jetzt noch OSAM probieren.

Pich103 · 28.08.2011, 09:46

OSAM Log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:46:05 on 28.08.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000Core.job" - "Google Inc." - C:\Users\Familie Pichler\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000UA.job" - "Google Inc." - C:\Users\Familie Pichler\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"bdfdll" (bdfdll) - ? - C:\Program Files\Softwin\BitDefender10\bdfdll.sys  (File found, but it contains no detailed information)
"BDFsDrv" (BDFsDrv) - ? - C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys  (File not found)
"BDRsDrv" (BDRsDrv) - ? - C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\FAMILI~1\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys
"McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\6DA2.tmp  (File not found)
"pavboot" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\drivers\pavboot.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"SmartDefragDriver" (SmartDefragDriver) - ? - C:\Windows\System32\Drivers\SmartDefragDriver.sys  (File found, but it contains no detailed information)
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"TfFsMon" (TfFsMon) - "PC Tools" - C:\Windows\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\Windows\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\Windows\System32\drivers\TfSysMon.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{34F4B935-17DC-4885-8BC9-CCD1ADF42F93} "CISORecorderContextMenu Object" - "Alex Feinman" - C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll
{4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "ContextMenuHandler Class" - "Brice Lambson" - C:\Program Files\Image Resizer\ImageResizer.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "Microsoft Image Composite Editor" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class" - "Panda Security" - C:\Windows\Downloaded Program Files\as2stubie.dll / hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} "Browsing Protection Toolbar" - "F-Secure Corporation" - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C6867EB7-8350-4856-877F-93CF8AE3DC9C} "Browsing Protection Class" - "F-Secure Corporation" - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NokiaOviSuite2" - "Nokia" - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"ShStatEXE" - "McAfee, Inc." - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
"ThreatFire" - "PC Tools" - C:\Program Files\ThreatFire\TFTray.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"BitDefender Communicator" (XCOMM) - "SOFTWIN S.R.L" - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
"BitDefender Desktop Update Service" (LIVESRV) - "SOFTWIN S.R.L." - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
"BitDefender Scan Server" (bdss) - ? - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe  (File found, but it contains no detailed information)
"BitDefender Virus Shield" (VSSERV) - "SOFTWIN S.R.L." - C:\Program Files\Softwin\BitDefender10\vsserv.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"F-Secure ORSP Client" (FSORSPClient) - "F-Secure Corporation" - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
"McAfee Framework-Dienst" (McAfeeFramework) - "McAfee, Inc." - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
"McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Program Files\ThreatFire\TFService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 28.08.2011, 14:25

Ok, und was ist mit aswMBR?

Pich103 · 28.08.2011, 16:18

Ist abgestürzt, danach für ca. 2 sec Bluescreen und reboot.

cosinus · 28.08.2011, 16:21

Hm, das ist selten bei aswMBR

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Pich103 · 30.08.2011, 10:41

Habe heute den ganzen Tag frei, und ich werd mich mehr dem Forum widmen.
Sorry dass ich in den letzten Tagen so nachlässig war.

Ich werde gleich mal MBRCheck durchlaufen lassen und dann nochmal das mit Avast!.

Pich103 · 30.08.2011, 10:44

Das ging ja schnell, hier der Log:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	MEDIONPC
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		MEDIONPC
System Product Name:		MS-7366
Logical Drives Mask:		0x000001fc

Kernel Drivers (total 196):
  0x82E15000 \SystemRoot\system32\ntkrnlpa.exe
  0x83225000 \SystemRoot\system32\halmacpi.dll
  0x80BA0000 \SystemRoot\system32\kdcom.dll
  0x8381A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x83892000 \SystemRoot\system32\PSHED.dll
  0x838A3000 \SystemRoot\system32\BOOTVID.dll
  0x838AB000 \SystemRoot\system32\CLFS.SYS
  0x838ED000 \SystemRoot\system32\CI.dll
  0x83A2C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x83A9D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83AAB000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x83AF3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x83AFC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x83B04000 \SystemRoot\system32\DRIVERS\pci.sys
  0x83B2E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83B39000 \SystemRoot\System32\drivers\partmgr.sys
  0x83B4A000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83B5A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83BA5000 \SystemRoot\System32\drivers\mountmgr.sys
  0x83BBB000 \SystemRoot\system32\drivers\pavboot.sys
  0x83BC1000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x83BCA000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x83BED000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x83A00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x83A0E000 \SystemRoot\system32\drivers\amdxata.sys
  0x83998000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83A17000 \SystemRoot\system32\drivers\fileinfo.sys
  0x839CC000 \SystemRoot\system32\drivers\TfFsMon.sys
  0x839DD000 \SystemRoot\system32\drivers\TfSysMon.sys
  0x8B220000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B34F000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B37A000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B38D000 \SystemRoot\System32\Drivers\cng.sys
  0x8B3EA000 \SystemRoot\System32\drivers\pcw.sys
  0x8B200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B404000 \SystemRoot\system32\drivers\ndis.sys
  0x8B4BB000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B4F9000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B625000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B76E000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B79F000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B7DE000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B7E6000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
  0x8B7ED000 \SystemRoot\System32\drivers\sfhlp02.sys
  0x8B51E000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B611000 \SystemRoot\System32\Drivers\mup.sys
  0x8B54B000 \SystemRoot\system32\drivers\mfehidk.sys
  0x8B7F5000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8B59D000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B5CF000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8B829000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8B881000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8B8A0000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B8A7000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B8AE000 \SystemRoot\System32\drivers\vga.sys
  0x8B8BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8B8DB000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B8E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8B8F0000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B8F8000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8B900000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8B90B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B919000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8B930000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B93B000 \SystemRoot\system32\drivers\mfetdik.sys
  0x8B949000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8B97B000 \SystemRoot\system32\drivers\afd.sys
  0x8B9D5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8B9DC000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8B800000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8B811000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8B5E0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8B600000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90C04000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90C45000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90C4F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90C59000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x90C63000 \SystemRoot\System32\drivers\discache.sys
  0x90C6F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x90C87000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x90C95000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x90CB6000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x90CC8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x90CE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x90CED000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x90CF7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x90D42000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x90D51000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9262A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x93132000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x93134000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x90D70000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x90DA9000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x931EB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x9843C000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
  0x98491000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x9849A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x984B7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x984C9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x984E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x984EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x9850E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x98526000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x9853D000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x98554000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x98561000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x9856D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x98593000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x98595000 \SystemRoot\system32\DRIVERS\ks.sys
  0x985C9000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x99621000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x99665000 \SystemRoot\system32\drivers\HdAudio.sys
  0x996B5000 \SystemRoot\system32\drivers\portcls.sys
  0x996E4000 \SystemRoot\system32\drivers\drmk.sys
  0x996FD000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x82950000 \SystemRoot\System32\win32k.sys
  0x9970E000 \SystemRoot\System32\drivers\Dxapi.sys
  0x99718000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x99725000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x99730000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x9973A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x9974B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x99762000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x99764000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x82BB0000 \SystemRoot\System32\TSDDD.dll
  0x9976F000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9977A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9978D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x82BE0000 \SystemRoot\System32\cdd.dll
  0x99794000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9979F000 \SystemRoot\system32\drivers\luafv.sys
  0x997BA000 \SystemRoot\system32\drivers\WudfPf.sys
  0x997D4000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
  0x9C02F000 \SystemRoot\system32\DRIVERS\netr28u.sys
  0x9C0D8000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9C0E2000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9C0F2000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9C138000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9C148000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9C15B000 \SystemRoot\system32\drivers\HTTP.sys
  0x9C1E0000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9C000000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x985D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x98400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9C012000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA1635000 \SystemRoot\system32\drivers\peauth.sys
  0xA16CC000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA16D6000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA16F7000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA1704000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1753000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA17A5000 \SystemRoot\System32\drivers\ipnat.sys
  0xA17CB000 \SystemRoot\system32\drivers\mfebopk.sys
  0xA17D4000 \SystemRoot\system32\drivers\mfeapfk.sys
  0xA17E5000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xA1607000 \??\C:\Windows\system32\drivers\TfNetMon.sys
  0xA1621000 \??\C:\Windows\system32\drivers\mbam.sys
  0x76F80000 \Windows\System32\ntdll.dll
  0x476C0000 \Windows\System32\smss.exe
  0x771C0000 \Windows\System32\apisetschema.dll
  0x00020000 \Windows\System32\autochk.exe
  0x76DE0000 \Windows\System32\setupapi.dll
  0x77150000 \Windows\System32\difxapi.dll
  0x76D30000 \Windows\System32\rpcrt4.dll
  0x77110000 \Windows\System32\ws2_32.dll
  0x76C60000 \Windows\System32\msctf.dll
  0x770F0000 \Windows\System32\sechost.dll
  0x76BD0000 \Windows\System32\clbcatq.dll
  0x770E0000 \Windows\System32\normaliz.dll
  0x76B80000 \Windows\System32\Wldap32.dll
  0x76A20000 \Windows\System32\ole32.dll
  0x769A0000 \Windows\System32\comdlg32.dll
  0x76950000 \Windows\System32\gdi32.dll
  0x76870000 \Windows\System32\kernel32.dll
  0x76760000 \Windows\System32\urlmon.dll
  0x766B0000 \Windows\System32\msvcrt.dll
  0x76620000 \Windows\System32\oleaut32.dll
  0x765F0000 \Windows\System32\imagehlp.dll
  0x770D0000 \Windows\System32\lpk.dll
  0x76550000 \Windows\System32\advapi32.dll
  0x76390000 \Windows\System32\iertutil.dll
  0x762C0000 \Windows\System32\user32.dll
  0x76220000 \Windows\System32\usp10.dll
  0x76100000 \Windows\System32\wininet.dll
  0x760E0000 \Windows\System32\imm32.dll
  0x76080000 \Windows\System32\shlwapi.dll
  0x770C0000 \Windows\System32\nsi.dll
  0x76070000 \Windows\System32\psapi.dll
  0x75420000 \Windows\System32\shell32.dll
  0x75390000 \Windows\System32\comctl32.dll
  0x75360000 \Windows\System32\cfgmgr32.dll
  0x75330000 \Windows\System32\wintrust.dll
  0x75310000 \Windows\System32\devobj.dll
  0x751F0000 \Windows\System32\crypt32.dll
  0x751A0000 \Windows\System32\KernelBase.dll
  0x75190000 \Windows\System32\msasn1.dll

Processes (total 72):
       0 System Idle Process
       4 System
     292 C:\Windows\System32\smss.exe
     444 C:\Windows\System32\csrss.exe
     500 C:\Windows\System32\wininit.exe
     508 C:\Windows\System32\csrss.exe
     556 C:\Windows\System32\services.exe
     568 C:\Windows\System32\lsass.exe
     580 C:\Windows\System32\lsm.exe
     684 C:\Windows\System32\winlogon.exe
     716 C:\Windows\System32\svchost.exe
     788 C:\Windows\System32\svchost.exe
     888 C:\Windows\System32\svchost.exe
     924 C:\Windows\System32\svchost.exe
     968 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\audiodg.exe
    1104 C:\Windows\System32\svchost.exe
    1152 C:\Program Files\Sandboxie\SbieSvc.exe
    1280 C:\Windows\System32\svchost.exe
    1472 C:\Windows\System32\spoolsv.exe
    1500 C:\Windows\System32\svchost.exe
    1588 C:\Windows\System32\svchost.exe
    1628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1732 C:\Program Files\Bonjour\mDNSResponder.exe
    1780 C:\Windows\System32\svchost.exe
    1804 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    1824 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    1936 C:\Windows\System32\dwm.exe
    1964 C:\Windows\explorer.exe
    2040 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
     332 C:\Windows\System32\mfevtps.exe
     624 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
     440 C:\Windows\System32\svchost.exe
    1524 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    2068 C:\Windows\System32\svchost.exe
    2104 C:\Windows\System32\svchost.exe
    2200 C:\Program Files\ThreatFire\TFService.exe
    2248 C:\Windows\System32\svchost.exe
    2304 C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    2348 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    2464 C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    2476 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    2488 C:\Windows\System32\conhost.exe
    2600 C:\Program Files\ThreatFire\TFTray.exe
    2620 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    2668 C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    3004 C:\Program Files\Sandboxie\SbieCtrl.exe
    3088 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
    3520 C:\Program Files\Softwin\BitDefender10\vsserv.exe
    3572 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    3624 C:\Windows\System32\alg.exe
    3652 C:\Windows\System32\svchost.exe
    3748 C:\Windows\System32\SearchIndexer.exe
    3864 C:\Windows\System32\svchost.exe
    3872 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    3960 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    4072 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2336 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4680 C:\Windows\System32\svchost.exe
    4952 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    5352 C:\Windows\System32\SearchProtocolHost.exe
    4360 C:\Program Files\iPod\bin\iPodService.exe
    5100 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    3156 C:\Windows\System32\svchost.exe
    3112 C:\Windows\servicing\TrustedInstaller.exe
    4004 C:\Windows\System32\SearchProtocolHost.exe
    1872 C:\Windows\System32\VSSVC.exe
    3020 C:\Windows\System32\svchost.exe
     912 C:\Windows\System32\SearchFilterHost.exe
    4100 C:\Users\Familie Pichler\Desktop\MBRCheck.exe
    5800 C:\Windows\System32\conhost.exe
    3500 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AACS-00G8B1, Rev: 05.04C05
PhysicalDrive1 Model Number: WDC WD15EARS-00MVWB0, Rev: 51.0

      Size  Device Name          MBR Status
  --------------------------------------------
    596 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
   1397 GB  \\.\PhysicalDrive1   RE: Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus · 30.08.2011, 10:54

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Pich103 · 30.08.2011, 11:13

Ok, werd' ich auch noch machen!

Übrigens: der Quich Scan mit aswMBR hat Funktioniert!

Der Log:

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-30 11:51:11
-----------------------------
11:51:11.164    OS Version: Windows 6.1.7600 
11:51:11.164    Number of processors: 4 586 0x170A
11:51:11.164    ComputerName: PICHLER  UserName: 
11:51:12.583    Initialize success
11:58:22.473    AVAST engine defs: 11083000
11:58:28.057    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:58:28.057    Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 11
11:58:30.085    Disk 0 MBR read successfully
11:58:30.085    Disk 0 MBR scan
11:58:30.085    Disk 0 Windows 7 default MBR code
11:58:30.085    Disk 0 scanning sectors +1250260992
11:58:30.163    Disk 0 scanning C:\Windows\system32\drivers
11:58:36.559    Service scanning
11:58:37.870    Modules scanning
11:58:42.893    Disk 0 trace - called modules:
11:58:42.924    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
11:58:42.924    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86631ac8]
11:58:42.924    3 CLASSPNP.SYS[8b82d59e] -> nt!IofCallDriver -> [0x864c7c10]
11:58:42.940    5 ACPI.sys[83ab43b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860fb030]
11:58:44.703    AVAST engine scan C:\Windows
11:58:47.448    AVAST engine scan C:\Windows\system32
12:00:11.376    AVAST engine scan C:\Windows\system32\drivers
12:00:19.067    AVAST engine scan C:\Users\Familie Pichler
12:06:18.694    AVAST engine scan C:\ProgramData
12:07:14.979    Scan finished successfully
12:09:20.574    Disk 0 MBR has been saved successfully to "C:\Users\Familie Pichler\Desktop\MBR.dat"
12:09:20.574    The log file has been saved successfully to "C:\Users\Familie Pichler\Desktop\aswMBR.txt"

Pich103 · 30.08.2011, 11:48

Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7609

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

30.08.2011 12:47:15
mbam-log-2011-08-30 (12-47-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 299058
Laufzeit: 30 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Pich103 · 31.08.2011, 14:45

Na toll, gestern Internertausfall, heute so viel zu tun...

Kann die Scans erst morgen machen, Sorry.

Pich103 · 01.09.2011, 14:09

Endlich der SUPERAntiSpyware Log:

Code:

ATTFilter

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 09/01/2011 bei 02:27 PM

Version der Applikation : 5.0.1118

Version der Kern-Datenbank : 7630
Version der Spur-Datenbank : 5442

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:10:00

Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Administrator

Gescannte Speicherelemente  : 746
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 38608
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 125676
Erfasste Datei-Elemente   : 0

Werde jetzt noch den ESET online Scan Machen und den Log posten wenn er fertig ist.

Pich103 · 01.09.2011, 16:02

ESET Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=acb141828105b54f92a5e878477b0864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-18 10:17:26
# local_time=2011-08-18 12:17:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 7826633 7826633 0 0
# compatibility_mode=768 16777215 100 0 35061278 35061278 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 68583 66092745 0 0
# compatibility_mode=8192 67108863 100 0 72186 72186 0 0
# scanned=144272
# found=7
# cleaned=0
# scan_time=8644
C:\Users\Familie Pichler\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe	Win32/SpeedUpMyPC application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Familie Pichler\Downloads\cdbxp_setup_4.3.8.2568.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
F:\PICHLER\Backup Set 2011-02-03 181353\Backup Files 2011-02-03 181353\Backup files 2.zip	Win32/SpeedUpMyPC application (unable to clean)	00000000000000000000000000000000	I
F:\PICHLER\Backup Set 2011-02-03 181353\Backup Files 2011-02-03 181353\Backup files 4.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 6.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 7.zip	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
F:\SEBASTIAN\Backup Set 2011-02-06 174809\Backup Files 2011-02-06 174809\Backup files 8.zip	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=acb141828105b54f92a5e878477b0864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-01 02:54:47
# local_time=2011-09-01 04:54:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 9056142 9056142 0 0
# compatibility_mode=768 16777215 100 0 36290787 36290787 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 186285 67322254 0 0
# compatibility_mode=8192 67108863 100 0 1301695 1301695 0 0
# scanned=134801
# found=2
# cleaned=0
# scan_time=5377
C:\Users\Familie Pichler\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\ub.exe	Win32/SpeedUpMyPC application (unable to clean)	00000000000000000000000000000000	I
F:\PICHLER\Backup Set 2011-08-29 093749\Backup Files 2011-08-29 093749\Backup files 2.zip	Win32/SpeedUpMyPC application (unable to clean)	00000000000000000000000000000000	I

cosinus · 01.09.2011, 16:08

Uniblue ist unnützes Schöangenöl, aber kein wirklicher Schädling, daher kann man das vernachlässigen.
Rechner soweit wieder im Lot?

Pich103 · 02.09.2011, 08:56

Ja, hab ihn gestern noch Defragmentiert und jetzt lauft er wieder wie ne 1.

28.08.2011, 14:25	#33
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard$ FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Ok, und was ist mit aswMBR? __________________ __________________

01.09.2011, 16:08	#44
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Standard$ FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Uniblue ist unnützes Schöangenöl, aber kein wirklicher Schädling, daher kann man das vernachlässigen. Rechner soweit wieder im Lot? __________________ Logfiles bitte immer in CODE-Tags posten

FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Plagegeister aller Art und deren Bekämpfung: FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe