Trojaner-Board - FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB

OSAM Log:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 10:46:05 on 28.08.2011
 

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit

Default Browser: Google Inc. Google Chrome 0.0.0.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000Core.job" - "Google Inc." - C:\Users\Familie Pichler\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-3068468112-1341261719-3374128048-1000UA.job" - "Google Inc." - C:\Users\Familie Pichler\AppData\Local\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"bdfdll" (bdfdll) - ? - C:\Program Files\Softwin\BitDefender10\bdfdll.sys  (File found, but it contains no detailed information)

"BDFsDrv" (BDFsDrv) - ? - C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys  (File not found)

"BDRsDrv" (BDRsDrv) - ? - C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys  (File not found)

"catchme" (catchme) - ? - C:\Users\FAMILI~1\AppData\Local\Temp\catchme.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys

"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys

"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys

"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys

"McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys

"McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys

"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\6DA2.tmp  (File not found)

"pavboot" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\drivers\pavboot.sys

"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys

"SmartDefragDriver" (SmartDefragDriver) - ? - C:\Windows\System32\Drivers\SmartDefragDriver.sys  (File found, but it contains no detailed information)

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys

"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"TfFsMon" (TfFsMon) - "PC Tools" - C:\Windows\System32\drivers\TfFsMon.sys

"TfNetMon" (TfNetMon) - "PC Tools" - C:\Windows\system32\drivers\TfNetMon.sys

"TfSysMon" (TfSysMon) - "PC Tools" - C:\Windows\System32\drivers\TfSysMon.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{34F4B935-17DC-4885-8BC9-CCD1ADF42F93} "CISORecorderContextMenu Object" - "Alex Feinman" - C:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll

{4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "ContextMenuHandler Class" - "Brice Lambson" - C:\Program Files\Image Resizer\ImageResizer.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "Microsoft Image Composite Editor" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class" - "Panda Security" - C:\Windows\Downloaded Program Files\as2stubie.dll / hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{265EEE8E-3228-44D3-AEA5-F7FDF5860049} "Browsing Protection Toolbar" - "F-Secure Corporation" - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll

{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{C6867EB7-8350-4856-877F-93CF8AE3DC9C} "Browsing Protection Class" - "F-Secure Corporation" - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Familie Pichler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"NokiaOviSuite2" - "Nokia" - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"ShStatEXE" - "McAfee, Inc." - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

"ThreatFire" - "PC Tools" - C:\Program Files\ThreatFire\TFTray.exe
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"BitDefender Communicator" (XCOMM) - "SOFTWIN S.R.L" - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

"BitDefender Desktop Update Service" (LIVESRV) - "SOFTWIN S.R.L." - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

"BitDefender Scan Server" (bdss) - ? - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe  (File found, but it contains no detailed information)

"BitDefender Virus Shield" (VSSERV) - "SOFTWIN S.R.L." - C:\Program Files\Softwin\BitDefender10\vsserv.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"F-Secure ORSP Client" (FSORSPClient) - "F-Secure Corporation" - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

"McAfee Framework-Dienst" (McAfeeFramework) - "McAfee, Inc." - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

"McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe

"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

"ThreatFire" (ThreatFire) - "PC Tools" - C:\Program Files\ThreatFire\TFService.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Das ging ja schnell, hier der Log:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Home Premium Edition

Windows Information:                 (build 7600), 32-bit

Base Board Manufacturer:        MEDIONPC

BIOS Manufacturer:                American Megatrends Inc.

System Manufacturer:                MEDIONPC

System Product Name:                MS-7366

Logical Drives Mask:                0x000001fc
 

Kernel Drivers (total 196):

  0x82E15000 \SystemRoot\system32\ntkrnlpa.exe

  0x83225000 \SystemRoot\system32\halmacpi.dll

  0x80BA0000 \SystemRoot\system32\kdcom.dll

  0x8381A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x83892000 \SystemRoot\system32\PSHED.dll

  0x838A3000 \SystemRoot\system32\BOOTVID.dll

  0x838AB000 \SystemRoot\system32\CLFS.SYS

  0x838ED000 \SystemRoot\system32\CI.dll

  0x83A2C000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x83A9D000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x83AAB000 \SystemRoot\system32\DRIVERS\ACPI.sys

  0x83AF3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

  0x83AFC000 \SystemRoot\system32\DRIVERS\msisadrv.sys

  0x83B04000 \SystemRoot\system32\DRIVERS\pci.sys

  0x83B2E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

  0x83B39000 \SystemRoot\System32\drivers\partmgr.sys

  0x83B4A000 \SystemRoot\system32\DRIVERS\volmgr.sys

  0x83B5A000 \SystemRoot\System32\drivers\volmgrx.sys

  0x83BA5000 \SystemRoot\System32\drivers\mountmgr.sys

  0x83BBB000 \SystemRoot\system32\drivers\pavboot.sys

  0x83BC1000 \SystemRoot\system32\DRIVERS\atapi.sys

  0x83BCA000 \SystemRoot\system32\DRIVERS\ataport.SYS

  0x83BED000 \SystemRoot\system32\DRIVERS\msahci.sys

  0x83A00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

  0x83A0E000 \SystemRoot\system32\drivers\amdxata.sys

  0x83998000 \SystemRoot\system32\drivers\fltmgr.sys

  0x83A17000 \SystemRoot\system32\drivers\fileinfo.sys

  0x839CC000 \SystemRoot\system32\drivers\TfFsMon.sys

  0x839DD000 \SystemRoot\system32\drivers\TfSysMon.sys

  0x8B220000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x8B34F000 \SystemRoot\System32\Drivers\msrpc.sys

  0x8B37A000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x8B38D000 \SystemRoot\System32\Drivers\cng.sys

  0x8B3EA000 \SystemRoot\System32\drivers\pcw.sys

  0x8B200000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x8B404000 \SystemRoot\system32\drivers\ndis.sys

  0x8B4BB000 \SystemRoot\system32\drivers\NETIO.SYS

  0x8B4F9000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x8B625000 \SystemRoot\System32\drivers\tcpip.sys

  0x8B76E000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x8B79F000 \SystemRoot\system32\DRIVERS\volsnap.sys

  0x8B7DE000 \SystemRoot\System32\Drivers\spldr.sys

  0x8B7E6000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys

  0x8B7ED000 \SystemRoot\System32\drivers\sfhlp02.sys

  0x8B51E000 \SystemRoot\System32\drivers\rdyboost.sys

  0x8B611000 \SystemRoot\System32\Drivers\mup.sys

  0x8B54B000 \SystemRoot\system32\drivers\mfehidk.sys

  0x8B7F5000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x8B59D000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x8B5CF000 \SystemRoot\system32\DRIVERS\disk.sys

  0x8B829000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x8B881000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8B8A0000 \SystemRoot\System32\Drivers\Null.SYS

  0x8B8A7000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8B8AE000 \SystemRoot\System32\drivers\vga.sys

  0x8B8BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8B8DB000 \SystemRoot\System32\drivers\watchdog.sys

  0x8B8E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8B8F0000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8B8F8000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x8B900000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8B90B000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8B919000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8B930000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8B93B000 \SystemRoot\system32\drivers\mfetdik.sys

  0x8B949000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8B97B000 \SystemRoot\system32\drivers\afd.sys

  0x8B9D5000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x8B9DC000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8B800000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x8B811000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8B5E0000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8B600000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x90C04000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x90C45000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x90C4F000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x90C59000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

  0x90C63000 \SystemRoot\System32\drivers\discache.sys

  0x90C6F000 \SystemRoot\System32\Drivers\dfsc.sys

  0x90C87000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x90C95000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x90CB6000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x90CC8000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x90CE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x90CED000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x90CF7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x90D42000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x90D51000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x9262A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x93132000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

  0x93134000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x90D70000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x90DA9000 \SystemRoot\system32\DRIVERS\1394ohci.sys

  0x931EB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x9843C000 \SystemRoot\system32\DRIVERS\nvm62x32.sys

  0x98491000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x9849A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

  0x984B7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x984C9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x984E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x984EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x9850E000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x98526000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x9853D000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x98554000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x98561000 \SystemRoot\system32\DRIVERS\VClone.sys

  0x9856D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

  0x98593000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x98595000 \SystemRoot\system32\DRIVERS\ks.sys

  0x985C9000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x99621000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x99665000 \SystemRoot\system32\drivers\HdAudio.sys

  0x996B5000 \SystemRoot\system32\drivers\portcls.sys

  0x996E4000 \SystemRoot\system32\drivers\drmk.sys

  0x996FD000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x82950000 \SystemRoot\System32\win32k.sys

  0x9970E000 \SystemRoot\System32\drivers\Dxapi.sys

  0x99718000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x99725000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x99730000 \SystemRoot\System32\Drivers\dump_msahci.sys

  0x9973A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x9974B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x99762000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x99764000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x82BB0000 \SystemRoot\System32\TSDDD.dll

  0x9976F000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x9977A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x9978D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x82BE0000 \SystemRoot\System32\cdd.dll

  0x99794000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x9979F000 \SystemRoot\system32\drivers\luafv.sys

  0x997BA000 \SystemRoot\system32\drivers\WudfPf.sys

  0x997D4000 \??\C:\Program Files\Sandboxie\SbieDrv.sys

  0x9C02F000 \SystemRoot\system32\DRIVERS\netr28u.sys

  0x9C0D8000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0x9C0E2000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x9C0F2000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x9C138000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x9C148000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x9C15B000 \SystemRoot\system32\drivers\HTTP.sys

  0x9C1E0000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x9C000000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x985D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x98400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x9C012000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0xA1635000 \SystemRoot\system32\drivers\peauth.sys

  0xA16CC000 \SystemRoot\System32\Drivers\secdrv.SYS

  0xA16D6000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0xA16F7000 \SystemRoot\System32\drivers\tcpipreg.sys

  0xA1704000 \SystemRoot\System32\DRIVERS\srv2.sys

  0xA1753000 \SystemRoot\System32\DRIVERS\srv.sys

  0xA17A5000 \SystemRoot\System32\drivers\ipnat.sys

  0xA17CB000 \SystemRoot\system32\drivers\mfebopk.sys

  0xA17D4000 \SystemRoot\system32\drivers\mfeapfk.sys

  0xA17E5000 \SystemRoot\system32\drivers\mfeavfk.sys

  0xA1607000 \??\C:\Windows\system32\drivers\TfNetMon.sys

  0xA1621000 \??\C:\Windows\system32\drivers\mbam.sys

  0x76F80000 \Windows\System32\ntdll.dll

  0x476C0000 \Windows\System32\smss.exe

  0x771C0000 \Windows\System32\apisetschema.dll

  0x00020000 \Windows\System32\autochk.exe

  0x76DE0000 \Windows\System32\setupapi.dll

  0x77150000 \Windows\System32\difxapi.dll

  0x76D30000 \Windows\System32\rpcrt4.dll

  0x77110000 \Windows\System32\ws2_32.dll

  0x76C60000 \Windows\System32\msctf.dll

  0x770F0000 \Windows\System32\sechost.dll

  0x76BD0000 \Windows\System32\clbcatq.dll

  0x770E0000 \Windows\System32\normaliz.dll

  0x76B80000 \Windows\System32\Wldap32.dll

  0x76A20000 \Windows\System32\ole32.dll

  0x769A0000 \Windows\System32\comdlg32.dll

  0x76950000 \Windows\System32\gdi32.dll

  0x76870000 \Windows\System32\kernel32.dll

  0x76760000 \Windows\System32\urlmon.dll

  0x766B0000 \Windows\System32\msvcrt.dll

  0x76620000 \Windows\System32\oleaut32.dll

  0x765F0000 \Windows\System32\imagehlp.dll

  0x770D0000 \Windows\System32\lpk.dll

  0x76550000 \Windows\System32\advapi32.dll

  0x76390000 \Windows\System32\iertutil.dll

  0x762C0000 \Windows\System32\user32.dll

  0x76220000 \Windows\System32\usp10.dll

  0x76100000 \Windows\System32\wininet.dll

  0x760E0000 \Windows\System32\imm32.dll

  0x76080000 \Windows\System32\shlwapi.dll

  0x770C0000 \Windows\System32\nsi.dll

  0x76070000 \Windows\System32\psapi.dll

  0x75420000 \Windows\System32\shell32.dll

  0x75390000 \Windows\System32\comctl32.dll

  0x75360000 \Windows\System32\cfgmgr32.dll

  0x75330000 \Windows\System32\wintrust.dll

  0x75310000 \Windows\System32\devobj.dll

  0x751F0000 \Windows\System32\crypt32.dll

  0x751A0000 \Windows\System32\KernelBase.dll

  0x75190000 \Windows\System32\msasn1.dll
 

Processes (total 72):

       0 System Idle Process

       4 System

     292 C:\Windows\System32\smss.exe

     444 C:\Windows\System32\csrss.exe

     500 C:\Windows\System32\wininit.exe

     508 C:\Windows\System32\csrss.exe

     556 C:\Windows\System32\services.exe

     568 C:\Windows\System32\lsass.exe

     580 C:\Windows\System32\lsm.exe

     684 C:\Windows\System32\winlogon.exe

     716 C:\Windows\System32\svchost.exe

     788 C:\Windows\System32\svchost.exe

     888 C:\Windows\System32\svchost.exe

     924 C:\Windows\System32\svchost.exe

     968 C:\Windows\System32\svchost.exe

    1040 C:\Windows\System32\audiodg.exe

    1104 C:\Windows\System32\svchost.exe

    1152 C:\Program Files\Sandboxie\SbieSvc.exe

    1280 C:\Windows\System32\svchost.exe

    1472 C:\Windows\System32\spoolsv.exe

    1500 C:\Windows\System32\svchost.exe

    1588 C:\Windows\System32\svchost.exe

    1628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1732 C:\Program Files\Bonjour\mDNSResponder.exe

    1780 C:\Windows\System32\svchost.exe

    1804 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

    1824 C:\Program Files\McAfee\Common Framework\FrameworkService.exe

    1936 C:\Windows\System32\dwm.exe

    1964 C:\Windows\explorer.exe

    2040 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

     332 C:\Windows\System32\mfevtps.exe

     624 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

     440 C:\Windows\System32\svchost.exe

    1524 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

    2068 C:\Windows\System32\svchost.exe

    2104 C:\Windows\System32\svchost.exe

    2200 C:\Program Files\ThreatFire\TFService.exe

    2248 C:\Windows\System32\svchost.exe

    2304 C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    2348 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

    2464 C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    2476 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

    2488 C:\Windows\System32\conhost.exe

    2600 C:\Program Files\ThreatFire\TFTray.exe

    2620 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

    2668 C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

    3004 C:\Program Files\Sandboxie\SbieCtrl.exe

    3088 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe

    3520 C:\Program Files\Softwin\BitDefender10\vsserv.exe

    3572 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    3624 C:\Windows\System32\alg.exe

    3652 C:\Windows\System32\svchost.exe

    3748 C:\Windows\System32\SearchIndexer.exe

    3864 C:\Windows\System32\svchost.exe

    3872 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

    3960 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

    4072 C:\Program Files\Windows Media Player\wmpnetwk.exe

    2336 C:\Program Files\Windows Media Player\wmpnscfg.exe

    4680 C:\Windows\System32\svchost.exe

    4952 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

    5352 C:\Windows\System32\SearchProtocolHost.exe

    4360 C:\Program Files\iPod\bin\iPodService.exe

    5100 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    3156 C:\Windows\System32\svchost.exe

    3112 C:\Windows\servicing\TrustedInstaller.exe

    4004 C:\Windows\System32\SearchProtocolHost.exe

    1872 C:\Windows\System32\VSSVC.exe

    3020 C:\Windows\System32\svchost.exe

     912 C:\Windows\System32\SearchFilterHost.exe

    4100 C:\Users\Familie Pichler\Desktop\MBRCheck.exe

    5800 C:\Windows\System32\conhost.exe

    3500 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD6400AACS-00G8B1, Rev: 05.04C05

PhysicalDrive1 Model Number: WDC WD15EARS-00MVWB0, Rev: 51.0
 

      Size  Device Name          MBR Status

  --------------------------------------------

    596 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

   1397 GB  \\.\PhysicalDrive1   RE: Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
 
 

Done!