| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HDD Fehler, Desktop leer, Windows Rescue...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
09.06.2011, 19:17
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  HDD Fehler, Desktop leer, Windows Rescue... Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.06.2011, 22:26
| #2 |
 | HDD Fehler, Desktop leer, Windows Rescue... So. Erstmal GMER log.
__________________Rest kommt morgen. Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-09 23:24:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 77mn5n05.exe; Driver: C:\Users\Aupex\AppData\Local\Temp\ugdyrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91F84DAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91F86FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91F87262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91F874D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91F856BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91F864F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91F86A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x91F8599A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91F86922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x91F84998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91F867F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91F84B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91F86B5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91F85344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91F8688C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91F8824A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91F85E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91F89458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x91F85C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91F8833C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91F88AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91F86AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x91F85740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91F869B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91F84FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91F8883E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91F86BF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91F84ED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91F877DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x91F88DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91F886D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x91F83652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91F86F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91F86E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91F87FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x91F839CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91F892FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x91F835EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91F86238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91F85560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91F8787E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x91F884DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91F88F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91F89020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91F8915A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91F8816E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91F8518E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91F850E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91F88C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91F8527A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91F85442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91F87722]
INT 0x62 ? 87F82F00
INT 0x72 ? 85D60BF8
INT 0x82 ? 85D60BF8
INT 0x92 ? 87F82F00
INT 0xA2 ? 85D5FBF8
INT 0xA2 ? 87F82F00
INT 0xA2 ? 87F82F00
INT 0xA2 ? 85D5FBF8
INT 0xB2 ? 87F82F00
INT 0xB2 ? 87F82F00
INT 0xB3 ? 87F82F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 82CB489C 4 Bytes [AA, 4D, F8, 91] {STOSB ; DEC EBP; CLC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 82CB48C0 8 Bytes CALL E55D4134
.text ntkrnlpa.exe!KeSetEvent + 181 82CB4904 4 Bytes [D8, 74, F8, 91] {FDIV DWORD [EAX+EDI*8-0x6f]}
.text ntkrnlpa.exe!KeSetEvent + 1A9 82CB492C 4 Bytes [BE, 56, F8, 91]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82CB4944 4 Bytes [F2, 64, F8, 91]
.text ...
? system32\drivers\bcywctyd.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\spzp.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 8B931B2E 5 Bytes JMP 85D601D8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90A06380, 0x34F1E7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8C7D041B 5 Bytes JMP 87F824E0
.text aguzti75.SYS 91509000 22 Bytes [82, 93, FC, 82, 6C, 92, FC, ...]
.text aguzti75.SYS 91509017 137 Bytes [00, 32, 17, 3A, 83, 3D, 15, ...]
.text aguzti75.SYS 915090A1 43 Bytes [10, CB, 82, 74, 06, C5, 82, ...]
.text aguzti75.SYS 915090CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text aguzti75.SYS 915090DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
.text win32k.sys!EngMulDiv + 4D3C 9CAB9CAB 5 Bytes JMP 8A204610
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [832986D2] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83298040] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [832987FC] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [832980BE] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8329813C] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [832A8048] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86B241F8
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \FileSystem\fastfat \FatCdrom 87671350
Device \Driver\volmgr \Device\VolMgrControl 85D621F8
Device \Driver\netbt \Device\NetBT_Tcpip_{14436A7B-9E23-494B-A111-E37191A2C976} 899051F8
Device \Driver\usbuhci \Device\USBPDO-0 87F7C1F8
Device \Driver\PCI_PNP2992 \Device\00000051 spzp.sys
Device \Driver\usbuhci \Device\USBPDO-1 87F7C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7E4D3FD4-2868-44D7-9825-067520FD8405} 899051F8
Device \Driver\usbehci \Device\USBPDO-2 87FA11F8
Device \Driver\usbuhci \Device\USBPDO-3 87F7C1F8
Device \Driver\usbuhci \Device\USBPDO-4 87F7C1F8
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\usbuhci \Device\USBPDO-5 87F7C1F8
Device \Driver\usbehci \Device\USBPDO-6 87FA11F8
Device \Driver\volmgr \Device\HarddiskVolume1 85D621F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\volmgr \Device\HarddiskVolume2 85D621F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\cdrom \Device\CdRom0 87F521F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86B221F8
Device \Driver\atapi \Device\Ide\IdePort0 86B221F8
Device \Driver\atapi \Device\Ide\IdePort1 86B221F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 86B221F8
Device \Driver\volmgr \Device\HarddiskVolume3 85D621F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\cdrom \Device\CdRom1 87F521F8
Device \Driver\sptd \Device\3090105492 spzp.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 899051F8
Device \Driver\Smb \Device\NetbiosSmb 89ADE500
Device \Driver\iScsiPrt \Device\RaidPort0 8802C1F8
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\usbuhci \Device\USBFDO-0 87F7C1F8
Device \Driver\usbuhci \Device\USBFDO-1 87F7C1F8
Device \Driver\usbehci \Device\USBFDO-2 87FA11F8
Device \Driver\usbuhci \Device\USBFDO-3 87F7C1F8
Device \Driver\usbuhci \Device\USBFDO-4 87F7C1F8
Device \Driver\usbuhci \Device\USBFDO-5 87F7C1F8
Device \Driver\usbehci \Device\USBFDO-6 87FA11F8
Device \Driver\aguzti75 \Device\Scsi\aguzti751 87F94500
Device \Driver\Si3531 \Device\Scsi\Si35311Port2Path0Target1fLun0 86B231F8
Device \Driver\Si3531 \Device\Scsi\Si35311 86B231F8
Device \Driver\aguzti75 \Device\Scsi\aguzti751Port4Path0Target0Lun0 87F94500
Device \FileSystem\fastfat \Fat 87671350
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \FileSystem\cdfs \Cdfs 866381F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0x54 0xD1 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xB4 0x59 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3E 0xF7 0xFD 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xB5 0x0A 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0x54 0xD1 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xB4 0x59 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3E 0xF7 0xFD 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xB5 0x0A 0x49 ...
---- EOF - GMER 1.0.15 ----
|
|
10.06.2011, 11:16
| #3 |
| | HDD Fehler, Desktop leer, Windows Rescue...Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:58:59 on 10.06.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab ZAO" - D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll "AppInit_DLLs" - "Kaspersky Lab ZAO" - D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights 10" - "Nero AG" - D:\Program Files\nero10\Nero BurnRights\NeroBurnRights_10.cpl "QuickTime" - "Apple Inc." - D:\Program Files\QuickTime\QTSystem\QuickTime.cpl "TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a14719il" (a14719il) - "Microsoft Corporation" - C:\Windows\system32\drivers\a14719il.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm251.sys "afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys "catchme" (catchme) - ? - C:\Users\Aupex\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys "Hotcore helper" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "MGHwCtrl" (MGHwCtrl) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\MGHwCtrl.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SbieDrv" (SbieDrv) - "tzuk" - d:\Program Files\Sandboxie\SbieDrv.sys "Sony Ericsson Device 0016 driver (WDM)" (s0016bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016bus.sys "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)" (s0016nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016nd5.sys "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)" (s0016unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016unic.sys "Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)" (s0016mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mgmt.sys "Sony Ericsson Device 0016 USB WMC Modem Driver" (s0016mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdm.sys "Sony Ericsson Device 0016 USB WMC Modem Filter" (s0016mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdfl.sys "Sony Ericsson Device 0016 USB WMC OBEX Interface" (s0016obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016obex.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - D:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Program Files\Acronis\TrueImageHome\tishell.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell-Erweiterungskomponente" - ? - D:\Program Files\Cdraw\Graphics10\Draw\CdrViewer\CrlShell100.dll {8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\system32\erasext.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - d:\Program Files\Logitech\SetPoint\kbcplext.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - d:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} "Battlefield Play4Free Updater" - "EA Digital Illusions CE AB" - C:\Windows\Downloaded Program Files\BP4FUpdater.dll / https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - d:\Program Files\Spybot2\SDHelper.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - d:\Program Files\Free Download Manager\iefdm2.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - d:\Program Files\Spybot2\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer Networking Limited" - d:\Program Files\Spybot2\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "AVP" - "Kaspersky Lab ZAO" - "D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" "CloneCDTray" - "SlySoft, Inc." - "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "MGSysCtrl" - "MSI" - C:\Program Files\System Control Manager\MGSysCtrl.exe "NBAgent" - "Nero AG" - "D:\Program Files\nero10\Nero BackItUp\NBAgent.exe" /WinStart "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TrayServer" - "MAGIX AG" - D:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Kaspersky Security Suite CBE 11 Service" (AVP) - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Sandboxie Service" (SbieSvc) - "tzuk" - d:\Program Files\Sandboxie\SbieSvc.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - D:\Program Files\Spybot2\SDWinSec.exe "SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe (File found, but it contains no detailed information) "SQL Server (JTLWAWI)" (MSSQL$JTLWAWI) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBR-Check: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 173):
0x82C08000 \SystemRoot\system32\ntkrnlpa.exe
0x82FC2000 \SystemRoot\system32\hal.dll
0x80605000 \SystemRoot\system32\kdcom.dll
0x8060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067C000 \SystemRoot\system32\PSHED.dll
0x8068D000 \SystemRoot\system32\BOOTVID.dll
0x80695000 \SystemRoot\system32\CLFS.SYS
0x806D6000 \SystemRoot\system32\CI.dll
0x83208000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83284000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83291000 \SystemRoot\System32\Drivers\spat.sys
0x83391000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8339A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B6000 \SystemRoot\system32\drivers\acpi.sys
0x833C0000 \SystemRoot\system32\drivers\msisadrv.sys
0x833C8000 \SystemRoot\system32\drivers\pci.sys
0x833EF000 \SystemRoot\System32\drivers\partmgr.sys
0x83200000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B800000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B80A000 \SystemRoot\system32\drivers\volmgr.sys
0x8B819000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B863000 \SystemRoot\system32\drivers\intelide.sys
0x8B86A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B878000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B888000 \SystemRoot\system32\drivers\atapi.sys
0x8B890000 \SystemRoot\system32\drivers\ataport.SYS
0x8B8AE000 \SystemRoot\system32\DRIVERS\Si3531.sys
0x8B8E4000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B916000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B926000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B935000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8B938000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B942000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA07000 \SystemRoot\system32\drivers\ndis.sys
0x8BB12000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCFA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD15000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BE06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF16000 \SystemRoot\system32\drivers\volsnap.sys
0x8C003000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x8C0DE000 \SystemRoot\System32\Drivers\spldr.sys
0x8C0E6000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8C10B000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x8C10D000 \SystemRoot\System32\Drivers\mup.sys
0x8C205000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8C727000 \SystemRoot\System32\drivers\ecache.sys
0x8C74E000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8C753000 \SystemRoot\system32\drivers\disk.sys
0x8C764000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8C785000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C79B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x90E07000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9153E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x915DE000 \SystemRoot\System32\drivers\watchdog.sys
0x915EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C7A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C7E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C11C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91603000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x9182A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x91842000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x91852000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x91860000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9187A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x91889000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x9189D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x918B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x918BB000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x918C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x918CF000 \SystemRoot\system32\DRIVERS\enecir.sys
0x918E1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x918E5000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x918E7000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x918EE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91906000 \SystemRoot\System32\Drivers\a14719il.SYS
0x9193C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9194B000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x9195B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9198A000 \SystemRoot\system32\DRIVERS\storport.sys
0x919CB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x919D6000 \SystemRoot\System32\Drivers\RootMdm.sys
0x919DE000 \SystemRoot\system32\drivers\modem.sys
0x8C1A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x919EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C7F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C1E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BF4F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BF64000 \SystemRoot\system32\DRIVERS\termdd.sys
0x919F6000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x919FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BF74000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BF9E000 \SystemRoot\system32\DRIVERS\circlass.sys
0x915F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91600000 \SystemRoot\system32\DRIVERS\lgbtbus.sys
0x8C78E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BFAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFE1000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8BFEC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E00000 \SystemRoot\system32\DRIVERS\lgvmodem.sys
0x90E04000 \SystemRoot\system32\DRIVERS\lgbtport.sys
0x92002000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BD9F000 \SystemRoot\system32\drivers\portcls.sys
0x921DB000 \SystemRoot\system32\drivers\drmk.sys
0x92202000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9231E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92320000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9232B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9233B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92342000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9234B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92353000 \SystemRoot\system32\DRIVERS\klif.sys
0x923D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x923DF000 \SystemRoot\System32\Drivers\Null.SYS
0x923E6000 \SystemRoot\System32\Drivers\Beep.SYS
0x923ED000 \SystemRoot\System32\drivers\vga.sys
0x8BDCC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C1F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDF5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BB78000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BC00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BB86000 \SystemRoot\system32\DRIVERS\tdx.sys
0x923F9000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x8BB9C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BBA5000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8BBAD000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8BE00000 \SystemRoot\system32\DRIVERS\kl2.sys
0x8BBB5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B9B3000 \SystemRoot\system32\drivers\afd.sys
0x8BBC9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92805000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9281B000 \SystemRoot\system32\DRIVERS\klim6.sys
0x92823000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92831000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92844000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92880000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9288A000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9288F000 \SystemRoot\System32\Drivers\dfsc.sys
0x9CC30000 \SystemRoot\System32\win32k.sys
0x928B3000 \SystemRoot\System32\drivers\Dxapi.sys
0x928BD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CE50000 \SystemRoot\System32\TSDDD.dll
0x9CE70000 \SystemRoot\System32\cdd.dll
0x928CC000 \SystemRoot\system32\drivers\luafv.sys
0x928EF000 \SystemRoot\system32\drivers\spsys.sys
0x9299F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x929AF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x929D9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x929E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA3204000 \SystemRoot\system32\drivers\HTTP.sys
0xA3271000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA328E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA32A7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA32BC000 \SystemRoot\system32\drivers\mrxdav.sys
0xA32DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA32FC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3335000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA334D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3375000 \SystemRoot\System32\DRIVERS\srv.sys
0xA33C4000 \SystemRoot\system32\DRIVERS\afcdp.sys
0xA5009000 \SystemRoot\system32\drivers\peauth.sys
0xA50E7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA50F1000 \??\d:\Program Files\Sandboxie\SbieDrv.sys
0xA510F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA511B000 \??\C:\Windows\system32\drivers\MGHwCtrl.sys
0xA5125000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA513B000 \??\C:\Windows\system32\drivers\mbam.sys
0xA5154000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77640000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll
Processes (total 73):
0 System Idle Process
4 System
648 C:\Windows\System32\smss.exe
748 csrss.exe
800 C:\Windows\System32\wininit.exe
808 csrss.exe
844 C:\Windows\System32\services.exe
864 C:\Windows\System32\lsass.exe
872 C:\Windows\System32\lsm.exe
1024 C:\Windows\System32\winlogon.exe
1048 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\nvvsvc.exe
1128 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\audiodg.exe
1472 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\SLsvc.exe
1540 C:\Windows\System32\svchost.exe
1616 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1832 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\spoolsv.exe
2040 C:\Windows\System32\svchost.exe
736 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
904 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
792 D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1368 C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
1632 C:\Windows\System32\agrsmsvc.exe
1824 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
1896 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
2148 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2256 C:\Program Files\Nero\Update\NASvc.exe
2300 C:\Program Files\System Control Manager\edd.exe
2332 C:\Windows\System32\PnkBstrA.exe
2356 C:\Windows\System32\svchost.exe
2424 D:\Program Files\Sandboxie\SbieSvc.exe
2508 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2520 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2548 C:\Windows\System32\svchost.exe
2616 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2672 C:\Windows\System32\SearchIndexer.exe
2856 D:\Program Files\Spybot2\SDWinSec.exe
3228 C:\Windows\System32\taskeng.exe
204 C:\Windows\System32\taskeng.exe
2944 C:\Windows\System32\dwm.exe
3584 C:\Windows\explorer.exe
3612 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
1640 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
1800 C:\Program Files\System Control Manager\MGSysCtrl.exe
1152 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2340 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3992 C:\Windows\RtHDVCpl.exe
1924 C:\Windows\System32\rundll32.exe
4012 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
420 C:\Program Files\Windows Media Player\wmpnscfg.exe
12 C:\Windows\System32\rundll32.exe
4000 C:\Program Files\Windows Sidebar\sidebar.exe
3812 D:\Program Files\Spybot2\TeaTimer.exe
4148 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4464 C:\Program Files\Windows Sidebar\sidebar.exe
5980 C:\Windows\System32\svchost.exe
4912 D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
5188 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5432 C:\Windows\System32\taskeng.exe
2800 C:\Windows\System32\mobsync.exe
5400 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3208 C:\Windows\System32\conime.exe
4832 D:\Program Files\Mozilla Firefox\firefox.exe
5640 C:\Windows\System32\SearchProtocolHost.exe
5884 C:\Windows\System32\SearchFilterHost.exe
5120 C:\Users\Aupex\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`770d7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`029d5600 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
|
|
| Themen zu HDD Fehler, Desktop leer, Windows Rescue... |
| alternate, audacity, avp.exe, bho, browser, c:\windows\system32\rundll32.exe, call of duty, converter, desktop, desktop leer, druck, error, excel.exe, firefox, flash player, free download, hijack, hijackthis, home, install.exe, kaspersky, langs, logfile, malware, mbamservice.exe, microsoft office word, mozilla thunderbird, mp3, nvidia update, nvlddmkm.sys, office 2007, oldtimer, openvpn, plug-in, realtek, registry, safer networking, searchplugins, security, security update, senden, server, shell32.dll, software, sptd.sys, start menu, super, svchost.exe, system, tastatur, torrent.exe, trojan.fakems, vista, vista recovery, windows, winload toolbar |
Hybrid-Darstellung
