| mattan75 | 27.04.2011 17:08 |
Danke! Alles erledigt, Logs siehe unten!
GMER: Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-27 17:53:57
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0
Running: g2m3e4r.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fwldapoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8324A589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8326F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spzy.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91239CA0 5 Bytes JMP 88AE81D8
.text peauth.sys A3080C9D 28 Bytes JMP 5C6427C1
.text peauth.sys A3080CC1 28 Bytes JMP 5C6427C1
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B0455000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B0455123 629 Bytes [05, 45, B0, FE, 05, 34, 05, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B0455399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B04553FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B04554AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E32494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E15624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E3250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E28573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E24D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E28819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E2907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E2E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E24C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8597D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0B8F75AA-6092-423F-8182-9C35D08FA678} 88A38500
Device \Driver\volmgr \Device\VolMgrControl 859791F8
Device \Driver\usbuhci \Device\USBPDO-0 88AC9480
Device \Driver\usbuhci \Device\USBPDO-1 88AC9480
Device \Driver\usbuhci \Device\USBPDO-2 88AC9480
Device \Driver\usbehci \Device\USBPDO-3 86741500
Device \Driver\usbuhci \Device\USBPDO-4 88AC9480
Device \Driver\usbuhci \Device\USBPDO-5 88AC9480
Device \Driver\usbuhci \Device\USBPDO-6 88AC9480
Device \Driver\volmgr \Device\HarddiskVolume1 859791F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86741500
Device \Driver\volmgr \Device\HarddiskVolume2 859791F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 88A5F1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8BA9D960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BA9D960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BA9D960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 859791F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 859791F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 88A38500
Device \Driver\BTHUSB \Device\00000090 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000090 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{C01B1037-EBDE-4812-918C-42D7B7594353} 88A38500
Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A5F3B8D-398E-416E-83ED-75B499643A19} 88A38500
Device \Driver\usbuhci \Device\USBFDO-0 88AC9480
Device \Driver\usbuhci \Device\USBFDO-1 88AC9480
Device \Driver\usbuhci \Device\USBFDO-2 88AC9480
Device \Driver\usbehci \Device\USBFDO-3 86741500
Device \Driver\usbuhci \Device\USBFDO-4 88AC9480
Device \Driver\usbuhci \Device\USBFDO-5 88AC9480
Device \Driver\NetBT \Device\NetBT_Tcpip_{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3} 88A38500
Device \Driver\usbuhci \Device\USBFDO-6 88AC9480
Device \Driver\usbehci \Device\USBFDO-7 86741500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS 0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0
---- EOF - GMER 1.0.15 ----
OSAM: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:01:16 on 27.04.2011
OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information)
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"vp6dec_settings.cpl" - ? - C:\Windows\system32\vp6dec_settings.cpl (File found, but it contains no detailed information)
"vp7dec_settings.cpl" - ? - C:\Windows\system32\vp7dec_settings.cpl (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\********\AppData\Local\Temp\catchme.sys (File not found)
"fwldapoc" (fwldapoc) - ? - C:\Users\********\AppData\Local\Temp\fwldapoc.sys (Hidden registry entry, rootkit activity | File not found)
"genport" (genport) - "Wistron" - C:\Program Files\RemoteKeySrv\GenPort.sys
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information)
"Sound Tap Upper Class Filter Driver v2.0.0.0" (stdriver) - "NCH Software" - C:\Windows\System32\DRIVERS\stdriver32.sys
"Splitcam, WDM Camera Stream Splitter" (SPLITCAM) - "LoteSoft Co." - C:\Windows\System32\DRIVERS\splitcam.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "ContextMenuHandler Class" - "Brice Lambson" - C:\Program Files\Image Resizer\ImageResizer.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\NAMEEXT.DLL
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information)
{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\Nv3DAppShExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7} "SafeEraseObj Class" - "O&O Software GmbH" - C:\Program Files\OO Software\SafeErase\oosesh.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{FCBCCB87-9224-4B8D-B117-F56D924BEB18} "SMTTB2009 Class" - ? - C:\Program Files\SplitCam Toolbar\tbcore3.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"RemoteKeySrv.lnk" - "Wistron Corporation" - C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ccleaner" - "Piriform Ltd" - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonSolutionMenuEx" - "CANON INC." - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AirPrint" (AirPrint) - "Apple Inc." - C:\Program Files\AirPrint\Airprint.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"RemoteKeySrv" (RemoteKeySrv) - "Wistron Corporation" - C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck: Code:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDION
System Product Name: P961x
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 171):
0x83207000 \SystemRoot\system32\ntkrnlpa.exe
0x83617000 \SystemRoot\system32\halmacpi.dll
0x80BD5000 \SystemRoot\system32\kdcom.dll
0x8B422000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B49A000 \SystemRoot\system32\PSHED.dll
0x8B4AB000 \SystemRoot\system32\BOOTVID.dll
0x8B4B3000 \SystemRoot\system32\CLFS.SYS
0x8B4F5000 \SystemRoot\system32\CI.dll
0x8B61D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B68E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B69C000 \SystemRoot\System32\Drivers\spzy.sys
0x8B78F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8B798000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B5A0000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B7BE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B7C6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B7D1000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B600000 \SystemRoot\System32\drivers\partmgr.sys
0x8B5E8000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B81F000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B86A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BA3C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BBEF000 \SystemRoot\system32\drivers\amdxata.sys
0x8BA00000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B880000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B891000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B8A0000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B9CF000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B800000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BC20000 \SystemRoot\System32\Drivers\cng.sys
0x8BC7D000 \SystemRoot\System32\drivers\pcw.sys
0x8BC8B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BC94000 \SystemRoot\system32\drivers\ndis.sys
0x8BD4B000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BD89000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BE22000 \SystemRoot\System32\drivers\tcpip.sys
0x8BF6B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BF9C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BFDB000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDAE000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BFE3000 \SystemRoot\System32\Drivers\mup.sys
0x8BFF3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C03F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C071000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C082000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8FBDA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBF9000 \SystemRoot\System32\Drivers\Null.SYS
0x8FA00000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FA07000 \SystemRoot\System32\drivers\vga.sys
0x8C0B4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C0D5000 \SystemRoot\System32\drivers\watchdog.sys
0x8C0E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C0EA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C0F2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C0FA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C105000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C113000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C12A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C135000 \SystemRoot\system32\drivers\afd.sys
0x8C18F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C1C1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8C1C8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C1E7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8C000000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C00E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90E0D000 \SystemRoot\System32\drivers\truecrypt.sys
0x90E42000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90E52000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90E58000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90E99000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90EA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90EAD000 \SystemRoot\System32\drivers\discache.sys
0x90EB9000 \SystemRoot\System32\Drivers\dfsc.sys
0x90ED1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90EDF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90F05000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90F26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92202000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92B7C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90F38000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92B7E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92BB7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92BD6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91215000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91260000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9126F000 \SystemRoot\system32\DRIVERS\NxpCap.sys
0x91628000 \SystemRoot\system32\DRIVERS\ks.sys
0x9165C000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x9165F000 \SystemRoot\system32\DRIVERS\stdriver32.sys
0x9166D000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x91780000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9178A000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x917CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x917D5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x917E2000 \SystemRoot\System32\Drivers\x10hid.sys
0x917E4000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0x917F7000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0x91600000 \SystemRoot\system32\DRIVERS\splitcam.sys
0x91609000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x913EB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92BE1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91617000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C021000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BDDB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90FEF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91622000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BDF2000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8B400000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91C2B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91C6F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91C7B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91C8C000 \SystemRoot\system32\drivers\nvhda32v.sys
0x91CA0000 \SystemRoot\system32\drivers\portcls.sys
0x91CCF000 \SystemRoot\system32\drivers\drmk.sys
0x93621000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x938F8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FA13000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93905000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93916000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9392D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9392F000 \SystemRoot\system32\DRIVERS\NW1950.sys
0x9A61A000 \SystemRoot\system32\DRIVERS\NWTransLib.sys
0x9AE83000 \SystemRoot\system32\DRIVERS\hidkmdf.sys
0x9AE84000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98470000 \SystemRoot\System32\win32k.sys
0x9AE8F000 \SystemRoot\System32\drivers\Dxapi.sys
0x9AE99000 \SystemRoot\system32\DRIVERS\MTConfig.sys
0x9AEA1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9AEAC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x986D0000 \SystemRoot\System32\TSDDD.dll
0x9AEB7000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x9AEC1000 \SystemRoot\system32\drivers\btusbflt.sys
0x9AECB000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9AEDD000 \SystemRoot\System32\Drivers\bthport.sys
0x98700000 \SystemRoot\System32\cdd.dll
0x98720000 \SystemRoot\System32\ATMFD.DLL
0x9AF41000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9AF65000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9AF72000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9AF8D000 \SystemRoot\system32\drivers\btwavdt.sys
0x93933000 \SystemRoot\system32\drivers\btwaudio.sys
0x9A600000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x9A60B000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x939B4000 \SystemRoot\system32\drivers\luafv.sys
0x939CF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x939E4000 \SystemRoot\system32\drivers\WudfPf.sys
0x93600000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x91CE8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93610000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x91D2E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x91D41000 \SystemRoot\system32\drivers\HTTP.sys
0x91DC6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x91DDF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x91C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA300D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3048000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA307B000 \SystemRoot\system32\drivers\peauth.sys
0xA3112000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA311C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA313D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA314A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3199000 \SystemRoot\System32\DRIVERS\srv.sys
0xA31EB000 \??\C:\Program Files\RemoteKeySrv\GenPort.sys
0xB041C000 \??\C:\Users\********\AppData\Local\Temp\fwldapoc.sys
0xB0435000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0x77150000 \Windows\System32\ntdll.dll
0x47F30000 \Windows\System32\smss.exe
0x77390000 \Windows\System32\apisetschema.dll
Processes (total 72):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
492 csrss.exe
560 C:\Windows\System32\wininit.exe
576 csrss.exe
624 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
704 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\nvvsvc.exe
932 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1452 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1540 C:\Windows\System32\spoolsv.exe
1596 C:\Windows\System32\svchost.exe
1696 C:\Program Files\AirPrint\airprint.exe
1756 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1784 C:\Program Files\Bonjour\mDNSResponder.exe
1808 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1860 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
1924 C:\Windows\System32\svchost.exe
2004 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2040 C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
440 C:\Program Files\CyberLink\Shared files\RichVideo.exe
484 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1120 C:\Windows\System32\svchost.exe
1332 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1972 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2072 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2188 unsecapp.exe
2420 WmiPrvSE.exe
2840 C:\Windows\System32\svchost.exe
3216 C:\Windows\System32\nvvsvc.exe
3252 C:\Windows\System32\wisptis.exe
3384 C:\Windows\System32\taskhost.exe
3492 C:\Windows\System32\wisptis.exe
3540 C:\Windows\System32\dwm.exe
3548 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
3636 C:\Windows\explorer.exe
3980 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
4008 C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
2804 C:\Program Files\iTunes\iTunesHelper.exe
2944 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3088 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2320 C:\Program Files\PDF24\pdf24.exe
2324 C:\Program Files\Windows Sidebar\sidebar.exe
3232 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3632 C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
248 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
3348 C:\Windows\System32\SearchIndexer.exe
4136 C:\Program Files\iPod\bin\iPodService.exe
4580 C:\Windows\System32\svchost.exe
4720 C:\Program Files\Windows Media Player\wmpnetwk.exe
5204 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
5996 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
776 C:\Windows\servicing\TrustedInstaller.exe
5444 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
6120 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
4592 C:\Windows\System32\conhost.exe
1900 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4932 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2784 C:\Windows\System32\audiodg.exe
2592 C:\Windows\System32\SearchProtocolHost.exe
5060 C:\Windows\System32\SearchFilterHost.exe
3472 C:\Users\********\Desktop\MBRCheck.exe
5692 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000de`a0b00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 82A2D0BCAFEAB927855773C6F130D8115D996D6C
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
|
