| Lilla My | 24.05.2011 15:14 |
Okay, here we go:
GMER Logfile: Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-24 15:58:15
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9SA00 rev.FB4OC43C
Running: jhtjv3r5.exe; Driver: C:\Users\Michi\AppData\Local\Temp\pxdyipob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E93569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91626000, 0x2D5378, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2616] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2616] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\000000b0 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????0???????????usbstor.inf?????????????? ???????Z?????????????1????????????&????????????????????????????????5????????????&??????0??-4??LAN-Verbindung* 27??????? ???????Z?????????????1??????????*?&???????????????????????? ???????????????????U?1??????*?&??? ????????????????????-??????????dr???????????N????????????&??????.???t??LAN-Verbindung* 28??????????????Microsoft-6zu4-Adapter #52?6?2???????{??????p???TCPIP6TUNNEL?Tcpip6??????????????????e???????????????l??{8D6C7F81-D39E-41A9-9E26-44AA0D036205}??? ??? ?????????????????????1??????????=?&????????????????????????????????A??????????du?????? 7??????????????@nettun.inf,%msft%;Microsoft?????????????????????????????????????????B???e???????????????????????????????????????????????????t??text????text?0????????????????????6?????????????????????tB??????????wpdfs.inf????? ??A????????????N???????????????:????????????2????Microsoft???? ????????????????????????"?????p???????????\\?\wpdbusenumroot#umb#2&37c186b&0&storage#volume#_??_sd#vid_02&oid_544d&pid_sd02g&rev_2.8#5&10
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????Microsoft???*6to4mp?8D??????se??tunnel???????????????.???.??? ???????b?????????????.????????*?&?&??????????????????????????????????????????????????????????l????? *?????????????????EventLog-Application???????????????????????????g?????????????????????????d??????????????????????? ???????g?????????????1????????????????????? ???????????????????g?1????????>???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0011???????N?????????????????.NTx86?A5-??????????? ???????g?????????????1????????????????????? ???????????????????g?1????????????????????@msmouse.inf,%msmfg%;Microsoft??????????????????? ???????g?????????????1????????????????????? ???????????????????g?1??????????????????????N? ??????????D?????????????B??????????????????Microsoft-6zu4-Adapter #17?9F8??? ???g???e?????e?e??????ad??????? ???????h?????????????1????????????????????? ???????????????????g?1?????????????????????????e???????e???f??????????????????????????????? ???????h?????????????1???????????????????????h????????????????? ???????????????????h?1???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????192.168.0.1?????????????? ?????????????????????1????????????????????? ???????????????????m?1????????????????????\Device\{B154DF00-21EB-403E-9C0D-0130D11B6A80}??09??????????? ?????????????????????1????????????????????Microsoft-6zu4-Adapter #20??????? ???????????????????m?1????????????????????Microsoft-6zu4-Adapter #45?6?2??????????????? ?????????????????????1????????????????????? ???????????????????m?1????????????????????6to4mp.ndi???????????????????????????????????????????????e??@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter??????????????l?m???????l????????????????????tunnel???????????????&???e???????????????????????????????????????????????B??tunnel???k??{4d36e972-e325-11ce-bfc1-08002be10318}\0053?? ??A7??????????????????????????????Microsoft???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0037?10??{4d36e972-e325-11ce-bfc1-08002be10318}?-4C??????????????????????????????????????????? ????????????????????????"???????????????????0????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????????????????????6.1.7600.16385??????*6to4mp?????????????????????????????????????37????l?????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????????*6to4mp??-??? ????????????????????????????$?N?&?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0038???????????????????????????N?????????????????{753BDA76-FC29-458C-B213-B0E8FD45A002}???????????????????????s??? ???????????????????????????e??????????????????????????????????????????????????????????? ???????1??????????? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0028???????????????????????????N?????????????????{21403B74-FAE7-4F17-8729-0F2A13B76FD9}???????????????????????s??? ???????????????????????????e??????????????? ?????????????????????1????????????&???????????????????????? ???????????????????|?1??????*?&??? ??????rei??????????????????????????????????????????????LAN-Verbindung* 22???????????????l??????????????????????????nd????$??????n?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????????????v???????????????????????n??WUDFRd?ip6??????????????????????????? ???????s??????sl????N??????t?????DSS???????????????????????????????????????????B??????CE??Root\*6TO4MP\0044????????z???????3???????????????????????0??????????????????????????????????????????????????USB\ROOT_HUB&VID8086&PID2935&REV0003?USB\ROOT_HUB&VID8086&PID2935?USB\ROOT_HUB?????????????????????s?n???????h???????????e???????????B????X??????|???t??????????????? ??????????????????????????????????????????????????\??\USB#ROOT_HUB#4&3c0f5c3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}SAD??? ?????????????????????-???????????????db-??????????? ???????????????????????????????????????f??????????????? ?????????????????????1??L????????? ???????????????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????usbport.inf:Generic.Section.NTx86:ROOTHUB.Dev:6.1.7600.16788:usb\root_hub???????????????????? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????????????????????????i??????????tunnel??????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BC2ADF94-37FD-4EBC-9FA1-B7DBCA1CAD07}] SEQPACKET 84?2??? ???????????????????/????????"?????????????????????? ???????0???????????????????p?????eip???????+?????;?????????????????i??????????.N????$??????}???????C???????????????????????????i???w???????????.????????????:??????E????????????????????????6??????1???????m??????cdfs?????????????????????B??C:\Windows\system32\sw2_ttls.dll????? ???(???5?????.25???????_??????????? ???;??????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BC2ADF94-37FD-4EBC-9FA1-B7DBCA1CAD07}] DATAGRAM 84?E2??? ???????????????????/????????"???@?????????8-??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{24B7EF70-4D09-4CC6-B224-FCD5C731E1F2}] SEQPACKET 86?F??? ???????????????????/????????"???A??????????-??? ???????????????????/????????"???B?????????????????????????????????????????????????????????????????T????????????C???t??????????????????l??????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???f?s??{4d36e97d-e325-11ce-bfc1-08002be10318}??????{00000000-0000-0000-ffff-ffffffffffff}?rti??? ???????????????????????????e?????????n??????N????????????????????e???f?????f?f????{4d36e97d-e325-11ce-bfc1-08002be10318}??????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????7??????s????????????D??????-0????:????????g????????????????????? ???????f???????????d????????$????????????????.?&???????f??????????????????? ???????f???????????????????????????????f??? ???????f?????f???????1??L????????? ??????-?-?????f???f???f????????? ???????f?????f???????1????????????&???????????????????????? ???????f?????????????1???????????????????????f????? ???????f?????f???????1????????????????????{00000000-0000-0000-ffff-ffffffffffff}?yst???? ??f???????e??? ???f??????????????????? ???????f???????????U?1?????????????????????????f??????????????????????????? ???????f?????f???????1?????????????????????????7???????e???????f??????????? ???????f???????????U?1?????????????????????????U???????????????????-??25?????f????? ???????f?????f???????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???k?s?????? ??????????s?????????s??????????????@volume.inf,%msft%;Microsoft?????l?l?????????????????????????????k???????????????k???????e?????l?&???????y????????????????????????X??m??????????????????????????????????????LegacyDriver?????l???l?l?k????????????????????:??????4?g?7?????????????????????????s?3???????????,???????????????m??????????? ??????????????????????82???????????????????????????????????????????????????m?????s?0???????????l???????????????l?l?????????????????l??????????????????????????? ???n??????????????usbccgp?&?????V??t?????????e?????????????????????????l???????z???????????l???l?l????????????? ???????k?????k?????k????????????$??????????R???????k??????s????l??? ???????k???????????k??????????b????????????????y??LegacyDriver????*6to4mp????????k?&??LegacyDriver??????N??k??? ????D??4??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????????????????????????t????l??????????????86???k???????????????????????????????????????????|???i?k?k?k?k???l????X??m????????????????????????????m??????l???k??? ???????k?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???p?????|???????????????????????????????????????p??? ???f???6???????7??system32\drivers\fltmgr.sys?????????????????????????@%systemroot%\system32\wkssvc.dll,-1004?????Microsoft???????t???????????TDI???????:??s????????h?????11???????????p???0???2??????????? ???????o????????????????????(?4?X??????????????????????????????????0???????????????r??tO??????????????????????????? ???????[??????????*6to4mp??e??Tdx?nsi?????\SystemRoot\System32\drivers\dxgkrnl.sys????FSFilter Bottom?????FSFilter Infrastructure??????????????p??????????????????? ???????o?????q????Pq?2??????$?h?Z???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????????????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???l?????l??? ???????k?????l?????l????????????I????????S?????k?l?l?l?l???l??Microsoft???????????? ??l??????????????STORAGE\Volume??????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0006???????<??l?????g????????????????t????l???????k???????????l?l?l??? t??????????????????????l???3???s???????s????<??l?????g?????l??? ??????????????x????????l???????????l???????????????????????l??????????6.1.7600.16385????????*??l???o?? (??WAN Miniport (IKEv2)?3???l?l?????l??? ???????k?????l?????k????????????6? ???????????????????????????????? ???????l???????????k??????????P????????????????l???????3???l??Net??????l?????l?&??? ???????l???????????l??????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????????????????????????????????????????????????pt???????????????????????j?j?l?l???????????l?????l??? ???????k?????l?????k????????????9? ???????Dt??LegacyDriver? ???l??? ???????l???????????k??????????\????????????????l??????s???tunnel???????l?????l?&??{8ECC055D-047F-11D1-A537-0000F8
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???l?????l??? ???????k?????l?????k????????????9? ???????Dt??LegacyDriver? ???l??? ???????l???????????k??????????\????????????????l??????s???tunnel???????l?????l?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}?0?0??? `??????0??????????LegacyDriver?????????l???-??e5????N??l????????????????????????????????????X??????????????????????????????????????????????????????z??LegacyDriver?????????????l?los??{00000000-0000-0000-0000-000000000000}???????l???????????????????????????????????????l??????????netavpna.inf?????????????????????? ??l???1??????Ndi-Mp-AgileVpn?Vp???????????p??in????(??l???1???1??ms_agilevpnminiport??1???????????????1???????l???????????????????????????????????????????l?l????{4d36e972-e325-11ce-bfc1-08002be10318}??Ne??@netrasa.inf,%msft%;Microsoft?????X?????????????storage\volume??????Microsoft???????????????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????????????????k??????p????l???????1??{4d36e972-e325-11ce-bfc1-08002be10318}???????????j???????e??@netrasa.inf,%msft%;Microsoft????????z?????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ????????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????q???????????q???????????????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll????????????????????????????????B??q????????n?????%SystemRoot%\System32\dnsext.dll????? ???????q???????????q?2??????????????????????<??s????????h?????? ???????p???????????p?2????????????????????????????0??????????????????????????? ??????????? ??????????????????????????????????????????????????? ????(??????P???????????????????????????????????????? ???????p?????p???????2???????????????????o???????q???q???q????????? ???????q???????????q?2??????????????0??????????????????????????????????????????q???????????????q??????0???5355?UDP?????q?q?q?q?q????????????????0?????? ???????o?????q??????????????$???[??????c??@%systemroot%\system32\dot3svc.dll,-1102???????
---- EOF - GMER 1.0.15 ----
--- --- ---
OSAM Logfile: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:08:41 on 24.05.2011
OS: Windows 7 (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cmmx01.cpl" - "combit GmbH" - C:\Windows\system32\cmmx01.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Michi\AppData\Local\Temp\catchme.sys (File not found)
"pxdyipob" (pxdyipob) - ? - C:\Users\Michi\AppData\Local\Temp\pxdyipob.sys (Hidden registry entry, rootkit activity | File not found)
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
"CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found)
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"CS ChemDraw Pro Plugin" - "CambridgeSoft.Com" - C:\Program Files\Internet Explorer\PLUGINS\Npcdp32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM Startup" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivX Download Manager" - "DivX, LLC" - "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe"
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SQL Server (CSSQL05)" (MSSQL$CSSQL05) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NS21Z_S
Logical Drives Mask: 0x0000000e
Kernel Drivers (total 191):
0x82E50000 \SystemRoot\system32\ntkrnlpa.exe
0x82E19000 \SystemRoot\system32\halmacpi.dll
0x80BB8000 \SystemRoot\system32\kdcom.dll
0x8AE22000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AE9A000 \SystemRoot\system32\PSHED.dll
0x8AEAB000 \SystemRoot\system32\BOOTVID.dll
0x8AEB3000 \SystemRoot\system32\CLFS.SYS
0x8AEF5000 \SystemRoot\system32\CI.dll
0x8B01A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B08B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B099000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B0E1000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B0EA000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B0F2000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B11C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B127000 \SystemRoot\System32\drivers\partmgr.sys
0x8B138000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B140000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B14B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B15B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B1A6000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B1BC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B1C5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B1E8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8B1F2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B000000 \SystemRoot\system32\drivers\amdxata.sys
0x8AFA0000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B009000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B217000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B346000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B371000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B384000 \SystemRoot\System32\Drivers\cng.sys
0x8B3E1000 \SystemRoot\System32\drivers\pcw.sys
0x8B3EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B403000 \SystemRoot\system32\drivers\ndis.sys
0x8B4BA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B4F8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B62F000 \SystemRoot\System32\drivers\tcpip.sys
0x8B778000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B7A9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B7B2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B7F1000 \SystemRoot\System32\Drivers\spldr.sys
0x8B600000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B51D000 \SystemRoot\System32\Drivers\mup.sys
0x8B52D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B535000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B567000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B578000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B5D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B7F9000 \SystemRoot\System32\Drivers\Null.SYS
0x8B5EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B200000 \SystemRoot\System32\drivers\vga.sys
0x8AFD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE00000 \SystemRoot\System32\drivers\watchdog.sys
0x8B5F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B20C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B3F8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8AE0D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90C0E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90C1C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90C33000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90C3E000 \SystemRoot\system32\drivers\afd.sys
0x90C98000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90CCA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90CD1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90CF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90CFE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90D11000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90D21000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90D27000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90D68000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90D72000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90D7C000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x90D7D000 \SystemRoot\System32\drivers\discache.sys
0x90D89000 \SystemRoot\system32\drivers\csc.sys
0x9043D000 \SystemRoot\System32\Drivers\dfsc.sys
0x90455000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90463000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90489000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91625000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91B3A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x904AA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91BF1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x904E3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91600000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9052E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9054D000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x97E04000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x98217000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x98243000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9825C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x98270000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x98288000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x98295000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x982A2000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x982A5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x982B7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x982BB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x982C8000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0x982D2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x982E4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x982FC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x98307000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x98329000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x98341000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x98358000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9836F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x98379000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9837B000 \SystemRoot\system32\DRIVERS\ks.sys
0x983AF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9059D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x983BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x82600000 \SystemRoot\system32\drivers\HdAudio.sys
0x82650000 \SystemRoot\system32\drivers\portcls.sys
0x8267F000 \SystemRoot\system32\drivers\drmk.sys
0x82698000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x826D5000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x82404000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x824B9000 \SystemRoot\system32\drivers\modem.sys
0x824C6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x824D3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x824DE000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x824E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99450000 \SystemRoot\System32\win32k.sys
0x824F9000 \SystemRoot\System32\drivers\Dxapi.sys
0x82503000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8251A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8251C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x82540000 \SystemRoot\system32\DRIVERS\monitor.sys
0x996B0000 \SystemRoot\System32\TSDDD.dll
0x996E0000 \SystemRoot\System32\cdd.dll
0x8254B000 \SystemRoot\system32\drivers\luafv.sys
0x82566000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8257B000 \SystemRoot\system32\drivers\WudfPf.sys
0x82595000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x825A5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x825EB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x827D7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C41B000 \SystemRoot\system32\drivers\HTTP.sys
0x9C4A0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C4B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C4CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C4EE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C529000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C55C000 \SystemRoot\system32\drivers\peauth.sys
0x9C5F3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x983CE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C400000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C03E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C08D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C149000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9C152000 \??\C:\Users\Michi\AppData\Local\Temp\pxdyipob.sys
0x77D00000 \Windows\System32\ntdll.dll
0x47690000 \Windows\System32\smss.exe
0x77F40000 \Windows\System32\apisetschema.dll
0x00DB0000 \Windows\System32\autochk.exe
0x77F20000 \Windows\System32\lpk.dll
0x77BE0000 \Windows\System32\wininet.dll
0x77F10000 \Windows\System32\normaliz.dll
0x77EC0000 \Windows\System32\Wldap32.dll
0x77EB0000 \Windows\System32\psapi.dll
0x77B30000 \Windows\System32\msvcrt.dll
0x77AA0000 \Windows\System32\oleaut32.dll
0x77A20000 \Windows\System32\comdlg32.dll
0x77880000 \Windows\System32\setupapi.dll
0x77E60000 \Windows\System32\gdi32.dll
0x77850000 \Windows\System32\imagehlp.dll
0x77690000 \Windows\System32\iertutil.dll
0x77E40000 \Windows\System32\imm32.dll
0x775F0000 \Windows\System32\usp10.dll
0x775D0000 \Windows\System32\sechost.dll
0x77530000 \Windows\System32\advapi32.dll
0x77460000 \Windows\System32\user32.dll
0x77380000 \Windows\System32\kernel32.dll
0x77340000 \Windows\System32\ws2_32.dll
0x772E0000 \Windows\System32\difxapi.dll
0x77230000 \Windows\System32\rpcrt4.dll
0x77120000 \Windows\System32\urlmon.dll
0x770C0000 \Windows\System32\shlwapi.dll
0x77030000 \Windows\System32\clbcatq.dll
0x76F60000 \Windows\System32\msctf.dll
0x76F50000 \Windows\System32\nsi.dll
0x76300000 \Windows\System32\shell32.dll
0x761A0000 \Windows\System32\ole32.dll
0x76080000 \Windows\System32\crypt32.dll
0x76030000 \Windows\System32\KernelBase.dll
0x76000000 \Windows\System32\cfgmgr32.dll
0x75F70000 \Windows\System32\comctl32.dll
0x75F50000 \Windows\System32\devobj.dll
0x75F20000 \Windows\System32\wintrust.dll
0x75F10000 \Windows\System32\msasn1.dll
Processes (total 57):
0 System Idle Process
4 System
260 C:\Windows\System32\smss.exe
360 csrss.exe
436 C:\Windows\System32\wininit.exe
448 csrss.exe
484 C:\Windows\System32\services.exe
508 C:\Windows\System32\lsass.exe
516 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\winlogon.exe
660 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\atiesrxx.exe
880 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\atieclxx.exe
1384 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\spoolsv.exe
1600 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1624 C:\Windows\System32\svchost.exe
1740 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1788 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
1824 C:\Windows\System32\svchost.exe
1848 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1856 C:\Windows\System32\conhost.exe
1876 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1964 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2012 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
284 C:\Windows\System32\svchost.exe
312 Eap3Host.exe
776 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
1292 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
1508 dllhost.exe
2280 C:\Windows\System32\taskhost.exe
2336 C:\Windows\System32\dwm.exe
2376 C:\Windows\explorer.exe
2476 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2516 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2536 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2544 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2552 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
2616 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2720 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3100 C:\Windows\System32\taskeng.exe
3140 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
3328 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
4068 C:\Windows\System32\SearchIndexer.exe
3868 C:\Program Files\Windows Media Player\wmpnetwk.exe
5196 C:\Windows\System32\svchost.exe
4616 C:\Windows\System32\SearchProtocolHost.exe
5384 C:\Windows\System32\SearchFilterHost.exe
5684 C:\Users\Michi\Desktop\MBRCheck.exe
2496 C:\Windows\System32\conhost.exe
4852 C:\Windows\System32\dllhost.exe
\\.\B: --> \\.\PhysicalDrive0 at offset 0x00000035`39f00000 (NTFS)
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73e00000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543232L9SA00, Rev: FB4OC43C
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
| Danke nochmal für die Hilfe, ist ja schon ein ganz schöner Aufwand! Und auch Danke für den Hinweis mit dem RegistryBooster! |
