Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:58:59 on 10.06.2011
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab ZAO" - D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights 10" - "Nero AG" - D:\Program Files\nero10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - D:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a14719il" (a14719il) - "Microsoft Corporation" - C:\Windows\system32\drivers\a14719il.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm251.sys
"afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys
"catchme" (catchme) - ? - C:\Users\Aupex\AppData\Local\Temp\catchme.sys (File not found)
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys
"Hotcore helper" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"MGHwCtrl" (MGHwCtrl) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\MGHwCtrl.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SbieDrv" (SbieDrv) - "tzuk" - d:\Program Files\Sandboxie\SbieDrv.sys
"Sony Ericsson Device 0016 driver (WDM)" (s0016bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016bus.sys
"Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)" (s0016nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016nd5.sys
"Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)" (s0016unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016unic.sys
"Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)" (s0016mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mgmt.sys
"Sony Ericsson Device 0016 USB WMC Modem Driver" (s0016mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdm.sys
"Sony Ericsson Device 0016 USB WMC Modem Filter" (s0016mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdfl.sys
"Sony Ericsson Device 0016 USB WMC OBEX Interface" (s0016obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016obex.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - D:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell-Erweiterungskomponente" - ? - D:\Program Files\Cdraw\Graphics10\Draw\CdrViewer\CrlShell100.dll
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\system32\erasext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - d:\Program Files\Logitech\SetPoint\kbcplext.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - d:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll (File found, but it contains no detailed information)
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} "Battlefield Play4Free Updater" - "EA Digital Illusions CE AB" - C:\Windows\Downloaded Program Files\BP4FUpdater.dll / https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - d:\Program Files\Spybot2\SDHelper.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - d:\Program Files\Free Download Manager\iefdm2.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - d:\Program Files\Spybot2\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer Networking Limited" - d:\Program Files\Spybot2\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"AVP" - "Kaspersky Lab ZAO" - "D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe"
"CloneCDTray" - "SlySoft, Inc." - "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MGSysCtrl" - "MSI" - C:\Program Files\System Control Manager\MGSysCtrl.exe
"NBAgent" - "Nero AG" - "D:\Program Files\nero10\Nero BackItUp\NBAgent.exe" /WinStart
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TrayServer" - "MAGIX AG" - D:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Kaspersky Security Suite CBE 11 Service" (AVP) - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "tzuk" - d:\Program Files\Sandboxie\SbieSvc.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - D:\Program Files\Spybot2\SDWinSec.exe
"SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe (File found, but it contains no detailed information)
"SQL Server (JTLWAWI)" (MSSQL$JTLWAWI) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBR-Check:
Code:
Alles auswählen Aufklappen ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 173):
0x82C08000 \SystemRoot\system32\ntkrnlpa.exe
0x82FC2000 \SystemRoot\system32\hal.dll
0x80605000 \SystemRoot\system32\kdcom.dll
0x8060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067C000 \SystemRoot\system32\PSHED.dll
0x8068D000 \SystemRoot\system32\BOOTVID.dll
0x80695000 \SystemRoot\system32\CLFS.SYS
0x806D6000 \SystemRoot\system32\CI.dll
0x83208000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83284000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83291000 \SystemRoot\System32\Drivers\spat.sys
0x83391000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8339A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B6000 \SystemRoot\system32\drivers\acpi.sys
0x833C0000 \SystemRoot\system32\drivers\msisadrv.sys
0x833C8000 \SystemRoot\system32\drivers\pci.sys
0x833EF000 \SystemRoot\System32\drivers\partmgr.sys
0x83200000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B800000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B80A000 \SystemRoot\system32\drivers\volmgr.sys
0x8B819000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B863000 \SystemRoot\system32\drivers\intelide.sys
0x8B86A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B878000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B888000 \SystemRoot\system32\drivers\atapi.sys
0x8B890000 \SystemRoot\system32\drivers\ataport.SYS
0x8B8AE000 \SystemRoot\system32\DRIVERS\Si3531.sys
0x8B8E4000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B916000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B926000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B935000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8B938000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B942000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA07000 \SystemRoot\system32\drivers\ndis.sys
0x8BB12000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCFA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD15000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BE06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF16000 \SystemRoot\system32\drivers\volsnap.sys
0x8C003000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x8C0DE000 \SystemRoot\System32\Drivers\spldr.sys
0x8C0E6000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8C10B000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x8C10D000 \SystemRoot\System32\Drivers\mup.sys
0x8C205000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8C727000 \SystemRoot\System32\drivers\ecache.sys
0x8C74E000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8C753000 \SystemRoot\system32\drivers\disk.sys
0x8C764000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8C785000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C79B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x90E07000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9153E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x915DE000 \SystemRoot\System32\drivers\watchdog.sys
0x915EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C7A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C7E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C11C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91603000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x9182A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x91842000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x91852000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x91860000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9187A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x91889000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x9189D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x918B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x918BB000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x918C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x918CF000 \SystemRoot\system32\DRIVERS\enecir.sys
0x918E1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x918E5000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x918E7000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x918EE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91906000 \SystemRoot\System32\Drivers\a14719il.SYS
0x9193C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9194B000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x9195B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9198A000 \SystemRoot\system32\DRIVERS\storport.sys
0x919CB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x919D6000 \SystemRoot\System32\Drivers\RootMdm.sys
0x919DE000 \SystemRoot\system32\drivers\modem.sys
0x8C1A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x919EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C7F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C1E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BF4F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BF64000 \SystemRoot\system32\DRIVERS\termdd.sys
0x919F6000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x919FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BF74000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BF9E000 \SystemRoot\system32\DRIVERS\circlass.sys
0x915F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91600000 \SystemRoot\system32\DRIVERS\lgbtbus.sys
0x8C78E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BFAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFE1000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8BFEC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E00000 \SystemRoot\system32\DRIVERS\lgvmodem.sys
0x90E04000 \SystemRoot\system32\DRIVERS\lgbtport.sys
0x92002000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BD9F000 \SystemRoot\system32\drivers\portcls.sys
0x921DB000 \SystemRoot\system32\drivers\drmk.sys
0x92202000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9231E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92320000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9232B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9233B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92342000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9234B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92353000 \SystemRoot\system32\DRIVERS\klif.sys
0x923D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x923DF000 \SystemRoot\System32\Drivers\Null.SYS
0x923E6000 \SystemRoot\System32\Drivers\Beep.SYS
0x923ED000 \SystemRoot\System32\drivers\vga.sys
0x8BDCC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C1F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDF5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BB78000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BC00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BB86000 \SystemRoot\system32\DRIVERS\tdx.sys
0x923F9000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x8BB9C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BBA5000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8BBAD000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8BE00000 \SystemRoot\system32\DRIVERS\kl2.sys
0x8BBB5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B9B3000 \SystemRoot\system32\drivers\afd.sys
0x8BBC9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92805000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9281B000 \SystemRoot\system32\DRIVERS\klim6.sys
0x92823000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92831000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92844000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92880000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9288A000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9288F000 \SystemRoot\System32\Drivers\dfsc.sys
0x9CC30000 \SystemRoot\System32\win32k.sys
0x928B3000 \SystemRoot\System32\drivers\Dxapi.sys
0x928BD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CE50000 \SystemRoot\System32\TSDDD.dll
0x9CE70000 \SystemRoot\System32\cdd.dll
0x928CC000 \SystemRoot\system32\drivers\luafv.sys
0x928EF000 \SystemRoot\system32\drivers\spsys.sys
0x9299F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x929AF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x929D9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x929E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA3204000 \SystemRoot\system32\drivers\HTTP.sys
0xA3271000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA328E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA32A7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA32BC000 \SystemRoot\system32\drivers\mrxdav.sys
0xA32DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA32FC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3335000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA334D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3375000 \SystemRoot\System32\DRIVERS\srv.sys
0xA33C4000 \SystemRoot\system32\DRIVERS\afcdp.sys
0xA5009000 \SystemRoot\system32\drivers\peauth.sys
0xA50E7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA50F1000 \??\d:\Program Files\Sandboxie\SbieDrv.sys
0xA510F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA511B000 \??\C:\Windows\system32\drivers\MGHwCtrl.sys
0xA5125000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA513B000 \??\C:\Windows\system32\drivers\mbam.sys
0xA5154000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77640000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll
Processes (total 73):
0 System Idle Process
4 System
648 C:\Windows\System32\smss.exe
748 csrss.exe
800 C:\Windows\System32\wininit.exe
808 csrss.exe
844 C:\Windows\System32\services.exe
864 C:\Windows\System32\lsass.exe
872 C:\Windows\System32\lsm.exe
1024 C:\Windows\System32\winlogon.exe
1048 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\nvvsvc.exe
1128 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\audiodg.exe
1472 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\SLsvc.exe
1540 C:\Windows\System32\svchost.exe
1616 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1832 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\spoolsv.exe
2040 C:\Windows\System32\svchost.exe
736 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
904 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
792 D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1368 C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
1632 C:\Windows\System32\agrsmsvc.exe
1824 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
1896 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
2148 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2256 C:\Program Files\Nero\Update\NASvc.exe
2300 C:\Program Files\System Control Manager\edd.exe
2332 C:\Windows\System32\PnkBstrA.exe
2356 C:\Windows\System32\svchost.exe
2424 D:\Program Files\Sandboxie\SbieSvc.exe
2508 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2520 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2548 C:\Windows\System32\svchost.exe
2616 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2672 C:\Windows\System32\SearchIndexer.exe
2856 D:\Program Files\Spybot2\SDWinSec.exe
3228 C:\Windows\System32\taskeng.exe
204 C:\Windows\System32\taskeng.exe
2944 C:\Windows\System32\dwm.exe
3584 C:\Windows\explorer.exe
3612 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
1640 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
1800 C:\Program Files\System Control Manager\MGSysCtrl.exe
1152 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2340 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3992 C:\Windows\RtHDVCpl.exe
1924 C:\Windows\System32\rundll32.exe
4012 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
420 C:\Program Files\Windows Media Player\wmpnscfg.exe
12 C:\Windows\System32\rundll32.exe
4000 C:\Program Files\Windows Sidebar\sidebar.exe
3812 D:\Program Files\Spybot2\TeaTimer.exe
4148 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4464 C:\Program Files\Windows Sidebar\sidebar.exe
5980 C:\Windows\System32\svchost.exe
4912 D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
5188 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5432 C:\Windows\System32\taskeng.exe
2800 C:\Windows\System32\mobsync.exe
5400 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3208 C:\Windows\System32\conime.exe
4832 D:\Program Files\Mozilla Firefox\firefox.exe
5640 C:\Windows\System32\SearchProtocolHost.exe
5884 C:\Windows\System32\SearchFilterHost.exe
5120 C:\Users\Aupex\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`770d7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`029d5600 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
__________________
10.06.2011, 11:16
Baum-Darstellung