Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet


Plagegeister aller Art und deren Bekämpfung: hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.12.2010, 15:04   #1
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet


Wie gewünscht, GMER, OSAM, und MBRCheck. Danke!

GMER:

Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-17 14:15:52
Windows 6.1.7600  Harddisk1\DR1 -> \Device\0000005e SAMSUNG_ rev.1AJ1
Running: hbso4x82.exe; Driver: C:\Users\xxxxxx\AppData\Local\Temp\pxldapod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAdjustPrivilegesToken [0x8DA48DAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcConnectPort [0x8DA4AFE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcCreatePort [0x8DA4B262]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcSendWaitReceivePort [0x8DA4B4D8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwClose [0x8DA496BE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwConnectPort [0x8DA4A4F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateEvent [0x8DA4AA3C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateFile [0x8DA4999A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateMutant [0x8DA4A922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateNamedPipeFile [0x8DA48998]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreatePort [0x8DA4A7F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSection [0x8DA48B40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSemaphore [0x8DA4AB5C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThread [0x8DA49344]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThreadEx [0x8DA49442]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateUserProcess [0x8DA4B722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateWaitablePort [0x8DA4A88C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDebugActiveProcess [0x8DA4C24A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDeviceIoControlFile [0x8DA49E1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDuplicateObject [0x8DA4D458]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwFsControlFile [0x8DA49C2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwLoadDriver [0x8DA4C33C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwMapViewOfSection [0x8DA4CAA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenEvent [0x8DA4AAD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenFile [0x8DA49740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenMutant [0x8DA4A9B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenProcess [0x8DA48FE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSection [0x8DA4C83E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSemaphore [0x8DA4ABF2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenThread [0x8DA48ED8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueryDirectoryObject [0x8DA4B7DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQuerySection [0x8DA4CDDE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueueApcThread [0x8DA4C6D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplaceKey [0x8DA47652]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyPort [0x8DA4AF56]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyWaitReceivePort [0x8DA4AE1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwRequestWaitReplyPort [0x8DA4BFE4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwRestoreKey [0x8DA479CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwResumeThread [0x8DA4D2FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSaveKey [0x8DA475EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSecureConnectPort [0x8DA4A238]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetContextThread [0x8DA49560]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetInformationToken [0x8DA4B87E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSecurityObject [0x8DA4C4DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSystemInformation [0x8DA4CF2E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendProcess [0x8DA4D020]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendThread [0x8DA4D15A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSystemDebugControl [0x8DA4C16E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateProcess [0x8DA4918E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateThread [0x8DA490E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwUnmapViewOfSection [0x8DA4CC82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwWriteVirtualMemory [0x8DA4927A]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                       82A89599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                82AADF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 220                                                   82AB5730 4 Bytes  [AA, 8D, A4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                   82AB5758 8 Bytes  CALL E538FC0C 
.text           ntkrnlpa.exe!RtlSidHashLookup + 28C                                                   82AB579C 4 Bytes  [D8, B4, A4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2B8                                                   82AB57C8 4 Bytes  [BE, 96, A4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2DC                                                   82AB57EC 4 Bytes  [F2, A4, A4, 8D]
.text           ...                                                                                   

---- Devices - GMER 1.0.15 ----

Device                                                                                                Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
Device                                                                                                MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device                                                                                                fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \FileSystem\Mup \Device\Mup                                                           MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice                                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer                                        MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                    MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                     MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                         MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                      MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                     MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

---- EOF - GMER 1.0.15 ----


OSAM

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:27:09 on 17.12.2010

OS: Windows 7 Enterprise Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\kloehk.dll

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\xxxxxx\AppData\Local\Temp\catchme.sys  (File not found)
"CBDisk" (CBDisk) - "EldoS Corporation" - C:\Windows\system32\drivers\CBDisk.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"MacDrive file system driver" (MDFSYSNT) - "Mediafour Corporation" - C:\Windows\system32\drivers\MDFSYSNT.sys
"MacDrive partition driver" (MDPMGRNT) - "Mediafour Corporation" - C:\Windows\system32\drivers\MDPMGRNT.sys
"pxldapod" (pxldapod) - ? - C:\Users\xxxxxx\AppData\Local\Temp\pxldapod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} "Mediafour Mac file columns" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} "Mediafour Mac file columns" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0} "Mediafour Mac file properties" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\klwtbbho.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\klwtbbho.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\ievkbd.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"3RVX" - "matt.malensek.net" - C:\Program Files\3RVX\3RVX.exe
"Adobe Acrobat Synchronizer" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Internet Security\avp.exe"
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"Getting started with MacDrive 8" - "Mediafour Corporation" - "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
"HDAudDeck" - "VIA" - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MacDrive 8 application" - "Mediafour Corporation" - "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript
"Nike+ Connect" - "Nike" - "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\avp.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MacDrive 8 service" (MacDrive8Service) - "Mediafour Corporation" - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\TeamViewer_Service.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Enterprise Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	ASRock
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		To Be Filled By O.E.M.
System Product Name:		To Be Filled By O.E.M.
Logical Drives Mask:		0x000000bd

Kernel Drivers (total 167):
  0x82A46000 \SystemRoot\system32\ntkrnlpa.exe
  0x82A0F000 \SystemRoot\system32\halmacpi.dll
  0x80BB8000 \SystemRoot\system32\kdcom.dll
  0x83A14000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x83A1F000 \SystemRoot\system32\PSHED.dll
  0x83A30000 \SystemRoot\system32\BOOTVID.dll
  0x83A38000 \SystemRoot\system32\CLFS.SYS
  0x83A7A000 \SystemRoot\system32\CI.dll
  0x88402000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x88924000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x88995000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x889A3000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x889EB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x889F4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x83B25000 \SystemRoot\system32\DRIVERS\pci.sys
  0x83B4F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83B5A000 \SystemRoot\System32\drivers\partmgr.sys
  0x83B6B000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x83B73000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x83B7E000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83B8E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83BD9000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x83BE0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x88A23000 \SystemRoot\System32\drivers\mountmgr.sys
  0x88A39000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x88A42000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x88A65000 \SystemRoot\system32\DRIVERS\nvstor.sys
  0x88A8A000 \SystemRoot\system32\DRIVERS\storport.sys
  0x88AD1000 \SystemRoot\system32\DRIVERS\nvstor32.sys
  0x88B08000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x88B11000 \SystemRoot\System32\Drivers\MDPMGRNT.sys
  0x88B1C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x88B50000 \SystemRoot\system32\drivers\fileinfo.sys
  0x88C09000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88D38000 \SystemRoot\System32\Drivers\msrpc.sys
  0x88D63000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88D76000 \SystemRoot\System32\Drivers\cng.sys
  0x88DD3000 \SystemRoot\System32\drivers\pcw.sys
  0x88DE1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x88E0C000 \SystemRoot\system32\drivers\ndis.sys
  0x88EC3000 \SystemRoot\system32\drivers\NETIO.SYS
  0x88F01000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8902E000 \SystemRoot\System32\drivers\tcpip.sys
  0x89177000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x891A8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x891B1000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x891F0000 \SystemRoot\System32\Drivers\spldr.sys
  0x89000000 \SystemRoot\System32\drivers\rdyboost.sys
  0x88F26000 \SystemRoot\System32\Drivers\mup.sys
  0x88F36000 \SystemRoot\System32\Drivers\MDFSYSNT.sys
  0x891F8000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x88F78000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x88FAA000 \SystemRoot\system32\DRIVERS\disk.sys
  0x88FBB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x88B98000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8DA1C000 \SystemRoot\system32\DRIVERS\klif.sys
  0x8DA9F000 \SystemRoot\System32\Drivers\Null.SYS
  0x8DAA6000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8DAAD000 \SystemRoot\System32\drivers\vga.sys
  0x8DAB9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8DADA000 \SystemRoot\System32\drivers\watchdog.sys
  0x8DAE7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8DAEF000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8DAF7000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8DAFF000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8DB0A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8DB18000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8DB2F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8DB3A000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x8DB40000 \SystemRoot\system32\drivers\afd.sys
  0x8DB9A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8DBCC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8DBD3000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8DBF2000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x8DA00000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x88BB7000 \SystemRoot\system32\DRIVERS\serial.sys
  0x88BD1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x88BE4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8E22A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8E26B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E275000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8E27F000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x8E284000 \SystemRoot\System32\drivers\discache.sys
  0x8E290000 \SystemRoot\system32\drivers\csc.sys
  0x8E2F4000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E30C000 \??\C:\Windows\system32\drivers\CBDisk.sys
  0x8E319000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8E327000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E348000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x8E359000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x8E364000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8E37C000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8E386000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8E390000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8E3DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E654000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8E67E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8F21D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8E684000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8FB83000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x8FBBC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x8FBC9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x8FBDB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8FBF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8E73B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8E75D000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8E774000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8E78B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x8E795000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E7A2000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E7AF000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x8E7BA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8F218000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F01A000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F04E000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F05C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8F066000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8F0AA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8FE1A000 \SystemRoot\system32\drivers\viahduaa.sys
  0x8FF99000 \SystemRoot\system32\drivers\portcls.sys
  0x8FFC8000 \SystemRoot\system32\drivers\drmk.sys
  0x8FFE1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8FFF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8FE00000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8F0BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FE0B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8FE12000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x8F0CE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8F0DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8F0E5000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x8F0ED000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x8F0F6000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8F103000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8F10D000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
  0x8F144000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x94AA0000 \SystemRoot\System32\win32k.sys
  0x8F155000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F15F000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94D00000 \SystemRoot\System32\TSDDD.dll
  0x94D30000 \SystemRoot\System32\cdd.dll
  0x94D50000 \SystemRoot\System32\ATMFD.DLL
  0x8F16A000 \SystemRoot\system32\drivers\luafv.sys
  0x8F185000 \SystemRoot\system32\drivers\WudfPf.sys
  0x8F19F000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8F1AF000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x95E2A000 \SystemRoot\system32\drivers\HTTP.sys
  0x95EAF000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x95EC8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x95EDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x95EFD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x95F38000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x95F53000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0x95F5A000 \SystemRoot\system32\drivers\peauth.sys
  0x95FF1000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x95E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8F1C2000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x99C38000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x99C87000 \SystemRoot\System32\DRIVERS\srv.sys
  0x99D42000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x99DB5000 \??\C:\Users\xxxxxx\AppData\Local\Temp\pxldapod.sys
  0x99CD8000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
  0x77840000 \Windows\System32\ntdll.dll
  0x48150000 \Windows\System32\smss.exe
  0x77A80000 \Windows\System32\apisetschema.dll
  0x003B0000 \Windows\System32\autochk.exe

Processes (total 49):
       0 System Idle Process
       4 System
     320 C:\Windows\System32\smss.exe
     472 csrss.exe
     532 C:\Windows\System32\wininit.exe
     544 csrss.exe
     596 C:\Windows\System32\winlogon.exe
     632 C:\Windows\System32\services.exe
     648 C:\Windows\System32\lsass.exe
     656 C:\Windows\System32\lsm.exe
     748 C:\Windows\System32\svchost.exe
     824 C:\Windows\System32\svchost.exe
     876 C:\Windows\System32\svchost.exe
     980 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1284 C:\Windows\System32\svchost.exe
    1436 C:\Windows\System32\spoolsv.exe
    1484 C:\Windows\System32\svchost.exe
    1580 C:\Windows\System32\dwm.exe
    1652 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1676 C:\Windows\System32\taskhost.exe
    1716 C:\Windows\explorer.exe
    1828 C:\Program Files\Bonjour\mDNSResponder.exe
    1864 C:\Windows\System32\svchost.exe
    1912 C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
    2020 C:\Windows\System32\svchost.exe
    1196 C:\Program Files\TeamViewer\TeamViewer_Service.exe
    2784 C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
    2904 C:\Program Files\iTunes\iTunesHelper.exe
    3476 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    3516 C:\Windows\System32\SearchIndexer.exe
    3592 C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    3600 C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
    3664 C:\Program Files\3RVX\3RVX.exe
    3812 C:\Windows\System32\svchost.exe
    3004 C:\Program Files\iPod\bin\iPodService.exe
    3568 C:\Windows\System32\svchost.exe
    4532 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5460 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    2724 C:\Program Files\Kaspersky Internet Security\avp.exe
    6072 C:\Program Files\Kaspersky Internet Security\avp.exe
    5024 C:\Windows\System32\audiodg.exe
    2828 C:\Windows\System32\SearchProtocolHost.exe
    4964 C:\Program Files\Mozilla Firefox\firefox.exe
    3620 C:\Program Files\Kaspersky Internet Security\klwtblfs.exe
    3468 C:\Users\xxxxxx\Desktop\MBRCheck.exe
    5016 C:\Windows\System32\conhost.exe
    3140 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000024`ae0ba000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive1 Model Number: SAMSUNGHD103SJ, Rev: 1AJ1
PhysicalDrive0 Model Number: HitachiHDT725040VLAT80, Rev: V5COA42A

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    372 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Antwort

Themen zu hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet
analysis, antivir, audiodg.exe, avp.exe, bho, bonjour, canon, corp./icp, dgfdgsdf.bat, document, error, excel.exe, firefox, firefox.exe, flash player, fontcache, format, frage, gruppe, helper, hotfix.exe, hängen, install.exe, installation, kaspersky, location, maleware, media center, microsoft office word, mozilla, nvlddmkm.sys, nvmf6232.sys, nvstor.sys, oldtimer, otl.exe, programdata, registry, richtlinie, rundll, saver, scan, searchplugins, security, senden, shell32.dll, software, studio, taskhost.exe, tastatur, url-umleitungen, usb, vdeck.exe, virus, visual studio, vlc media player, warnung, webcheck, windows


« Langsamer PC / Teilw kein Internet | Firefox öffnet Spamseiten, Onlinebanking ruft freetalkgames.com auf »


Ähnliche Themen: hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet


  1. ColdFusion-Hotfix: Angreifer können beliebige Dateien auslesen
    Nachrichten - 28.08.2015 (0)
  2. WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam
    Log-Analyse und Auswertung - 02.06.2015 (23)
  3. Freak Attack: Hotfix legt Windows Update lahm
    Nachrichten - 07.03.2015 (0)
  4. Suchanfragen und angeklickte Links werden umgeleitet....sehr merkwürdig..unerwünschte Pop up fenster öffnen plötzlich
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (25)
  5. Windows 7: Google-Suchanfragen werden umgeleitet (Ihavenet, Newsbusters)
    Log-Analyse und Auswertung - 09.09.2013 (7)
  6. Probleme mit FF und IE die Suchanfragen bei google werden auf http://click.sureonlinefind.com umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (29)
  7. Hotfix stopft kritische Lücken in Adobes ColdFusion
    Nachrichten - 16.01.2013 (0)
  8. Hotfix für ColdFusion 10
    Nachrichten - 19.11.2012 (0)
  9. Suchanfragen werden umgeleitet
    Log-Analyse und Auswertung - 04.07.2011 (3)
  10. Suchanfragen (Google, Yahoo, etc.) werden umgeleitet (Firefox)
    Log-Analyse und Auswertung - 03.07.2011 (7)
  11. Suchanfragen werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (16)
  12. Hotfix behebt PowerPoint-2003-Problem
    Nachrichten - 27.04.2011 (0)
  13. Google Suchanfragen werden umgeleitet
    Log-Analyse und Auswertung - 17.11.2010 (19)
  14. Google - Suchanfragen werden umgeleitet, manipulierte TCP/IP-Einstellungen
    Log-Analyse und Auswertung - 14.11.2010 (19)
  15. Recommended Hotfix/SED.exe Bitte um Hilfe
    Log-Analyse und Auswertung - 15.12.2004 (2)
  16. W32/Nachi trotz Hotfix?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2003 (1)
  17. Win2000 hotfix Q328310 per KAV-Autoupdater für Win98
    Antiviren-, Firewall- und andere Schutzprogramme - 04.05.2003 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Wie gewünscht, GMER, OSAM , und MBRCheck. Danke! GMER: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2010-12-17 14:15:52 Windows 6.1.7600 Harddisk1\DR1 -> \Device\0000005e SAMSUNG_ rev.1AJ1 Running: - hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet...
Archiv
Du betrachtest: hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131