| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RtkBtMnt.exe im Temp Ordner - Windows 7 - BEFALLWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.04.2011, 17:46
| #23 |
 |  RtkBtMnt.exe im Temp Ordner - Windows 7 - BEFALL danke Arne. Der Gemer hat mich den ganzen Nachmittag umsonst gekostet. Hat gescannt und nach drei Stunden ungefähr war er fertig, aber als ich drauf klickte ist er abgestürzt mit samt seiner 32 Milliarden Daten. Er hat auf meiner Ramdisk, der ja der Temp Ordner namens T ist einen Windows Ordner mit tausenden Dateien gescannt, den ich gar nicht dort sehe. Na ja, muss ja nicht alles verstehen. Hier der OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:37:17 on 03.04.2011 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "PLWMidiMap.cpl" - "Putzlowitsch" - C:\Windows\system32\PLWMidiMap.cpl "WacomTablet.cpl" - "Wacom Technology, Corp." - C:\Windows\system32\WacomTablet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Bamboo" - "Wacom Technology, Corp." - C:\Program Files\Tablet\Pen\Consumer_CPL.exe "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "Wacom Tablett" - "Wacom Technology, Corp." - C:\Windows\system32\WacomTablet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a2acc" (a2acc) - "Emsi Software GmbH" - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys "Acronis Try&Decide and Restore Points filter" (tdrpman) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpman.sys "Aspi32" (Aspi32) - "Adaptec" - C:\Windows\System32\drivers\aspi32.sys "catchme" (catchme) - ? - T:\TEMP\catchme.sys (File not found) "cbfs3" (cbfs3) - "EldoS Corporation" - C:\Windows\system32\drivers\cbfs3.sys "DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys (File not found) "kgldipod" (kgldipod) - ? - T:\TEMP\kgldipod.sys (Hidden registry entry, rootkit activity | File not found) "mbr" (mbr) - ? - C:\Cofi.exe\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MpKsl66cf2e2f" (MpKsl66cf2e2f) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37563E15-D2A0-47B6-84A3-03FD8FCAE4B6}\MpKsl66cf2e2f.sys (File not found) "MpKsl892c9348" (MpKsl892c9348) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5ADC00A-7806-463E-9C83-E5C9B3D122FF}\MpKsl892c9348.sys "MpKslda63107b" (MpKslda63107b) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66193AB5-5D42-498E-A3C9-EF5CAC0D8D2D}\MpKslda63107b.sys (File not found) "Pen Class" (PenClass) - "Wacom Technology Corporation" - C:\Windows\System32\Drivers\PenClass.sys "Ramdisk Driver" (RRamdisk) - "gavotte" - C:\Windows\System32\DRIVERS\rramdisk.sys "SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynasUSB.sys "TVICPORT" (TVicPort) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\TVICPORT.SYS [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {1984DD45-52CF-49cd-AB77-18F378FEA264} "FencesShlExt Class" - "Stardock" - C:\Program Files\Stardock\Fences\FencesMenu.dll {1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt Class" - "Stardock" - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\shellext.dll {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\ProgramData\AllDup\FEShlExt.dll {1984DD45-52CF-49cd-AB77-18F378FEA264} "FencesShlExt Class" - "Stardock" - C:\Program Files\Stardock\Fences\FencesMenu.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt Class" - "Stardock" - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "PhotoToysClone" - "Brice Lambson" - C:\Program Files\Brice Lambson\PhotoToysClone\PhotoToysClone.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found) {0420B051-ECD8-4B18-9037-8739B4B6469F} "WebDavContextMenu Class" - "Deutsche Telekom AG" - C:\Windows\system32\WebDAV.ShellExtension.dll {0774B5A9-ADB5-4D3A-915F-72C7EF9CD262} "WebDavOverlayUpload Class" - "Deutsche Telekom AG" - C:\Windows\system32\WebDAV.ShellExtension.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe {1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? - (File not found | COM-object registry key not found) {1984DD45-52CF-49cd-AB77-18F378FEA264} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984DD45-52CF-49cd-AB77-18F378FEA264} {000214e8-0000-0000-c000-000000000046} 0x401" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "Buyertools Reminder" - ? - C:\Program Files\Buyertools Reminder\ReminderIE.exe (File found, but it contains no detailed information) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (File found, but it contains no detailed information) {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Program Files\Winload\tbWinl.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Stardock ObjectDock.lnk" - "Stardock" - C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Buyertools Reminder" - "Buyertools Ltd." - "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ACFanControl" - "troubadix" - C:\Program Files\ACFanControl\ACFanControl.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Windows7FirewallControl" - "Sphinx Software" - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Virtual Network Shares CallbackFS v3" - "EldoS Corporation" - C:\Windows\System32\CbFsNetRdr3.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "SSA1M Langmon" - ? - C:\Windows\system32\ssa1ml3.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "Acronis Try And Decide Service" (TryAndDecideService) - ? - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (File found, but it contains no detailed information) "Emsisoft Anti-Malware 5.0 - Service" (a2AntiMalware) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2service.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Mediencenter Service" (MCSWASVR) - "Deutsche Telekom AG" - C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe "Nalpeiron Licensing Service" (nlsX86cc) - "Nalpeiron Ltd." - C:\Windows\system32\NlsSrv32.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files\ShadowExplorer\sesvc.exe "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "TabletServicePen" (TabletServicePen) - "Wacom Technology, Corp." - C:\Program Files\Tablet\Pen\Pen_Tablet.exe "TabletServiceWacom" (TabletServiceWacom) - "Wacom Technology, Corp." - C:\Windows\system32\Wacom_Tablet.exe "Wacom Consumer Touch Service" (TouchServicePen) - "Wacom Technology, Corp." - C:\Program Files\Tablet\Pen\Pen_TouchService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Windows7FirewallService" (Windows7FirewallService) - "Sphinx Software" - C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Und Hier MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 32-bit Base Board Manufacturer: Acer, Inc. BIOS Manufacturer: Acer System Manufacturer: Acer, inc. System Product Name: Extensa 7630EZ Logical Drives Mask: 0x0008003c Kernel Drivers (total 208): 0x82E03000 \SystemRoot\system32\ntkrnlpa.exe 0x83215000 \SystemRoot\system32\halmacpi.dll 0x80BAD000 \SystemRoot\system32\kdcom.dll 0x83818000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8389D000 \SystemRoot\system32\PSHED.dll 0x838AE000 \SystemRoot\system32\BOOTVID.dll 0x838B6000 \SystemRoot\system32\CLFS.SYS 0x838F8000 \SystemRoot\system32\CI.dll 0x83A23000 \SystemRoot\system32\drivers\Wdf01000.sys 0x83A94000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x83AA2000 \SystemRoot\system32\drivers\ACPI.sys 0x83AEA000 \SystemRoot\system32\drivers\WMILIB.SYS 0x83AF3000 \SystemRoot\system32\drivers\msisadrv.sys 0x83AFB000 \SystemRoot\system32\drivers\pci.sys 0x83B25000 \SystemRoot\system32\drivers\vdrvroot.sys 0x83B30000 \SystemRoot\System32\drivers\partmgr.sys 0x83B41000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x83B49000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x83B54000 \SystemRoot\system32\drivers\volmgr.sys 0x83B64000 \SystemRoot\System32\drivers\volmgrx.sys 0x83BAF000 \SystemRoot\system32\drivers\pciide.sys 0x83BB6000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x83BC4000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x83BF2000 \SystemRoot\system32\DRIVERS\rramdisk.sys 0x83A00000 \SystemRoot\System32\drivers\mountmgr.sys 0x83A16000 \SystemRoot\system32\drivers\atapi.sys 0x839A3000 \SystemRoot\system32\drivers\ataport.SYS 0x839C6000 \SystemRoot\system32\drivers\amdxata.sys 0x8B238000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B26C000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B27D000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B3AC000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B3D7000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B41B000 \SystemRoot\System32\Drivers\cng.sys 0x8B478000 \SystemRoot\System32\drivers\pcw.sys 0x8B486000 \SystemRoot\system32\Drivers\PenClass.sys 0x8B488000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B491000 \SystemRoot\system32\drivers\ndis.sys 0x8B548000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B586000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B635000 \SystemRoot\System32\drivers\tcpip.sys 0x8B77F000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B803000 \SystemRoot\system32\DRIVERS\timntr.sys 0x8B86E000 \SystemRoot\system32\drivers\volsnap.sys 0x8B8AD000 \SystemRoot\system32\DRIVERS\tdrpman.sys 0x8B906000 \SystemRoot\System32\Drivers\spldr.sys 0x8B90E000 \SystemRoot\system32\DRIVERS\snapman.sys 0x8B92C000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B959000 \SystemRoot\System32\Drivers\mup.sys 0x8B969000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B971000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B9A3000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B9B4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B7C1000 \SystemRoot\system32\drivers\cdrom.sys 0x8B600000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x8B627000 \SystemRoot\System32\Drivers\Null.SYS 0x8B62E000 \SystemRoot\System32\Drivers\Beep.SYS 0x8B7E0000 \SystemRoot\System32\drivers\vga.sys 0x8B5AB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8B7EC000 \SystemRoot\System32\drivers\watchdog.sys 0x8B5CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8B5D4000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8B5DC000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8B5E4000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B5EF000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B400000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B3EA000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90436000 \SystemRoot\system32\drivers\afd.sys 0x90490000 \SystemRoot\System32\DRIVERS\netbt.sys 0x904C2000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x904C9000 \SystemRoot\system32\DRIVERS\pacer.sys 0x904E8000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x904F9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x90507000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x90542000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90555000 \SystemRoot\system32\drivers\termdd.sys 0x90566000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x905A7000 \SystemRoot\system32\drivers\nsiproxy.sys 0x905B1000 \SystemRoot\system32\drivers\mssmbios.sys 0x905BB000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37563E15-D2A0-47B6-84A3-03FD8FCAE4B6}\MpKsl66cf2e2f.sys 0x905C1000 \SystemRoot\System32\drivers\discache.sys 0x905CD000 \SystemRoot\System32\Drivers\dfsc.sys 0x93E03000 \??\C:\Windows\system32\drivers\cbfs3.sys 0x93E42000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x93E50000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x93E71000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x93E75000 \SystemRoot\system32\drivers\wmiacpi.sys 0x95037000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x93E7E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x95954000 \SystemRoot\System32\drivers\dxgmms1.sys 0x9598D000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x95998000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x959E3000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x95000000 \SystemRoot\system32\drivers\HDAudBus.sys 0x94217000 \SystemRoot\system32\DRIVERS\athr.sys 0x94327000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x94331000 \SystemRoot\system32\DRIVERS\b57nd60x.sys 0x9436D000 \SystemRoot\system32\drivers\echondgo.sys 0x94390000 \SystemRoot\system32\drivers\portcls.sys 0x943BF000 \SystemRoot\system32\drivers\drmk.sys 0x93F35000 \SystemRoot\system32\drivers\ks.sys 0x943D8000 \SystemRoot\system32\drivers\i8042prt.sys 0x943F0000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x94200000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9501F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x93F69000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x959F2000 \SystemRoot\system32\drivers\CompositeBus.sys 0x9420D000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys 0x93F7B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x9420F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x943FA000 \SystemRoot\system32\DRIVERS\wacomvhid.sys 0x93F8E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x93FA0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x9502C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x93FB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x93FDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x905E5000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x90400000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x93FF2000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x943FC000 \SystemRoot\system32\drivers\swenum.sys 0x90417000 \SystemRoot\system32\drivers\umbus.sys 0x9AE15000 \SystemRoot\system32\drivers\usbhub.sys 0x9AE59000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9AE65000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9AE70000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys 0x9AE78000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9BC04000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x9BE8C000 \SystemRoot\system32\drivers\usbccgp.sys 0x9BEA3000 \SystemRoot\system32\drivers\USBD.SYS 0x9BEA5000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9BEB0000 \SystemRoot\System32\Drivers\usbvideo.sys 0x9C050000 \SystemRoot\System32\win32k.sys 0x9BED4000 \SystemRoot\System32\drivers\Dxapi.sys 0x9BEDE000 \SystemRoot\System32\Drivers\crashdmp.sys 0x9BEEB000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x9BEF6000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x9BEFF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x9BF10000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9C2B0000 \SystemRoot\System32\TSDDD.dll 0x9C2E0000 \SystemRoot\System32\cdd.dll 0x9BF1B000 \SystemRoot\system32\drivers\luafv.sys 0x9BF36000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0x9BF40000 \SystemRoot\system32\drivers\WudfPf.sys 0x9BF5A000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9BF6A000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9BFB0000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9BFC0000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9AE89000 \SystemRoot\system32\drivers\HTTP.sys 0x9BFD3000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9BFEC000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9AF0E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9AF31000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9AF6C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9BC00000 \SystemRoot\System32\drivers\aspi32.sys 0xAF607000 \SystemRoot\system32\drivers\peauth.sys 0xAF69E000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAF6A8000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAF6C9000 \??\C:\Windows\system32\Drivers\SSPORT.sys 0xAF6D0000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAF6DD000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAF72C000 \SystemRoot\System32\DRIVERS\srv.sys 0xAF7E7000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xAF7F0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0xAF7F2000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0xAF79B000 \??\T:\TEMP\catchme.sys 0xAF785000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAF7A3000 \??\T:\TEMP\kgldipod.sys 0xAF7CA000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys 0xAF7D6000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5ADC00A-7806-463E-9C83-E5C9B3D122FF}\MpKsl892c9348.sys 0x76E40000 \Windows\System32\ntdll.dll 0x475D0000 \Windows\System32\smss.exe 0x77080000 \Windows\System32\apisetschema.dll 0x00840000 \Windows\System32\autochk.exe 0x77020000 \Windows\System32\gdi32.dll 0x76FE0000 \Windows\System32\ws2_32.dll 0x76D60000 \Windows\System32\kernel32.dll 0x76CD0000 \Windows\System32\clbcatq.dll 0x76B30000 \Windows\System32\setupapi.dll 0x76A60000 \Windows\System32\msctf.dll 0x76FC0000 \Windows\System32\imm32.dll 0x76900000 \Windows\System32\ole32.dll 0x76850000 \Windows\System32\rpcrt4.dll 0x76FB0000 \Windows\System32\normaliz.dll 0x76F80000 \Windows\System32\imagehlp.dll 0x76840000 \Windows\System32\nsi.dll 0x767F0000 \Windows\System32\Wldap32.dll 0x75BA0000 \Windows\System32\shell32.dll 0x75B80000 \Windows\System32\sechost.dll 0x75AE0000 \Windows\System32\usp10.dll 0x75A80000 \Windows\System32\shlwapi.dll 0x759F0000 \Windows\System32\oleaut32.dll 0x758F0000 \Windows\System32\wininet.dll 0x758E0000 \Windows\System32\psapi.dll 0x75830000 \Windows\System32\msvcrt.dll 0x757B0000 \Windows\System32\comdlg32.dll 0x756E0000 \Windows\System32\user32.dll 0x754E0000 \Windows\System32\iertutil.dll 0x75440000 \Windows\System32\advapi32.dll 0x753E0000 \Windows\System32\difxapi.dll 0x753D0000 \Windows\System32\lpk.dll 0x75290000 \Windows\System32\urlmon.dll 0x75240000 \Windows\System32\KernelBase.dll 0x75120000 \Windows\System32\crypt32.dll 0x750F0000 \Windows\System32\wintrust.dll 0x750D0000 \Windows\System32\devobj.dll 0x750A0000 \Windows\System32\cfgmgr32.dll 0x75010000 \Windows\System32\comctl32.dll 0x75000000 \Windows\System32\msasn1.dll Processes (total 70): 0 System Idle Process 4 System 392 C:\Windows\System32\smss.exe 536 csrss.exe 580 C:\Windows\System32\wininit.exe 596 csrss.exe 636 C:\Windows\System32\services.exe 660 C:\Windows\System32\lsass.exe 668 C:\Windows\System32\lsm.exe 724 C:\Windows\System32\winlogon.exe 812 C:\Windows\System32\svchost.exe 876 C:\Program Files\Emsisoft Anti-Malware\a2service.exe 960 C:\Windows\System32\svchost.exe 1008 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 1120 C:\Windows\System32\svchost.exe 1176 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\svchost.exe 1348 C:\Windows\System32\svchost.exe 1408 C:\Program Files\Tablet\Pen\Pen_TouchService.exe 1500 C:\Windows\System32\wisptis.exe 1536 C:\Windows\System32\svchost.exe 1708 C:\Windows\System32\spoolsv.exe 1736 C:\Windows\System32\svchost.exe 1820 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 1864 C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe 112 C:\Windows\System32\wisptis.exe 420 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 548 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe 664 C:\Windows\System32\taskhost.exe 936 C:\Windows\System32\dwm.exe 2400 C:\Windows\System32\NlsSrv32.exe 2432 C:\Program Files\CDBurnerXP\NMSAccessU.exe 2496 C:\Program Files\ShadowExplorer\sesvc.exe 2544 C:\Windows\System32\svchost.exe 2568 C:\Program Files\Tablet\Pen\Pen_Tablet.exe 2604 C:\Windows\System32\Wacom_Tablet.exe 2656 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe 2720 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe 2744 C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe 2772 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2896 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3024 C:\Windows\System32\WTablet\Wacom_TabletUser.exe 3080 C:\Windows\System32\Wacom_Tablet.exe 3120 C:\Program Files\Tablet\Pen\Pen_Tablet.exe 3368 C:\Windows\System32\svchost.exe 3736 C:\Windows\System32\svchost.exe 2348 C:\Windows\System32\SearchIndexer.exe 2372 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe 3632 C:\Program Files\Windows Media Player\wmpnetwk.exe 2756 C:\Program Files\Microsoft Security Client\msseces.exe 4448 C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe 4616 C:\Windows\explorer.exe 5164 C:\Windows\explorer.exe 2600 C:\Windows\explorer.exe 5332 C:\Windows\System32\svchost.exe 4184 C:\Windows\System32\taskhost.exe 4120 C:\Windows\explorer.exe 6016 C:\Windows\explorer.exe 5608 C:\Windows\explorer.exe 5988 C:\Windows\explorer.exe 4700 C:\Windows\explorer.exe 2292 C:\Windows\explorer.exe 2408 C:\Windows\explorer.exe 2208 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 1248 C:\Program Files\Mozilla Firefox\firefox.exe 4760 C:\Windows\System32\audiodg.exe 3232 C:\Windows\System32\notepad.exe 1844 C:\Users\***\Desktop\MBRCheck.exe 5396 C:\Windows\System32\conhost.exe 3488 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c0100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`7c500000 (NTFS) \\.\T: --> error 1 PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
| Themen zu RtkBtMnt.exe im Temp Ordner - Windows 7 - BEFALL |
| administrator, anfang, anfänger, befall, datei, dateien, fix, gelöscht, löschen, malwarebytes, microsoft, microsoft security, microsoft security essentials, neustart, nicht mehr, ordner, prozess, rar datei, rechner, registry, scan, security, sophos, sophos anti-rootkit, system, system32, tablet, temp, voll, windows, write |
Baum-Darstellung