Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
windows\system32\drivers\sptd.sys - Rootkit Modification

windows\system32\drivers\sptd.sys - Rootkit Modification


Plagegeister aller Art und deren Bekämpfung: windows\system32\drivers\sptd.sys - Rootkit Modification

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 05.06.2011, 15:15   #16
einfach
 
windows\system32\drivers\sptd.sys - Rootkit Modification - Standard

windows\system32\drivers\sptd.sys - Rootkit Modification


[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-05.01 - dani 05.06.2011  15:43:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1834 [GMT 2:00]
ausgeführt von:: c:\users\dani\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\dani\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\32788R22FWJFW
c:\users\dani\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA}
c:\users\dani\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50}
c:\users\dani\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300}
c:\users\dani\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E}
c:\users\dani\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8}
c:\users\dani\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-05 bis 2011-06-05  ))))))))))))))))))))))))))))))
.
.
2011-06-05 13:57 . 2011-06-05 13:58	--------	d-----w-	c:\users\dani\AppData\Local\temp
2011-06-05 13:57 . 2011-06-05 13:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-05 11:57 . 2011-06-05 12:12	--------	d-----w-	C:\cofi
2011-06-03 14:20 . 2011-06-03 14:20	--------	d-----w-	C:\_OTL
2011-06-03 12:23 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5519886E-B10B-4A66-8E44-509DCD13BE66}\mpengine.dll
2011-05-31 16:49 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 16:49 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-24 16:52 . 2011-05-10 12:03	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-05-11 11:59 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-06-29 09:56	40112	----a-w-	c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-04-20 09:13	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-04-20 09:14	307928	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-04-20 09:14	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-04-20 09:14	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-04-20 09:14	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-04-20 09:14	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-04-09 16:55 . 2011-04-09 16:55	15453336	----a-w-	c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55	13642904	----a-w-	c:\windows\system32\xlivefnt.dll
2011-03-17 02:00 . 2011-03-17 02:00	108144	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-03-12 21:55 . 2011-04-27 14:04	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 08:11	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 08:11	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-09 13:30 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2008-07-02 03:28 . 2008-07-02 03:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2009-03-31 20:47 . 2009-08-07 21:19	324976	----a-w-	c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VLC play! Server.lnk - c:\program files\ageye\VLC play! Server\VLCplayServer.exe [2011-5-5 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"openvpn-gui"=c:\program files\OpenVPN\bin\openvpn-gui.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-05 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]
.
2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{3CDFAA12-AB5C-4A00-A36F-295ADAD51018}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\dani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\dani\AppData\Roaming\Mozilla\Firefox\Profiles\r40js1v1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-05 15:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5552)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2011-06-05  16:07:06
ComboFix-quarantined-files.txt  2011-06-05 14:06
ComboFix2.txt  2011-06-05 12:12
.
Vor Suchlauf: 14 Verzeichnis(se), 11.412.004.864 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 11.364.220.928 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 282E93606EEB3C828F7DF13D515A4192
--- --- ---
Alt 05.06.2011, 15:45   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows\system32\drivers\sptd.sys - Rootkit Modification - Standard

windows\system32\drivers\sptd.sys - Rootkit Modification


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________

__________________
Alt 05.06.2011, 16:57   #18
einfach
 
windows\system32\drivers\sptd.sys - Rootkit Modification - Standard

windows\system32\drivers\sptd.sys - Rootkit Modification


Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit quick scan 2011-06-05 17:47:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9320320AS rev.0303
Running: qm5ou81i.exe; Driver: C:\Users\dani\AppData\Local\Temp\kwtdapod.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0x905C5902]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                                                 aswSP.SYS (avast! self protection module/AVAST Software)
Device                                                                                                 Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                         AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device                                                                                                 fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice                                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Code:
ATTFilter
OSAM Logfile:


	
Code: 

 
ATTFilter


  

	
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:52:34 on 05.06.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\dani\AppData\Local\Temp\catchme.sys  (File not found)
"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwtdapod" (kwtdapod) - ? - C:\Users\dani\AppData\Local\Temp\kwtdapod.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"NAVENG" (NAVENG) - ? - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100419.002\NAVENG.SYS  (File not found)
"NAVEX15" (NAVEX15) - ? - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100419.002\NAVEX15.SYS  (File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
"TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0801.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VLC play! Server.lnk" - "ageye GbR" - C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ASUSTPE" - "ASUS" - C:\Windows\system32\ASUSTPE.exe
"P2Go_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"Zune Launcher" - "Microsoft Corporation" - "C:\Program Files\Zune\ZuneLauncher.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Windows\System32\TuneUpDefragService.exe
"@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\Windows\System32\TUProgSt.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe
"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Zune Network Sharing Service" (ZuneNetworkSvc) - "Microsoft Corporation" - C:\Program Files\Zune\ZuneNss.exe
"Zune Windows Mobile Connectivity Service" (WMZuneComm) - "Microsoft Corporation" - C:\Program Files\Zune\WMZuneComm.exe
"Zune Wireless Configuration Service" (ZuneWlanCfgSvc) - "Microsoft Corporation" - C:\Program Files\Zune\ZuneWlanCfgSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	PEGATRON CORPORATION
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ASUSTeK Computer Inc.
System Product Name:		F5SR
Logical Drives Mask:		0x0001009c

Kernel Drivers (total 163):
  0x83044000 \SystemRoot\system32\ntkrnlpa.exe
  0x83011000 \SystemRoot\system32\hal.dll
  0x8060B000 \SystemRoot\system32\kdcom.dll
  0x80612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80682000 \SystemRoot\system32\PSHED.dll
  0x80693000 \SystemRoot\system32\BOOTVID.dll
  0x8069B000 \SystemRoot\system32\CLFS.SYS
  0x806DC000 \SystemRoot\system32\CI.dll
  0x83609000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8367A000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83688000 \SystemRoot\system32\drivers\acpi.sys
  0x836CE000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x836D7000 \SystemRoot\system32\drivers\msisadrv.sys
  0x836DF000 \SystemRoot\system32\drivers\pci.sys
  0x83706000 \SystemRoot\System32\drivers\partmgr.sys
  0x83715000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x83718000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x83722000 \SystemRoot\system32\drivers\volmgr.sys
  0x83731000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8377B000 \SystemRoot\system32\drivers\pciide.sys
  0x83782000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x83790000 \SystemRoot\System32\drivers\mountmgr.sys
  0x837A0000 \SystemRoot\System32\drivers\sfsync02.sys
  0x837A6000 \SystemRoot\system32\drivers\atapi.sys
  0x837AE000 \SystemRoot\system32\drivers\ataport.SYS
  0x837CC000 \SystemRoot\system32\drivers\fltmgr.sys
  0x807BC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x807CC000 \SystemRoot\System32\Drivers\AsDsm.sys
  0x83600000 \SystemRoot\system32\DRIVERS\lullaby.sys
  0x807D6000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x83C00000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x83C71000 \SystemRoot\system32\drivers\ndis.sys
  0x83D7C000 \SystemRoot\system32\drivers\msrpc.sys
  0x83DA7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x83E01000 \SystemRoot\System32\drivers\tcpip.sys
  0x83EEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B60E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B71E000 \SystemRoot\system32\drivers\wd.sys
  0x8B726000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B75F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B767000 \SystemRoot\System32\drivers\sfhlp02.sys
  0x8B780000 \SystemRoot\System32\Drivers\mup.sys
  0x8B78F000 \SystemRoot\System32\drivers\ecache.sys
  0x8B7B6000 \SystemRoot\system32\drivers\disk.sys
  0x8B7C7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B7E8000 \SystemRoot\system32\drivers\crcdisk.sys
  0x83F06000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8B777000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x83F11000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
  0x83F19000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F40F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8F8D9000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F979000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F985000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F998000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x8F9A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F9AB000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F9DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F9DC000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F9E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F400000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x83F28000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x83F32000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x83F70000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x83F7F000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
  0x8FC05000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8FD2A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8FDB7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8FDBB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x83F8F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8FDEA000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x83FD0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8FDF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8FE0C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8FE2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8FE3E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8FE52000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8FE67000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x8FE6C000 \SystemRoot\system32\DRIVERS\tap0801.sys
  0x8FE77000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FE87000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8FE89000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8FEB3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8FEBD000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8FECA000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8FEFF000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90000000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8FF10000 \SystemRoot\system32\drivers\portcls.sys
  0x8FF3D000 \SystemRoot\system32\drivers\drmk.sys
  0x8FF62000 \SystemRoot\System32\Drivers\aswSnx.SYS
  0x901F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8FFD2000 \SystemRoot\System32\Drivers\Null.SYS
  0x8FFD9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8FFE0000 \SystemRoot\System32\drivers\vga.sys
  0x9040C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x9042D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x90435000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9043D000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x90448000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90456000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9045F000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90475000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x9047F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90493000 \SystemRoot\system32\drivers\afd.sys
  0x904DB000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x904E0000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90512000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90528000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90536000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90549000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90585000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9058F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x905A6000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x905F0000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x90400000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8FFEC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8B7F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8F406000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x97C0E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x97DBF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x97DCC000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x97DD3000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x97DE5000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x990D0000 \SystemRoot\System32\win32k.sys
  0x97DED000 \SystemRoot\System32\drivers\Dxapi.sys
  0x83FE7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x992F0000 \SystemRoot\System32\TSDDD.dll
  0x99310000 \SystemRoot\System32\cdd.dll
  0x99320000 \SystemRoot\System32\ATMFD.DLL
  0x83DE2000 \SystemRoot\system32\drivers\luafv.sys
  0x9EC0E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x9EC46000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x9EC49000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
  0x9EC52000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9EC6C000 \SystemRoot\system32\drivers\spsys.sys
  0x9ED1C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9ED2C000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9ED56000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9ED60000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9ED73000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
  0x9ED7A000 \SystemRoot\system32\drivers\HTTP.sys
  0x807E0000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9EDE7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA300E000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA3023000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA3042000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA307B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA3093000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA30BB000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA310A000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA314D000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA3175000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA3E00000 \SystemRoot\system32\drivers\peauth.sys
  0xA3EDE000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3EE8000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
  0xA3F74000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
  0xA3FAA000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3FB6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA3FD7000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
  0xA3FE0000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA317A000 \??\C:\Users\dani\AppData\Local\Temp\kwtdapod.sys
  0x772A0000 \Windows\System32\ntdll.dll

Processes (total 82):
       0 System Idle Process
       4 System
     512 C:\Windows\System32\smss.exe
     588 csrss.exe
     656 csrss.exe
     664 C:\Windows\System32\wininit.exe
     700 C:\Windows\System32\services.exe
     716 C:\Windows\System32\lsass.exe
     724 C:\Windows\System32\lsm.exe
     760 C:\Windows\System32\winlogon.exe
     912 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\Ati2evxx.exe
    1132 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1304 C:\Windows\System32\audiodg.exe
    1328 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\SLsvc.exe
    1420 C:\Windows\System32\svchost.exe
    1492 C:\Windows\System32\Ati2evxx.exe
    1668 C:\Windows\System32\svchost.exe
    1840 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1860 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    1872 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1896 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1904 C:\Windows\System32\wlanext.exe
     720 C:\Windows\System32\taskeng.exe
    1412 C:\Windows\System32\spoolsv.exe
    1660 C:\Windows\System32\svchost.exe
    2200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2236 C:\Program Files\Bonjour\mDNSResponder.exe
    2268 C:\Windows\System32\svchost.exe
    2280 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2416 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    2700 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    2736 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2764 C:\Windows\System32\svchost.exe
    2796 C:\Windows\System32\TUProgSt.exe
    2876 C:\Windows\System32\svchost.exe
    2892 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2956 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    3000 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3152 WUDFHost.exe
    3444 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    3704 C:\Windows\System32\dwm.exe
    3736 C:\Windows\explorer.exe
    3788 C:\Windows\System32\taskeng.exe
    3832 C:\Windows\System32\taskeng.exe
    3848 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    3956 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    4040 C:\Program Files\ATK Hotkey\HControl.exe
    2000 C:\Program Files\ATKOSD2\ATKOSD2.exe
    2196 C:\Program Files\Wireless Console 2\wcourier.exe
    2248 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
    2408 C:\Program Files\P4G\BatteryLife.exe
    3108 C:\Program Files\ATK Hotkey\ATKOSD.exe
    1992 C:\Windows\RtHDVCpl.exe
    1312 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1192 C:\Windows\System32\ASUSTPE.exe
    1940 C:\Program Files\ATK Hotkey\KBFiltr.exe
     984 C:\Program Files\Zune\ZuneLauncher.exe
    3660 C:\Program Files\Windows Sidebar\sidebar.exe
    1796 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    4048 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3384 C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe
    1068 C:\Program Files\Windows Sidebar\sidebar.exe
    5004 C:\Windows\System32\mobsync.exe
    5156 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5968 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5660 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4076 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    5324 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    5816 C:\Windows\System32\svchost.exe
    4528 C:\Windows\System32\wuauclt.exe
    4648 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    4336 C:\Program Files\Mozilla Firefox\firefox.exe
    3664 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4824 C:\Users\dani\Desktop\osam_autorun_manager_5_0_portable\osam.exe
    1064 C:\Windows\System32\conime.exe
    6016 C:\Users\dani\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b3aef400  (NTFS)
\\.\Q: -->  error 5

PhysicalDrive0 Model Number: ST9320320AS, Rev: 0303    

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!
__________________
Alt 05.06.2011, 18:09   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows\system32\drivers\sptd.sys - Rootkit Modification - Standard

windows\system32\drivers\sptd.sys - Rootkit Modification


Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 2 1 2

Themen zu windows\system32\drivers\sptd.sys - Rootkit Modification
avast, bild, code, computer, cpu, datei, gelöscht, google, home, löschen, meldung, neustarten, ordner, physikalischer speicher, plötzlich, rechner, rootkit, scan, service pack 2, speicher, sptd.sys, system, system32, tools, windows, öffnet


« festplatte IDE SATA problem festgestellt, OTL.exe | Firefox startet immer bestimmte Seite »


Ähnliche Themen: windows\system32\drivers\sptd.sys - Rootkit Modification


  1. Avira meldet TR/Rootkit.Gen in C:windows/system32/drivers....was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (22)
  2. TR/Rootkit.Gen2'-'C:\WINDOWS\system32\drivers\sptd.sys'
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (1)
  3. Avast blockiert Rootkit C:\WINDOWS\system32\drivers\ogpfndii.dat
    Log-Analyse und Auswertung - 20.06.2011 (1)
  4. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  5. Sophos AntiRootkit C:\Windows\System32\drivers\sptd.sys
    Plagegeister aller Art und deren Bekämpfung - 05.01.2011 (7)
  6. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  7. Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys
    Plagegeister aller Art und deren Bekämpfung - 20.08.2010 (23)
  8. Rootkit Agent in C:\WINDOWS\system32\drivers\lpvmtsvd.sys
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (13)
  9. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  10. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  11. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  12. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  13. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  14. TR/Rootkit.gen, TR/BHO.agcg in C:\Windows\system32\drivers\zaohb.sys
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (3)
  15. Was tun? Virus Rootkit C:\Windows\System32\drivers\hsntoaox.sys
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (12)
  16. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
  17. AVG findet Rootkit-Pakes.U in C:\WINDOWS\system32\drivers\atapi.sys
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema windows\system32\drivers\sptd.sys - Rootkit Modification - [code] Combofix Logfile: Code: Alles auswählen Aufklappen ATTFilter ComboFix 11-06-05.01 - dani 05.06.2011 15:43:49.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1834 [GMT 2:00] ausgeführt von:: c:\users\dani\Desktop\cofi.exe Benutzte Befehlsschalter :: - windows\system32\drivers\sptd.sys - Rootkit Modification...
Archiv
Du betrachtest: windows\system32\drivers\sptd.sys - Rootkit Modification auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55