windows\system32\drivers\sptd.sys - Rootkit Modification

einfach · 05.06.2011, 16:57

Code:

ATTFilter

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit quick scan 2011-06-05 17:47:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9320320AS rev.0303
Running: qm5ou81i.exe; Driver: C:\Users\dani\AppData\Local\Temp\kwtdapod.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0x905C5902]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device                                                                                                 aswSP.SYS (avast! self protection module/AVAST Software)
Device                                                                                                 Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                         AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device                                                                                                 fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice                                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:52:34 on 05.06.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\dani\AppData\Local\Temp\catchme.sys  (File not found)
"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwtdapod" (kwtdapod) - ? - C:\Users\dani\AppData\Local\Temp\kwtdapod.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"NAVENG" (NAVENG) - ? - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100419.002\NAVENG.SYS  (File not found)
"NAVEX15" (NAVEX15) - ? - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100419.002\NAVEX15.SYS  (File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
"TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0801.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VLC play! Server.lnk" - "ageye GbR" - C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ASUSTPE" - "ASUS" - C:\Windows\system32\ASUSTPE.exe
"P2Go_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"Zune Launcher" - "Microsoft Corporation" - "C:\Program Files\Zune\ZuneLauncher.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Windows\System32\TuneUpDefragService.exe
"@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\Windows\System32\TUProgSt.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe
"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Zune Network Sharing Service" (ZuneNetworkSvc) - "Microsoft Corporation" - C:\Program Files\Zune\ZuneNss.exe
"Zune Windows Mobile Connectivity Service" (WMZuneComm) - "Microsoft Corporation" - C:\Program Files\Zune\WMZuneComm.exe
"Zune Wireless Configuration Service" (ZuneWlanCfgSvc) - "Microsoft Corporation" - C:\Program Files\Zune\ZuneWlanCfgSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	PEGATRON CORPORATION
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ASUSTeK Computer Inc.
System Product Name:		F5SR
Logical Drives Mask:		0x0001009c

Kernel Drivers (total 163):
  0x83044000 \SystemRoot\system32\ntkrnlpa.exe
  0x83011000 \SystemRoot\system32\hal.dll
  0x8060B000 \SystemRoot\system32\kdcom.dll
  0x80612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80682000 \SystemRoot\system32\PSHED.dll
  0x80693000 \SystemRoot\system32\BOOTVID.dll
  0x8069B000 \SystemRoot\system32\CLFS.SYS
  0x806DC000 \SystemRoot\system32\CI.dll
  0x83609000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8367A000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83688000 \SystemRoot\system32\drivers\acpi.sys
  0x836CE000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x836D7000 \SystemRoot\system32\drivers\msisadrv.sys
  0x836DF000 \SystemRoot\system32\drivers\pci.sys
  0x83706000 \SystemRoot\System32\drivers\partmgr.sys
  0x83715000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x83718000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x83722000 \SystemRoot\system32\drivers\volmgr.sys
  0x83731000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8377B000 \SystemRoot\system32\drivers\pciide.sys
  0x83782000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x83790000 \SystemRoot\System32\drivers\mountmgr.sys
  0x837A0000 \SystemRoot\System32\drivers\sfsync02.sys
  0x837A6000 \SystemRoot\system32\drivers\atapi.sys
  0x837AE000 \SystemRoot\system32\drivers\ataport.SYS
  0x837CC000 \SystemRoot\system32\drivers\fltmgr.sys
  0x807BC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x807CC000 \SystemRoot\System32\Drivers\AsDsm.sys
  0x83600000 \SystemRoot\system32\DRIVERS\lullaby.sys
  0x807D6000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x83C00000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x83C71000 \SystemRoot\system32\drivers\ndis.sys
  0x83D7C000 \SystemRoot\system32\drivers\msrpc.sys
  0x83DA7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x83E01000 \SystemRoot\System32\drivers\tcpip.sys
  0x83EEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B60E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B71E000 \SystemRoot\system32\drivers\wd.sys
  0x8B726000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B75F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B767000 \SystemRoot\System32\drivers\sfhlp02.sys
  0x8B780000 \SystemRoot\System32\Drivers\mup.sys
  0x8B78F000 \SystemRoot\System32\drivers\ecache.sys
  0x8B7B6000 \SystemRoot\system32\drivers\disk.sys
  0x8B7C7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B7E8000 \SystemRoot\system32\drivers\crcdisk.sys
  0x83F06000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8B777000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x83F11000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
  0x83F19000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F40F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8F8D9000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F979000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F985000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F998000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
  0x8F9A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F9AB000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F9DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F9DC000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F9E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F400000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x83F28000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x83F32000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x83F70000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x83F7F000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
  0x8FC05000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8FD2A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8FDB7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8FDBB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x83F8F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8FDEA000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x83FD0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8FDF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8FE0C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8FE2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8FE3E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8FE52000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8FE67000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x8FE6C000 \SystemRoot\system32\DRIVERS\tap0801.sys
  0x8FE77000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FE87000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8FE89000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8FEB3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8FEBD000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8FECA000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8FEFF000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90000000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8FF10000 \SystemRoot\system32\drivers\portcls.sys
  0x8FF3D000 \SystemRoot\system32\drivers\drmk.sys
  0x8FF62000 \SystemRoot\System32\Drivers\aswSnx.SYS
  0x901F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8FFD2000 \SystemRoot\System32\Drivers\Null.SYS
  0x8FFD9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8FFE0000 \SystemRoot\System32\drivers\vga.sys
  0x9040C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x9042D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x90435000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9043D000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x90448000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90456000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9045F000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90475000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x9047F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90493000 \SystemRoot\system32\drivers\afd.sys
  0x904DB000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x904E0000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90512000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90528000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90536000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90549000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90585000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9058F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x905A6000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x905F0000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x90400000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8FFEC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FE00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8B7F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8F406000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x97C0E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x97DBF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x97DCC000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x97DD3000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x97DE5000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x990D0000 \SystemRoot\System32\win32k.sys
  0x97DED000 \SystemRoot\System32\drivers\Dxapi.sys
  0x83FE7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x992F0000 \SystemRoot\System32\TSDDD.dll
  0x99310000 \SystemRoot\System32\cdd.dll
  0x99320000 \SystemRoot\System32\ATMFD.DLL
  0x83DE2000 \SystemRoot\system32\drivers\luafv.sys
  0x9EC0E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x9EC46000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x9EC49000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
  0x9EC52000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9EC6C000 \SystemRoot\system32\drivers\spsys.sys
  0x9ED1C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9ED2C000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9ED56000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9ED60000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9ED73000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
  0x9ED7A000 \SystemRoot\system32\drivers\HTTP.sys
  0x807E0000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9EDE7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA300E000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA3023000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA3042000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA307B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA3093000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA30BB000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA310A000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA314D000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA3175000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA3E00000 \SystemRoot\system32\drivers\peauth.sys
  0xA3EDE000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3EE8000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
  0xA3F74000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
  0xA3FAA000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3FB6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA3FD7000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
  0xA3FE0000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA317A000 \??\C:\Users\dani\AppData\Local\Temp\kwtdapod.sys
  0x772A0000 \Windows\System32\ntdll.dll

Processes (total 82):
       0 System Idle Process
       4 System
     512 C:\Windows\System32\smss.exe
     588 csrss.exe
     656 csrss.exe
     664 C:\Windows\System32\wininit.exe
     700 C:\Windows\System32\services.exe
     716 C:\Windows\System32\lsass.exe
     724 C:\Windows\System32\lsm.exe
     760 C:\Windows\System32\winlogon.exe
     912 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\Ati2evxx.exe
    1132 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1304 C:\Windows\System32\audiodg.exe
    1328 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\SLsvc.exe
    1420 C:\Windows\System32\svchost.exe
    1492 C:\Windows\System32\Ati2evxx.exe
    1668 C:\Windows\System32\svchost.exe
    1840 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    1860 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    1872 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    1896 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1904 C:\Windows\System32\wlanext.exe
     720 C:\Windows\System32\taskeng.exe
    1412 C:\Windows\System32\spoolsv.exe
    1660 C:\Windows\System32\svchost.exe
    2200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2236 C:\Program Files\Bonjour\mDNSResponder.exe
    2268 C:\Windows\System32\svchost.exe
    2280 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2416 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    2700 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    2736 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    2764 C:\Windows\System32\svchost.exe
    2796 C:\Windows\System32\TUProgSt.exe
    2876 C:\Windows\System32\svchost.exe
    2892 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2956 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    3000 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3152 WUDFHost.exe
    3444 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    3704 C:\Windows\System32\dwm.exe
    3736 C:\Windows\explorer.exe
    3788 C:\Windows\System32\taskeng.exe
    3832 C:\Windows\System32\taskeng.exe
    3848 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    3956 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    4040 C:\Program Files\ATK Hotkey\HControl.exe
    2000 C:\Program Files\ATKOSD2\ATKOSD2.exe
    2196 C:\Program Files\Wireless Console 2\wcourier.exe
    2248 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
    2408 C:\Program Files\P4G\BatteryLife.exe
    3108 C:\Program Files\ATK Hotkey\ATKOSD.exe
    1992 C:\Windows\RtHDVCpl.exe
    1312 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1192 C:\Windows\System32\ASUSTPE.exe
    1940 C:\Program Files\ATK Hotkey\KBFiltr.exe
     984 C:\Program Files\Zune\ZuneLauncher.exe
    3660 C:\Program Files\Windows Sidebar\sidebar.exe
    1796 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    4048 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3384 C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe
    1068 C:\Program Files\Windows Sidebar\sidebar.exe
    5004 C:\Windows\System32\mobsync.exe
    5156 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5968 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5660 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4076 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    5324 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    5816 C:\Windows\System32\svchost.exe
    4528 C:\Windows\System32\wuauclt.exe
    4648 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    4336 C:\Program Files\Mozilla Firefox\firefox.exe
    3664 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4824 C:\Users\dani\Desktop\osam_autorun_manager_5_0_portable\osam.exe
    1064 C:\Windows\System32\conime.exe
    6016 C:\Users\dani\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b3aef400  (NTFS)
\\.\Q: -->  error 5

PhysicalDrive0 Model Number: ST9320320AS, Rev: 0303    

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

windows\system32\drivers\sptd.sys - Rootkit Modification

Plagegeister aller Art und deren Bekämpfung: windows\system32\drivers\sptd.sys - Rootkit Modification

windows\system32\drivers\sptd.sys - Rootkit Modification

Ähnliche Themen: windows\system32\drivers\sptd.sys - Rootkit Modification