| SilverSurger | 25.10.2010 21:17 |
GMER
GMER Logfile: Code:
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-25 21:50:48
Windows 6.1.7600
Running: p14opzzr.exe; Driver: C:\Users\SILVER~1\AppData\Local\Temp\kgtdrpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91E2C992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91E2E3FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91E2E674]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91E2E8E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91E2D2AA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91E2DA52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91E2DE4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x91E2D4C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91E2DD34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x91E2C582]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91E2DC08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91E2C72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91E2DF6E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91E2CF32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91E2D030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91E2DC9E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91E2F596]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91E30716]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x91E2D694]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91E2F688]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91E2FD62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91E2DEE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x91E2D336]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91E2DDC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91E2CBDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91E2FAFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91E2E004]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91E2CAD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91E2EB30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x91E3009C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91E2F98E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91E2E368]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91E2E22E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91E2F330]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91E305B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91E2D79C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91E2D14C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91E2EBD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x91E2F790]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91E301EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91E302DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91E30418]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91E2F4BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91E2CD7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91E2CCD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91E2FF40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91E2CE68]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83051599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83075F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 8307D730 4 Bytes [92, C9, E2, 91] {XCHG EDX, EAX; LEAVE ; LOOP 0xffffffffffffff95}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 8307D758 8 Bytes [FA, E3, E2, 91, 74, E6, E2, ...] {CLI ; JECXZ 0xffffffffffffffe5; XCHG ECX, EAX; JZ 0xffffffffffffffec; LOOP 0xffffffffffffff99}
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 8307D79C 4 Bytes CALL 9B5E6983
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 8307D7C8 4 Bytes [AA, D2, E2, 91] {STOSB ; SHL DL, CL; XCHG ECX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 8307D7EC 4 Bytes [52, DA, E2, 91]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9242C340, 0x3EB347, 0xE8000020]
? C:\Users\SILVER~1\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\SILVER~1\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74152494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74135624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [741356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7415250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74148573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74144D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [741450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [741451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [741482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74148819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7414907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7414E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74144C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\explorer.exe[4580] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth\Devices
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range 8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels 2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&16fb8032&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName \??\USB#VID_0A12&PID_0001#5&16fb8032&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@COD Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Scans Before Out of Range 8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SCO Max Channels 2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&1d3e1556&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicName \??\USB#VID_0A12&PID_0001#5&1d3e1556&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0x82 0xE7 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x80 0xE7 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x56 0x55 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth\Devices (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Scans Before Out of Range 8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SCO Max Channels 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&16fb8032&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@SymbolicName \??\USB#VID_0A12&PID_0001#5&16fb8032&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext 0x02 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@COD Type 1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Scans Before Out of Range 8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SCO Max Channels 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@Store Link Key COD Masks 0x00 0x00 0x1F 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicLinkName \??\USB#VID_0A12&PID_0001#5&1d3e1556&0&1#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0003@SymbolicName \??\USB#VID_0A12&PID_0001#5&1d3e1556&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0x82 0xE7 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x80 0xE7 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x56 0x55 0xAC ...
---- EOF - GMER 1.0.15 ----
--- --- ---
OSAM
OSAM Logfile: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:14:22 on 25.10.2010
OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.11
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~2\AVP11\kloehk.dll
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001Core.job" - "Google Inc." - C:\Users\SilverSurger\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001UA.job" - "Google Inc." - C:\Users\SilverSurger\AppData\Local\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"catchme" (catchme) - ? - C:\Users\SILVER~1\AppData\Local\Temp\catchme.sys (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information)
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"kgtdrpob" (kgtdrpob) - ? - C:\Users\SILVER~1\AppData\Local\Temp\kgtdrpob.sys (Hidden registry entry, rootkit activity | File not found)
"mbr" (mbr) - ? - C:\Users\SILVER~1\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys (File not found)
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"VBoxNetFlt Service" (VBoxNetFlt) - ? - C:\Windows\System32\DRIVERS\VBoxNetFlt.sys (File not found)
"VirtualBox Host-Only Ethernet Adapter" (VBoxNetAdp) - "Sun Microsystems, Inc." - C:\Windows\System32\DRIVERS\VBoxNetAdp.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\Windows\System32\DRIVERS\vmnetadapter.sys (File not found)
"WinPcap Packet Driver (WPRO_40_1123)" (WPRO_40_1123) - ? - C:\Windows\System32\drivers\WPRO_40_1123.sys (File not found)
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\Web Components\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Shadow restore extension "{641D52A5-F996-4901" - ? - (File not found | COM-object registry key not found)
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Program Files\kikin\ie_kikin.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E601996F-E400-41CA-804B-CD6373A7EEE2} "kikin Plugin" - "kikin" - C:\Program Files\kikin\ie_kikin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ProductReg" - "Acer" - C:\Program Files\Acer\WR_PopUp\ProductReg.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\Launch Manager\LManager.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apache2.2" (Apache2.2) - ? - "d:\xampp\apache\bin\httpd.exe" -k runservice (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Defragmentation-Service" (DfSdkS) - "mst software GmbH, Germany" - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"FileZilla Server FTP server" (FileZilla Server) - ? - "d:\xampp\FileZillaFTP\FileZillaServer.exe" (File not found)
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"mysql" (mysql) - ? - d:\xampp\mysql\bin\mysqld.exe --defaults-file=d:\xampp\mysql\bin\my.cnf mysql (File not found)
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information)
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]
MBRCheck Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 8730
Logical Drives Mask: 0x0100003c
Kernel Drivers (total 222):
0x8300E000 \SystemRoot\system32\ntkrnlpa.exe
0x8341E000 \SystemRoot\system32\halmacpi.dll
0x80B9F000 \SystemRoot\system32\kdcom.dll
0x8361C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83694000 \SystemRoot\system32\PSHED.dll
0x836A5000 \SystemRoot\system32\BOOTVID.dll
0x836AD000 \SystemRoot\system32\CLFS.SYS
0x836EF000 \SystemRoot\system32\CI.dll
0x8BA23000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8BF45000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BFB6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8379A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BFC4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BFCD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BFD5000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x84236000 \SystemRoot\system32\DRIVERS\pci.sys
0x84260000 \SystemRoot\System32\drivers\partmgr.sys
0x84271000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x84281000 \SystemRoot\System32\drivers\volmgrx.sys
0x842CC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x842D4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x842DF000 \SystemRoot\System32\drivers\mountmgr.sys
0x842F5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x842FE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x84321000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8432B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x84339000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x84342000 \SystemRoot\system32\drivers\fltmgr.sys
0x84376000 \SystemRoot\system32\drivers\fileinfo.sys
0x84387000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x84390000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C03C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C16B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C196000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8439A000 \SystemRoot\System32\Drivers\cng.sys
0x8C1A9000 \SystemRoot\System32\drivers\pcw.sys
0x8C1B7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C238000 \SystemRoot\system32\drivers\ndis.sys
0x8C2EF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C32D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C40F000 \SystemRoot\System32\drivers\tcpip.sys
0x8C558000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C589000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C5C8000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5D0000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C352000 \SystemRoot\System32\Drivers\mup.sys
0x8C400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C362000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C394000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C3A5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C200000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91E02000 \SystemRoot\system32\DRIVERS\klif.sys
0x91E82000 \SystemRoot\System32\Drivers\Null.SYS
0x91E89000 \SystemRoot\System32\Drivers\Beep.SYS
0x91E90000 \SystemRoot\System32\drivers\vga.sys
0x91E9C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91EBD000 \SystemRoot\System32\drivers\watchdog.sys
0x91ECA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91ED2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91EDA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x91EE2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91EED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91EFB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91F12000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91F1D000 \SystemRoot\system32\drivers\afd.sys
0x91F77000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91FA9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91FB0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91FCF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x91FE0000 \SystemRoot\system32\DRIVERS\klim6.sys
0x91FE8000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x8C21F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C1C0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90A24000 \SystemRoot\system32\drivers\vpcvmm.sys
0x90A6B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90A7B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90ABC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90AC6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90AD0000 \SystemRoot\System32\drivers\discache.sys
0x90ADC000 \SystemRoot\System32\Drivers\dfsc.sys
0x90AF4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90B02000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9242C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92B48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90B23000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90B5C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9240B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90BA7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C000000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x93201000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x937E0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x937EA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90BC6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x937EE000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x9241A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x84200000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x937F8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90BDE000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x90BE7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90BF4000 \SystemRoot\system32\DRIVERS\nuvotonhidgeneric.sys
0x90A00000 \SystemRoot\system32\DRIVERS\hidshim.sys
0x90A08000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90A1B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91FF8000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x937FA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C22D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C1D3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C1E5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8BFE0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BA18000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x93A03000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x93A25000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93A3D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x93A67000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93A7E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93A95000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x93A9B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x93A9D000 \SystemRoot\system32\DRIVERS\ks.sys
0x93AD1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93ADF000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x93AF7000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x93B04000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x93B3A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93B7E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x93B8A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x93B95000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x99631000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x99842000 \SystemRoot\system32\drivers\portcls.sys
0x99871000 \SystemRoot\system32\drivers\drmk.sys
0x9988A000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x998C7000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x99A12000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x99AC6000 \SystemRoot\system32\drivers\modem.sys
0x99AD3000 \SystemRoot\system32\drivers\nvhda32v.sys
0x9B260000 \SystemRoot\System32\win32k.sys
0x99AE1000 \SystemRoot\System32\drivers\Dxapi.sys
0x99AEB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x99AF8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x99B03000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99B0D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99B1E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x99B35000 \SystemRoot\System32\Drivers\usbvideo.sys
0x99B64000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9B4C0000 \SystemRoot\System32\TSDDD.dll
0x9B4D0000 \SystemRoot\System32\ATMFD.DLL
0x9B540000 \SystemRoot\System32\cdd.dll
0x99B86000 \SystemRoot\system32\drivers\luafv.sys
0x99BA1000 \SystemRoot\system32\drivers\WudfPf.sys
0x99BBB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93BA6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99BCB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99BDB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E629000 \SystemRoot\system32\drivers\HTTP.sys
0x9E6AE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E6C7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E6D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E6FC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E737000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E76A000 \SystemRoot\System32\Drivers\adfs.SYS
0x9E77B000 \??\C:\Windows\system32\drivers\int15.sys
0x9E783000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xC2A2F000 \SystemRoot\system32\drivers\peauth.sys
0xC2AC6000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xC2ACF000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xC2AE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xC2AEB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xC2B0C000 \SystemRoot\System32\drivers\tcpipreg.sys
0xC2B19000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xC2B21000 \SystemRoot\System32\DRIVERS\srv2.sys
0xC2B70000 \SystemRoot\system32\drivers\tdtcp.sys
0xC2B7A000 \SystemRoot\System32\DRIVERS\srv.sys
0xC2BCB000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9E787000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xD6E72000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xD6E89000 \SystemRoot\system32\DRIVERS\monitor.sys
0xD6E94000 \??\C:\Users\SILVER~1\AppData\Local\Temp\catchme.sys
0xD6E9C000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xD6E9E000 \??\C:\Users\SILVER~1\AppData\Local\Temp\mbr.sys
0xD6EA4000 \??\C:\Users\SILVER~1\AppData\Local\Temp\kgtdrpob.sys
0xD6EBB000 \SystemRoot\system32\DRIVERS\serscan.sys
0xD6EC3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x774A0000 \Windows\System32\ntdll.dll
0x48020000 \Windows\System32\smss.exe
0x776E0000 \Windows\System32\apisetschema.dll
0x00040000 \Windows\System32\autochk.exe
0x77630000 \Windows\System32\advapi32.dll
0x77440000 \Windows\System32\shlwapi.dll
0x773B0000 \Windows\System32\oleaut32.dll
0x77320000 \Windows\System32\clbcatq.dll
0x77610000 \Windows\System32\sechost.dll
0x77180000 \Windows\System32\setupapi.dll
0x77140000 \Windows\System32\ws2_32.dll
0x77090000 \Windows\System32\msvcrt.dll
0x76E90000 \Windows\System32\iertutil.dll
0x76D30000 \Windows\System32\ole32.dll
0x76CD0000 \Windows\System32\difxapi.dll
0x76B90000 \Windows\System32\urlmon.dll
0x76AF0000 \Windows\System32\usp10.dll
0x775F0000 \Windows\System32\imm32.dll
0x775E0000 \Windows\System32\nsi.dll
0x76AA0000 \Windows\System32\Wldap32.dll
0x76A50000 \Windows\System32\gdi32.dll
0x769D0000 \Windows\System32\comdlg32.dll
0x769C0000 \Windows\System32\lpk.dll
0x768E0000 \Windows\System32\kernel32.dll
0x76810000 \Windows\System32\msctf.dll
0x76760000 \Windows\System32\rpcrt4.dll
0x75B10000 \Windows\System32\shell32.dll
0x75A40000 \Windows\System32\user32.dll
0x75A30000 \Windows\System32\normaliz.dll
0x75A00000 \Windows\System32\imagehlp.dll
0x75900000 \Windows\System32\wininet.dll
0x758F0000 \Windows\System32\psapi.dll
0x758D0000 \Windows\System32\devobj.dll
0x75880000 \Windows\System32\KernelBase.dll
0x75850000 \Windows\System32\wintrust.dll
0x757C0000 \Windows\System32\comctl32.dll
0x75790000 \Windows\System32\cfgmgr32.dll
0x75670000 \Windows\System32\crypt32.dll
0x75660000 \Windows\System32\msasn1.dll
Processes (total 69):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
456 csrss.exe
520 C:\Windows\System32\wininit.exe
532 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\nvvsvc.exe
844 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\winlogon.exe
1264 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\wlanext.exe
1600 C:\Windows\System32\conhost.exe
1692 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\svchost.exe
1800 C:\Windows\System32\svchost.exe
1856 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1936 C:\Program Files\Bonjour\mDNSResponder.exe
1976 C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe
2032 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
1560 C:\Windows\System32\taskhost.exe
1012 C:\Windows\System32\dwm.exe
2432 C:\Windows\RtHDVCpl.exe
2492 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2524 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
2548 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2620 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2748 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2776 C:\Program Files\Java\jre6\bin\jusched.exe
2816 C:\Program Files\Launch Manager\LManager.exe
2948 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
3048 C:\Program Files\iTunes\iTunesHelper.exe
3080 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3252 C:\Windows\ehome\ehmsas.exe
628 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1744 C:\Windows\System32\svchost.exe
1904 C:\Windows\System32\svchost.exe
1992 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2272 C:\Acer\Mobility Center\MobilityService.exe
2840 C:\Windows\System32\svchost.exe
2784 C:\Windows\System32\svchost.exe
3224 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2580 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3756 C:\Windows\System32\svchost.exe
3036 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
3984 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
4328 WmiPrvSE.exe
4380 C:\Windows\System32\svchost.exe
4452 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4468 C:\Program Files\iPod\bin\iPodService.exe
4968 C:\Windows\System32\SearchIndexer.exe
5104 C:\Windows\System32\svchost.exe
5532 C:\Program Files\Windows Media Player\wmpnetwk.exe
5952 C:\Windows\System32\svchost.exe
1700 C:\Windows\System32\svchost.exe
4580 C:\Windows\explorer.exe
2336 C:\Users\SilverSurger\Desktop\osam_autorun_manager_5_0_portable\osam.exe
5388 C:\Windows\System32\audiodg.exe
5148 C:\Program Files\Mozilla Firefox\firefox.exe
2368 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
1436 C:\Users\SilverSurger\Desktop\MBRCheck.exe
3676 C:\Windows\System32\conhost.exe
2832 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`0fc00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD5000BEVT-22ZAT0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
| |
