Trojaner-Board - Windows Recovery eingefangen

Combofix Logfile:

Code:

ComboFix 11-05-02.02 - 462091 02.05.2011  19:44:00.2.2 - x86

Microsoft® Windows Vista™ Business   6.0.6001.1.1252.49.1031.18.2022.1209 [GMT 2:00]

ausgeführt von:: c:\users\462091\Desktop\Cofi.exe

Benutzte Befehlsschalter :: c:\users\462091\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\DRIVERS\dwvkbd.sys"

"c:\windows\system32\DWRCST.exe"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\system32\DRIVERS\dwvkbd.sys

c:\windows\system32\DWRCST.exe

.

----- BITS: Eventuell infizierte Webseiten -----

.

hxxp://autodiscover.xxx.de

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_dwvkbd

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-02 bis 2011-05-02  ))))))))))))))))))))))))))))))

.

.

2011-05-02 17:52 . 2011-05-02 17:52        --------        d-----w-        c:\users\postgres\AppData\Local\temp

2011-05-02 17:52 . 2011-05-02 17:52        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-30 08:24 . 2011-05-02 19:32        --------        d-----w-        c:\users\462091\AppData\Local\temp

2011-04-30 08:09 . 2011-04-18 07:15        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{908B3B59-D939-40A4-8867-8BACEB04586D}\mpengine.dll

2011-04-30 08:09 . 2011-02-02 16:11        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-04-28 21:15 . 2011-04-28 21:15        --------        d-----w-        C:\_OTL

2011-04-27 11:22 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll

2011-04-27 11:22 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-27 10:51 . 2011-04-27 10:51        --------        d-----w-        c:\users\462091\AppData\Roaming\Malwarebytes

2011-04-27 10:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-27 10:50 . 2011-04-27 10:50        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-27 10:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-27 10:50 . 2011-04-27 10:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-26 16:12 . 2011-04-26 16:12        --------        d-----w-        c:\users\462091\AppData\Local\Sunbelt Software

2011-04-26 16:04 . 2011-04-28 21:28        --------        d-----w-        c:\programdata\Lavasoft

2011-04-26 15:06 . 2011-04-26 15:06        --------        d-----w-        c:\programdata\WindowsSearch

2011-04-26 12:18 . 2011-04-26 12:18        --------        d-----w-        c:\program files\Enigma Software Group

2011-04-26 12:12 . 2011-04-26 12:12        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard

2011-04-14 06:30 . 2011-03-03 15:00        738816        ----a-w-        c:\windows\system32\inetcomm.dll

2011-04-14 06:30 . 2011-03-03 10:49        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-04-13 22:40 . 2011-04-13 22:40        4284416        ----a-w-        c:\windows\system32\GPhotos.scr

2011-04-04 13:17 . 1998-06-23 22:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX

2011-04-04 13:17 . 2001-10-28 14:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll

2011-04-04 13:17 . 1998-07-05 22:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL

2011-04-04 13:17 . 2011-04-04 13:18        --------        d-----w-        c:\program files\PDFCreator

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-03 14:56 . 2011-04-27 11:22        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll

2011-03-03 14:56 . 2011-04-27 11:22        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2011-03-03 14:56 . 2011-04-27 11:22        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll

2011-03-03 14:56 . 2011-04-27 11:22        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll

2011-02-17 06:47 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll

2011-02-17 06:47 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll

2011-02-17 06:20 . 2011-02-17 06:34        47560        ----a-w-        c:\windows\system32\SPReview.exe

2011-02-17 06:20 . 2011-02-17 06:34        152576        ----a-w-        c:\windows\system32\SPWizUI.dll

2006-05-22 20:12 . 2008-05-15 10:55        81920        ----a-w-        c:\program files\uninstgs.exe

2011-03-18 17:56 . 2011-04-01 10:11        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2010-01-06 18:07 . 2009-09-28 11:05        23864        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 18:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 18:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1194728]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-03-28 18:46        90112        ----a-w-        c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^462091^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^462091^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tournament Shark.lnk]

path=c:\users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tournament Shark.lnk

backup=c:\windows\pss\Tournament Shark.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-14 23:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 13:51        177440        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]

2007-03-15 14:37        32768        ----a-w-        c:\windows\BisonCam\BisonHK.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]

2007-03-15 14:34        172032        ----a-w-        c:\windows\BisonCam\BsMnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]

2009-08-06 15:59        381440        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-02-07 15:21        54832        ----a-w-        c:\program files\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]

2007-09-07 14:38        561152        ----a-w-        c:\program files\System Control Manager\MGSysCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]

2007-03-28 18:23        49168        ----a-w-        c:\program files\Protector Suite QL\launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 20:16        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-03-14 20:01        71216        ------w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]

2008-01-04 10:02        222504        ------w-        c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]

2009-03-18 16:17        4419824        ----a-w-        c:\users\462091\AppData\Roaming\UpdateStar\UpdateStar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-935411637-121726556-1431338135-1000]

"EnableNotificationsRef"=dword:00000001

.

R0 iaNvStor;Intel(R) Turbo Memory  Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-11-28 210432]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9d253cf6977e0;Google Update Service (gupdate1c9d253cf6977e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]

R2 SASRKServer;SASRKServer;c:\awd\ANGWIN\RK\STG\.kevuSSLVRKServer\SAS\SASRKSRV.exe [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]

R3 IPOSCalcRep;IPOSCalcRep;c:\awd\AngWin\rk\idl\IPOSCalcRep.exe [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 66600]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-06 22816]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-06 70728]

S2 msftesql$AWDVERTRIEB;SQL Server-Volltextsuche (AWDVERTRIEB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]

S2 MSSQL$AWDVERTRIEB;SQL Server (AWDVERTRIEB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440]

S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-06-11 1489688]

S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:15]

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:15]

.

2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{697CB72C-A473-4DF5-BC8B-CA29E7EFCA00}.job

- c:\windows\system32\msfeedssync.exe [2011-02-17 22:33]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: xxx.de

Trusted Zone: xxx.de\kvonline

FF - ProfilePath - c:\users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\

FF - prefs.js: browser.search.selectedEngine - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-DameWare MRC Agent - c:\windows\system32\DWRCST.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-05-02 21:34

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$AWDVERTRIEB]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:AWDVERTRIEB"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(3960)

c:\program files\Protector Suite QL\farchns.dll

c:\program files\Protector Suite QL\infra.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Protector Suite QL\upeksvr.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Intel\AMT\atchksrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\DWRCS.exe

c:\program files\Intel\AMT\LMS.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\System32\msdtc.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-05-02  21:37:45 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-05-02 19:37

ComboFix2.txt  2011-04-30 08:35

.

Vor Suchlauf: 20 Verzeichnis(se), 13.595.824.128 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 13.383.163.904 Bytes frei

.

- - End Of File - - C39CE24DA2F032948C2FE690E1076E01

--- --- ---

OSAM

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 23:14:26 on 02.05.2011
 

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl

"Odbccp32.cpl" - "Microsoft Corporation" - C:\Windows\system32\Odbccp32.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys

"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys

"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys

"awldqpog" (awldqpog) - ? - C:\Users\462091\AppData\Local\Temp\awldqpog.sys  (Hidden registry entry, rootkit activity | File not found)

"catchme" (catchme) - ? - C:\Cofi\catchme.sys  (File not found)

"esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)

"mbr" (mbr) - ? - C:\Users\462091\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys

"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys

"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys

"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys

"McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys

"McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys

"MGHwCtrl" (MGHwCtrl) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\MGHwCtrl.sys

"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)

"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)

"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)

"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\CyberLink\PowerDVD\000.fcl
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - C:\Program Files\7-Zip\7-zip.dll

{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll

{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{E463ADAF-4707-4997-9BFC-13BF91A2810B} "DMRC Shell Extension" - "DameWare Development LLC" - C:\Windows\system32\DWRCSh32.DLL

{D3F9CF10-424C-4678-9A28-B0F62D2550DD} "DWRCShell" - "DameWare Development LLC" - C:\Windows\system32\DWRCShell.DLL

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL

{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll

{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll

{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll

{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.5.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.5.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10p.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

"AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"35C-4 Series PCL Language Monitor" - "KONICA MINOLTA BUSINESS TECHNOLOGIES, INC." - C:\Windows\system32\KOAZXJAL.dll

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"DameWare Mini Remote Control" (DWMRCS) - "DameWare Development LLC" - C:\Windows\System32\DWRCS.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Update Service (gupdate1c9d253cf6977e0)" (gupdate1c9d253cf6977e0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

"Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\AMT\LMS.exe

"Intel(R) Active Management Technology System Status Service" (atchksrv) - "Intel Corporation" - C:\Program Files\Intel\AMT\atchksrv.exe

"Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\AMT\UNS.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"IPOSCalcRep" (IPOSCalcRep) - ? - C:\AWD\AngWin\rk\idl\IPOSCalcRep.exe  (File not found)

"McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"SASRKServer" (SASRKServer) - ? - C:\AWD\ANGWIN\RK\STG\.kevuSSLVRKServer\SAS\SASRKSRV.exe "C:\AWD\ANGWIN\RK\STG"  (File not found)

"SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe  (File found, but it contains no detailed information)

"SQL Server (AWDVERTRIEB)" (MSSQL$AWDVERTRIEB) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

"SQL Server-Volltextsuche (AWDVERTRIEB)" (msftesql$AWDVERTRIEB) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - "ScreenTime Media" - C:\Windows\system32\JOERGL~2.SCR

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und mbr

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Micro-Star International
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MICRO-STAR INT'L CO.,LTD
System Product Name: PR620
Logical Drives Mask: 0x00000034

Kernel Drivers (total 165):
0x82210000 \SystemRoot\system32\ntkrnlpa.exe
0x825C9000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046B000 \SystemRoot\system32\PSHED.dll
0x8047C000 \SystemRoot\system32\BOOTVID.dll
0x80484000 \SystemRoot\system32\CLFS.SYS
0x804C5000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\system32\drivers\intelide.sys
0x8078E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079C000 \SystemRoot\system32\drivers\pciide.sys
0x807A3000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807D0000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E0000 \SystemRoot\system32\drivers\atapi.sys
0x805E1000 \SystemRoot\system32\drivers\ataport.SYS
0x807E8000 \SystemRoot\system32\drivers\msahci.sys
0x82C0B000 \SystemRoot\system32\drivers\fltmgr.sys
0x82C3D000 \SystemRoot\system32\drivers\fileinfo.sys
0x82C4D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82CBE000 \SystemRoot\system32\drivers\ndis.sys
0x82DC9000 \SystemRoot\system32\drivers\msrpc.sys
0x82E0F000 \SystemRoot\system32\drivers\NETIO.SYS
0x82E49000 \SystemRoot\System32\drivers\tcpip.sys
0x82F32000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82F4D000 \SystemRoot\system32\DRIVERS\timntr.sys
0x88003000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88112000 \SystemRoot\system32\drivers\volsnap.sys
0x8814B000 \SystemRoot\System32\Drivers\spldr.sys
0x88153000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8816E000 \SystemRoot\System32\Drivers\mup.sys
0x8817D000 \SystemRoot\system32\drivers\mfehidk.sys
0x881CF000 \SystemRoot\System32\drivers\ecache.sys
0x82FAD000 \SystemRoot\system32\drivers\disk.sys
0x82FBE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881F6000 \SystemRoot\system32\drivers\crcdisk.sys
0x82E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82DF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x805A5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BE06000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C43D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C4DC000 \SystemRoot\System32\drivers\watchdog.sys
0x8C4E9000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8C524000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C52F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C56D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C57C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C804000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8CA2B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CA3B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CA49000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8CA63000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8CA72000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8CA86000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8CAD7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CAEA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CAF5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CB20000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CB22000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CB2D000 \SystemRoot\system32\DRIVERS\serial.sys
0x8CB47000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8CB51000 \SystemRoot\system32\DRIVERS\nscirda.sys
0x8CB59000 \SystemRoot\system32\drivers\irenum.sys
0x8CB62000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CB66000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CB7E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8CB84000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8CB94000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8CB9C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C58E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CBCA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CBD5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CBEC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C5CF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x805B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805C3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CC15000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8CC9E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CCAE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CCB0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CCDA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CCE4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CCF1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CD25000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8CD30000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DC06000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8DDC6000 \SystemRoot\system32\drivers\portcls.sys
0x8CD41000 \SystemRoot\system32\drivers\drmk.sys
0x8E004000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E120000 \SystemRoot\system32\drivers\modem.sys
0x8E12D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E136000 \SystemRoot\System32\Drivers\Null.SYS
0x8E13D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E14D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E154000 \SystemRoot\System32\drivers\vga.sys
0x8E160000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E181000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E189000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E191000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E19C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E1AA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E1B3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E1C9000 \SystemRoot\system32\drivers\mfetdik.sys
0x8E1D7000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CD66000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CD98000 \SystemRoot\system32\drivers\afd.sys
0x8CDE0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E1EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E408000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E41B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E457000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E461000 \SystemRoot\system32\drivers\csc.sys
0x8E4BB000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E4D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E4DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E4EB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E4F3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E500000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E50B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8E513000 \SystemRoot\System32\Drivers\tcusb.sys
0x976F0000 \SystemRoot\System32\win32k.sys
0x8E51D000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E527000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97910000 \SystemRoot\System32\TSDDD.dll
0x97930000 \SystemRoot\System32\cdd.dll
0x8E536000 \SystemRoot\system32\drivers\luafv.sys
0x8E551000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xAAC0D000 \SystemRoot\system32\drivers\spsys.sys
0xAACBC000 \SystemRoot\system32\DRIVERS\irda.sys
0xAACDA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAACEA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAAD14000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAD1E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAD31000 \SystemRoot\system32\drivers\HTTP.sys
0xAAD9E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAADBB000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAADD4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8E561000 \SystemRoot\system32\drivers\mrxdav.sys
0x8E581000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E5A0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8E5D9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC40C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC434000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC49B000 \SystemRoot\system32\drivers\peauth.sys
0xAC579000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAC583000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAC58F000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xAC591000 \??\C:\Windows\system32\drivers\MGHwCtrl.sys
0xAC59B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAC5B8000 \??\C:\Cofi\catchme.sys
0xAC5C0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xAC5C2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAC5CB000 \??\C:\Users\462091\AppData\Local\Temp\awldqpog.sys
0x77C20000 \Windows\System32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
588 C:\Windows\System32\smss.exe
732 csrss.exe
776 C:\Windows\System32\wininit.exe
784 csrss.exe
820 C:\Windows\System32\services.exe
848 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\lsass.exe
884 C:\Windows\System32\lsm.exe
1036 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\audiodg.exe
1432 C:\Windows\System32\SLsvc.exe
1524 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\svchost.exe
1824 C:\Program Files\Protector Suite QL\upeksvr.exe
388 C:\Windows\System32\spoolsv.exe
452 C:\Windows\System32\svchost.exe
976 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
1268 C:\Windows\System32\agrsmsvc.exe
2016 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1144 C:\Program Files\Intel\AMT\atchksrv.exe
1864 C:\Program Files\Bonjour\mDNSResponder.exe
2068 C:\Windows\System32\DWRCS.exe
2192 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2232 C:\Program Files\Intel\AMT\LMS.exe
2328 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
2340 C:\Windows\System32\mfevtps.exe
2376 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
2416 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2464 C:\Program Files\System Control Manager\edd.exe
2520 C:\Windows\System32\svchost.exe
2576 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2624 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2660 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2680 C:\Windows\System32\svchost.exe
2704 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2784 C:\Program Files\Intel\AMT\UNS.exe
2860 C:\Windows\System32\svchost.exe
2892 C:\Windows\System32\SearchIndexer.exe
3660 C:\Windows\System32\taskeng.exe
2432 C:\Windows\System32\msdtc.exe
3408 C:\Windows\System32\dwm.exe
1460 C:\Windows\System32\taskeng.exe
1580 C:\Windows\System32\conime.exe
3924 C:\Windows\System32\wuauclt.exe
3960 C:\Windows\explorer.exe
4032 C:\Program Files\Windows Media Player\wmpnscfg.exe
2484 C:\Program Files\Windows Media Player\wmpnetwk.exe
4868 C:\Program Files\Internet Explorer\ieuser.exe
5728 C:\Windows\System32\SearchProtocolHost.exe
4092 C:\Windows\System32\SearchFilterHost.exe
4584 C:\Users\462091\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`77100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`90a00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!