Trojaner-Board - TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..

Habs gemacht
Combofix Logfile:

Code:

ComboFix 11-05-13.01 - Emre 13.05.2011  22:13:37.2.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.2595 [GMT 2:00]

ausgeführt von:: c:\users\Emre\Desktop\cofi.exe

Benutzte Befehlsschalter :: c:\users\Emre\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

FILE ::

"c:\windows\system32\acovcnt.exe"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Emre\AppData\Local\{FD12C48D-6A36-4FD6-81D0-B786618E19FC}

c:\users\Emre\AppData\Local\Nemex

c:\users\Emre\AppData\Local\Nemex\Mouse_Recorder_Pro.exe_Url_pobdqaozaav3q3vjalplb2pa1hgiq1bm\2.0.7.0\user.config

c:\users\Emre\AppData\Local\Nemex\MRPlay.exe_Url_rlifc2h3fjubeyocxyiufadbx1mbwezu\1.0.0.1\user.config

c:\windows\system32\acovcnt.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-13 bis 2011-05-13  ))))))))))))))))))))))))))))))

.

.

2011-05-13 20:18 . 2011-05-13 20:18        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2011-05-13 20:18 . 2011-05-13 20:18        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-13 20:04 . 2011-05-13 20:04        --------        d-----w-        c:\program files (x86)\Nemex

2011-05-13 17:16 . 2011-05-13 17:16        --------        d-----w-        C:\_OTL

2011-05-13 14:53 . 2011-05-13 14:53        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-05-13 14:53 . 2011-05-13 14:53        472808        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-05-13 11:36 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FABC73C5-1850-4C7C-AD2B-5B8F7E68BA9B}\mpengine.dll

2011-05-12 20:39 . 2011-05-12 20:39        --------        d-----w-        c:\users\Emre\AppData\Roaming\Mouse Recorder Pro

2011-05-12 18:50 . 2011-03-18 17:56        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-05-12 16:05 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe

2011-05-12 16:05 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe

2011-05-12 13:33 . 2011-05-12 13:33        --------        d-----w-        c:\users\Emre\AppData\Roaming\Malwarebytes

2011-05-12 13:33 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-12 13:33 . 2011-05-12 13:33        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-12 13:33 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-12 13:33 . 2011-05-12 13:46        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-11 11:28 . 2011-04-09 07:02        5562240        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-05-11 11:28 . 2011-04-09 06:02        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 11:28 . 2011-04-09 06:02        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 11:28 . 2011-03-25 03:29        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2011-05-11 11:28 . 2011-03-25 03:29        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys

2011-05-11 11:28 . 2011-03-25 03:29        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2011-05-11 11:28 . 2011-03-25 03:29        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2011-05-11 11:28 . 2011-03-25 03:29        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2011-05-11 11:28 . 2011-03-25 03:28        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys

2011-04-25 17:42 . 2011-04-29 00:14        --------        d-----w-        c:\users\Emre\AppData\Roaming\DivX

2011-04-25 17:41 . 2011-04-29 13:50        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine

2011-04-25 17:41 . 2011-04-29 13:50        --------        d-----w-        c:\program files\DivX

2011-04-25 17:41 . 2011-04-29 13:50        --------        d-----w-        c:\program files (x86)\DivX

2011-04-25 17:39 . 2011-04-29 13:50        --------        d-----w-        c:\programdata\DivX

2011-04-19 20:33 . 2011-05-07 15:38        --------        d-----w-        c:\users\Emre\AppData\Roaming\skypePM

2011-04-19 20:33 . 2011-05-07 15:48        --------        d-----w-        c:\programdata\Skype Extras

2011-04-19 20:32 . 2011-05-13 13:36        --------        d-----w-        c:\users\Emre\AppData\Roaming\Skype

2011-04-19 20:32 . 2011-05-13 13:38        --------        d-----r-        c:\program files (x86)\Skype

2011-04-19 20:31 . 2011-05-13 13:38        --------        d-----w-        c:\programdata\Skype

2011-04-17 17:15 . 2011-04-17 17:15        --------        d-----w-        c:\program files (x86)\MSECache

2011-04-15 12:06 . 2011-03-03 06:24        183296        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-04-15 12:05 . 2011-02-23 04:56        158208        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-04-15 12:05 . 2011-02-23 04:55        287744        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-04-15 12:05 . 2011-02-23 04:55        128000        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-04-15 12:05 . 2011-02-23 04:55        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys

2011-04-15 12:05 . 2011-02-12 11:34        267776        ----a-w-        c:\windows\system32\FXSCOVER.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-13 14:53 . 2011-03-25 22:23        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-04-02 23:00 . 2011-04-02 22:41        43520        ----a-w-        c:\windows\SysWow64\CmdLineExt03.dll

2011-03-26 21:26 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2011-03-26 21:26 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2011-03-13 15:55 . 2010-06-24 19:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 06:19 . 2011-04-26 20:33        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-26 20:33        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-02-19 12:05 . 2011-03-09 15:15        1139200        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-19 12:04 . 2011-03-09 15:15        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-19 12:04 . 2011-03-09 15:15        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-02-19 06:30 . 2011-03-09 15:15        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll

2011-02-19 06:30 . 2011-03-09 15:15        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-05-13_18.55.36   )))))))))))))))))))))))))))))))))))))))))

.

- 2011-02-18 15:03 . 2011-05-13 18:13        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-18 15:03 . 2011-05-13 20:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-18 15:03 . 2011-05-13 20:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-18 15:03 . 2011-05-13 18:13        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-28 21:44        1400712        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-31 102400]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 135664]

R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - KLMD25

*Deregistered* - klmd25

.

Inhalt des "geplante Tasks" Ordners

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 00:40]

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-18 00:40]

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087054125-833381216-56703888-1001Core.job

- c:\users\Emre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 00:19]

.

2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087054125-833381216-56703888-1001UA.job

- c:\users\Emre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 00:19]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]

"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\Emre\AppData\Roaming\Mozilla\Firefox\Profiles\hq5snwce.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 50

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-05-13  22:19:45

ComboFix-quarantined-files.txt  2011-05-13 20:19

ComboFix2.txt  2011-05-13 19:18

.

Vor Suchlauf: 13 Verzeichnis(se), 36.374.491.136 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 36.317.839.360 Bytes frei

.

- - End Of File - - A5928EEB56C25AF0D2A02DBEF553A5E6

--- --- ---

Habe jetzt das Programm MBRCheck.exe geladen und ausgeführt.. Dann kamen zwei .txt Dateien [Siehe Unten] Was ich nicht verstanden habe mit dem GMER muss ich das auch machen? Oder reicht MBRCheck.exe aus?
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: K72Dr
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 163):
0x02C18000 \SystemRoot\system32\ntoskrnl.exe
0x03201000 \SystemRoot\system32\hal.dll
0x00B9B000 \SystemRoot\system32\kdcom.dll
0x00CB1000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBE000 \SystemRoot\system32\PSHED.dll
0x00CD2000 \SystemRoot\system32\CLFS.SYS
0x00D30000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DF0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC3000 \SystemRoot\system32\drivers\ACPI.sys
0x00F1A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F23000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F2D000 \SystemRoot\system32\drivers\pci.sys
0x00F60000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F6D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F82000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F8B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F97000 \SystemRoot\system32\drivers\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\drivers\pciide.sys
0x00E63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E8D000 \SystemRoot\system32\drivers\atapi.sys
0x00E96000 \SystemRoot\system32\drivers\ataport.SYS
0x00FAC000 \SystemRoot\system32\drivers\msahci.sys
0x00FB7000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x01011000 \SystemRoot\system32\DRIVERS\storport.sys
0x01074000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0107F000 \SystemRoot\system32\drivers\fltmgr.sys
0x010CB000 \SystemRoot\system32\drivers\fileinfo.sys
0x01235000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010DF000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0113D000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014A7000 \SystemRoot\system32\drivers\ndis.sys
0x0159A000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01628000 \SystemRoot\System32\drivers\tcpip.sys
0x0182C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01876000 \SystemRoot\system32\drivers\volsnap.sys
0x018C2000 \SystemRoot\System32\Drivers\spldr.sys
0x018CA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01904000 \SystemRoot\System32\Drivers\mup.sys
0x01916000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0191F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01959000 \SystemRoot\system32\DRIVERS\disk.sys
0x0196F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0199F000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x0142B000 \SystemRoot\system32\drivers\cdrom.sys
0x019E6000 \SystemRoot\System32\Drivers\Null.SYS
0x019EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\System32\drivers\vga.sys
0x01455000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0160E000 \SystemRoot\System32\drivers\watchdog.sys
0x0161E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0147A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01483000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0148E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011AF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0121B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C99000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CDE000 \SystemRoot\system32\drivers\afd.sys
0x02D67000 \SystemRoot\system32\DRIVERS\wfplwf.sys

Zweite .txt Datei

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: K72Dr
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 163):
0x02C18000 \SystemRoot\system32\ntoskrnl.exe
0x03201000 \SystemRoot\system32\hal.dll
0x00B9B000 \SystemRoot\system32\kdcom.dll
0x00CB1000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBE000 \SystemRoot\system32\PSHED.dll
0x00CD2000 \SystemRoot\system32\CLFS.SYS
0x00D30000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DF0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC3000 \SystemRoot\system32\drivers\ACPI.sys
0x00F1A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F23000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F2D000 \SystemRoot\system32\drivers\pci.sys
0x00F60000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F6D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F82000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F8B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F97000 \SystemRoot\system32\drivers\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\drivers\pciide.sys
0x00E63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E8D000 \SystemRoot\system32\drivers\atapi.sys
0x00E96000 \SystemRoot\system32\drivers\ataport.SYS
0x00FAC000 \SystemRoot\system32\drivers\msahci.sys
0x00FB7000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x01011000 \SystemRoot\system32\DRIVERS\storport.sys
0x01074000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0107F000 \SystemRoot\system32\drivers\fltmgr.sys
0x010CB000 \SystemRoot\system32\drivers\fileinfo.sys
0x01235000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010DF000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0113D000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014A7000 \SystemRoot\system32\drivers\ndis.sys
0x0159A000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01628000 \SystemRoot\System32\drivers\tcpip.sys
0x0182C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01876000 \SystemRoot\system32\drivers\volsnap.sys
0x018C2000 \SystemRoot\System32\Drivers\spldr.sys
0x018CA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01904000 \SystemRoot\System32\Drivers\mup.sys
0x01916000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0191F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01959000 \SystemRoot\system32\DRIVERS\disk.sys
0x0196F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0199F000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x0142B000 \SystemRoot\system32\drivers\cdrom.sys
0x019E6000 \SystemRoot\System32\Drivers\Null.SYS
0x019EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\System32\drivers\vga.sys
0x01455000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0160E000 \SystemRoot\System32\drivers\watchdog.sys
0x0161E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0147A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01483000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0148E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011AF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0121B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C99000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CDE000 \SystemRoot\system32\drivers\afd.sys
0x02D67000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D70000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D96000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DAC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DBB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DD6000 \SystemRoot\system32\drivers\termdd.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x02C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011D1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03CC3000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x03EA6000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03CF9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04550000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04596000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04827000 \SystemRoot\system32\DRIVERS\athrx.sys
0x049AE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x049BB000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x049D0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x049DB000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x049E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04800000 \SystemRoot\system32\drivers\i8042prt.sys
0x03E56000 \SystemRoot\system32\DRIVERS\ETD.sys
0x03E7B000 \SystemRoot\system32\drivers\mouclass.sys
0x0481E000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x03E8A000 \SystemRoot\system32\drivers\kbdclass.sys
0x049F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x045BA000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x045CF000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x045D7000 \SystemRoot\system32\drivers\CompositeBus.sys
0x045E7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C53000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03C6E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C8F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x049FE000 \SystemRoot\system32\drivers\swenum.sys
0x04A4C000 \SystemRoot\system32\drivers\ks.sys
0x04A8F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04AA1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04AFB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04B10000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04B33000 \SystemRoot\system32\drivers\portcls.sys
0x04B70000 \SystemRoot\system32\drivers\drmk.sys
0x04B92000 \SystemRoot\system32\drivers\ksthunk.sys
0x058F3000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05B49000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05B57000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05B61000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x05B75000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05B88000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05BA5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05E3A000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x05E00000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x05E11000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x00040000 \SystemRoot\System32\win32k.sys
0x05E1A000 \SystemRoot\System32\drivers\Dxapi.sys
0x05E26000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x05BA7000 \SystemRoot\system32\drivers\luafv.sys
0x05BCA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05FF2000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
0x05821000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05836000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05889000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0589C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x058B4000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
0x0462F000 \SystemRoot\system32\drivers\HTTP.sys
0x046F8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04716000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0472E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0475B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x047A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x047CC000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x06040000 \SystemRoot\system32\drivers\peauth.sys
0x060E6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x060F1000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x061A8000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x06000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x047D4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06E03000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06E6D000 \SystemRoot\System32\DRIVERS\srv.sys
0x06F05000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x00900000 \SystemRoot\System32\ATMFD.DLL
0x06F10000 \SystemRoot\System32\Drivers\fastfat.SYS
0x775A0000 \Windows\System32\ntdll.dll
0x48560000 \Windows\System32\smss.exe
0xFF8C0000 \Windows\System32\apisetschema.dll
0xFF760000 \Windows\System32\autochk.exe
0xFF7E0000 \Windows\System32\usp10.dll

Processes (total 89):
0 System Idle Process
4 System
224 C:\Windows\System32\smss.exe
340 csrss.exe
392 C:\Windows\System32\wininit.exe
428 csrss.exe
452 C:\Windows\System32\services.exe
476 C:\Windows\System32\lsass.exe
484 C:\Windows\System32\lsm.exe
584 C:\Windows\System32\svchost.exe
652 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\atiesrxx.exe
856 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
268 C:\Windows\System32\svchost.exe
260 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\atieclxx.exe
1228 C:\Windows\System32\FBAgent.exe
1292 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1324 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1424 C:\Windows\System32\spoolsv.exe
1472 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1532 C:\Windows\System32\svchost.exe
1672 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1720 C:\Windows\System32\svchost.exe
2044 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
996 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1884 C:\Windows\System32\svchost.exe
2052 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2136 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2244 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2276 C:\Windows\System32\conhost.exe
2396 C:\Windows\System32\taskhost.exe
2516 C:\Windows\System32\taskeng.exe
2644 C:\Windows\System32\dwm.exe
2688 C:\Program Files\P4G\BatteryLife.exe
2708 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2784 WmiPrvSE.exe
2944 C:\Windows\explorer.exe
2984 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
2992 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
3032 C:\Windows\SysWOW64\ACEngSvr.exe
3056 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3244 C:\Windows\System32\svchost.exe
3320 C:\Windows\System32\rundll32.exe
3376 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
3384 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
3396 C:\Program Files\Elantech\ETDCtrl.exe
3404 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3476 C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
3524 C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
3532 C:\Program Files\Windows Sidebar\sidebar.exe
3672 C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
3692 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3704 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
3716 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
3724 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
3736 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
3768 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3788 C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
1368 C:\Windows\AsScrPro.exe
2952 C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
112 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
3552 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
3780 C:\Windows\System32\SearchIndexer.exe
3664 C:\Program Files\Elantech\ETDCtrlHelper.exe
4112 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4464 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4592 C:\PROGRA~2\OPENOF~1.ORG\program\soffice.exe
4620 C:\PROGRA~2\OPENOF~1.ORG\program\soffice.bin
4824 C:\Program Files\Windows Media Player\wmpnetwk.exe
5068 C:\Windows\System32\svchost.exe
4548 WmiPrvSE.exe
5312 C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
5516 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
5616 dllhost.exe
6024 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5696 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2800 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
3120 C:\Windows\System32\svchost.exe
4188 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3820 C:\Windows\System32\audiodg.exe
4704 C:\Windows\System32\SearchProtocolHost.exe
5672 C:\Windows\System32\SearchFilterHost.exe
2884 C:\Users\Emre\Desktop\MBRCheck(1).exe
3184 C:\Windows\System32\conhost.exe
5924 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`5f317000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`00c00000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: ST9320325AS, Rev: 0003SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

MfG