Guten Morgen Arne,
anbei die neuesten logs:
1. GMER Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-26 06:06:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O
Running: s0ifz8bb.exe; Driver: C:\WINDOWS\TEMP\kwdyqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\drivers\tos_sps32.sys section is writeable [0xB7C29480, 0x3C939, 0xE8000020]
.dsrt C:\WINDOWS\system32\drivers\tos_sps32.sys unknown last section [0xB7C6A900, 0x3CA, 0x48000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7376380, 0x3E5D65, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\programme\real\realplayer\update\realsched.exe[2752] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer@RelPattern *.asf?*.avi?*.divx?*.mov?*.mpeg?*.mpg?*.ogm?*.qt?*.rm?*.wmv?*.mkv?*.vob?*.m1v?*.m2v?*.swf?*.fli?*.flc?*.flic?*.dat?*.mp4?*.mpe?*.3gp?*.3g2?*.ts?*.tp?*.trp?*.k3g?*.flv?*.m4v?*.mpg?VIDEO\*.mpg?*.
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 625137348
---- EOF - GMER 1.0.15 ----
2. OSAM Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:56:29 on 26.01.2012
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.8
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"Hwsetup.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\Hwsetup.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"tmeprop.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\tmeprop.cpl
"TPwrSave.cpl" - "TOSHIBA Corporation" - C:\WINDOWS\system32\TPwrSave.cpl
"TUSBSleepCharge.cpl" - "TOSHIBA" - C:\WINDOWS\system32\TUSBSleepCharge.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Programme\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl
"ToshSrv" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"catchme" (catchme) - ? - C:\WINDOWS\TEMP\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"McAfee Inc. mferkdk" (mferkdk) - ? - C:\WINDOWS\System32\drivers\mferkdk.sys (File not found)
"McAfee Inc. mfesmfk" (mfesmfk) - ? - C:\WINDOWS\System32\drivers\mfesmfk.sys (File not found)
"MPFP" (MPFP) - ? - C:\WINDOWS\System32\Drivers\Mpfp.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"QsFsFltr" (QsFsFltr) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\System32\DRIVERS\QsFsFltr.sys
"TMEI3E" (TMEI3E) - "Toshiba Corporation" - C:\WINDOWS\System32\Drivers\TMEI3E.SYS
"TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver" (TVALZFL) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\TVALZFL.sys
"TOSHIBA Network Device Usermode I/O Protocol" (Netdevio) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\netdevio.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information)
{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information)
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "JetAudio" - C:\Programme\JetAudio\JetFlExt.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{6D0E6651-1CD8-11d6-92C4-0003479E4848} "NVIDIA NT4 Multimon Control Panel Extension" - ? - (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{C4213067-97B3-4929-9B98-B5600FBBBA13} "TouchShellExt Class" - "TOSHIBA Corporation" - C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll
{D7B901C9-669E-4D2D-9946-CB8701E102FF} "TrueSuiteCMenu" - "AuthenTec, Inc." - C:\Programme\TrueSuite\TrueSuite.CMShelExt.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{27B4851A-3207-45A2-B947-BE8AFE6163AB} "McAfee Phishing Filter" - ? - c:\progra~1\mcafee\msk\mskapbho.dll (File not found)
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} "TrueSuite Website Log On" - "AuthenTec Inc." - C:\Programme\TrueSuite\TrueSuite.IEBHO.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NokiaOviSuite2" - "Nokia" - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"TOSHIBA Online Product Information" - "TOSHIBA" - C:\Programme\TOSHIBA\Toshiba Online Product Information\topi.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"000StTHK" - ? - 000StTHK.exe (File found, but it contains no detailed information)
"00THotkey" - "TOSHIBA Corporation" - C:\WINDOWS\system32\00THotkey.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"CFSServ.exe" - ? - CFSServ.exe -NoClient (File not found)
"ClientAppLogon" - "AuthenTec, Inc." - C:\Programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe
"DDWMon" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"IMSS" - ? - "C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup
"ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NDSTray.exe" - ? - NDSTray.exe (File not found)
"NokiaMServer" - "Nokia" - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"QuiKProtect" - "Iomega Corporation - An EMC Company" - C:\Programme\Iomega\QuikProtect\StartQuikProtect.exe
"SmoothView" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
"TFncKy" - ? - TFncKy.exe (File not found)
"TFNF5" - "TOSHIBA Corp." - TFNF5.exe
"ThpSrv" - "TOSHIBA Corporation" - C:\WINDOWS\system32\thpsrv /logon
"TkBellExe" - "RealNetworks, Inc." - "C:\programme\real\realplayer\update\realsched.exe" -osboot
"TMERzCtl.EXE" - "TOSHIBA" - C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE /Service
"TMESRV.EXE" - "TOSHIBA" - C:\Programme\TOSHIBA\TME3\TMESRV31.EXE /Logon
"TNRotate" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe
"TosHKCW.exe" - "TOSHIBA CORPORATION" - "C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
"TosSENotify" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
"TosWaitSrv" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
"TouchED" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TouchED\TouchED.exe
"TPSMain" - "TOSHIBA Corporation" - TPSMain.exe
"TPSODDCtl" - "TOSHIBA Corporation" - TPSODDCtl.exe
"TUSBSleepChargeSrv" - "TOSHIBA" - %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
"TWebCamera" - "TOSHIBA CORPORATION." - "C:\Programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Programme\Fingerprint Sensor\atservice.exe
"ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Personal Firewall Service" (MpfService) - ? - C:\Programme\McAfee\MPF\MPFSrv.exe (File not found)
"McAfee SystemGuards" (McSysmon) - ? - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (File not found)
"Microsoft Office Diagnostics Service" (odserv) - ? - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE" (File not found)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"QSCopyEngine" (QSCopyEngine) - ? - C:\Programme\Iomega\QuikProtect\QpMonitor.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Tmesrv3" (Tmesrv) - "TOSHIBA" - C:\Programme\TOSHIBA\TME3\Tmesrv31.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TOSHIBA Festplattenschutz" (Thpsrv) - "TOSHIBA Corporation" - C:\WINDOWS\system32\ThpSrv.exe
"TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\WINDOWS\system32\TODDSrv.exe
"TPCH Service" (TPCHSrv) - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe
"TrueSuiteService" (FPLService) - "AuthenTec, Inc" - C:\Programme\TrueSuite\TrueSuite.Service.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Magiena" - C:\WINDOWS\system32\Fflower.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "AuthenTec" - C:\WINDOWS\system32\TrueSuite.GINA.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
3. aswMBR Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-26 20:59:40
-----------------------------
20:59:40.265 OS Version: Windows 5.1.2600 Service Pack 3
20:59:40.265 Number of processors: 4 586 0x2502
20:59:40.265 ComputerName: ***1 UserName: ***
20:59:41.390 Initialize success
21:11:44.078 AVAST engine defs: 12012602
21:12:54.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:12:54.375 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
21:12:54.703 Disk 0 MBR read successfully
21:12:54.703 Disk 0 MBR scan
21:12:54.734 Disk 0 Windows XP default MBR code
21:12:54.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
21:12:54.750 Disk 0 scanning sectors +625137345
21:12:54.765 Disk 0 malicious Win32:MBRoot code @ sector 625137348 !
21:12:54.796 Disk 0 scanning C:\WINDOWS\system32\drivers
21:13:01.343 Service scanning
21:13:02.234 Modules scanning
21:13:07.890 Disk 0 trace - called modules:
21:13:07.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll ACPI.sys iaStor.sys
21:13:07.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x895795c8]
21:13:07.906 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\THPDRV1[0x8af228f8]
21:13:07.906 5 thpdrv.sys[b833ae1f] -> nt!IofCallDriver -> \Device\00000072[0x8a57f920]
21:13:07.906 7 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a57a028]
21:13:09.015 AVAST engine scan C:\WINDOWS
21:13:21.156 AVAST engine scan C:\WINDOWS\system32
21:15:33.796 AVAST engine scan C:\WINDOWS\system32\drivers
21:15:49.250 AVAST engine scan C:\Dokumente und Einstellungen\***
00:39:50.015 AVAST engine scan C:\Dokumente und Einstellungen\All Users
00:41:06.359 Scan finished successfully
06:32:42.203 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
06:32:42.203 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
Gruß,
Jens |
aswMBR.exe und speichere die Datei auf deinem Desktop.