Hallo Arne,
hat heut ein bisserl gedauert bis ich alles zusammen hatte.
Zuerst der GMER-Log. Verlief alles problemlos.
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-28 11:07:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD15EARS-00Z5B1 rev.80.00A80
Running: 3kiv5szq.exe; Driver: C:\Users\Folger\AppData\Local\Temp\uxriipod.sys
---- System - GMER 1.0.15 ----
SSDT 915F13CE ZwCreateSection
SSDT 915F13D8 ZwRequestWaitReplyPort
SSDT 915F13D3 ZwSetContextThread
SSDT 915F13DD ZwSetSecurityObject
SSDT 915F13E2 ZwSystemDebugControl
SSDT 915F136F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830403C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83079D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83080EAC 4 Bytes [CE, 13, 5F, 91] {INTO ; ADC EBX, [EDI-0x6f]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83081208 4 Bytes [D8, 13, 5F, 91] {FCOM DWORD [EBX]; POP EDI; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8308124C 4 Bytes [D3, 13, 5F, 91] {RCL DWORD [EBX], CL; POP EDI; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830812C8 4 Bytes [DD, 13, 5F, 91] {FST QWORD [EBX]; POP EDI; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8308131C 4 Bytes [E2, 13, 5F, 91] {LOOP 0x15; POP EDI; XCHG ECX, EAX}
.text ...
? System32\Drivers\spop.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x92605000, 0x2D1F8A, 0xE8000020]
.text USBPORT.SYS!DllUnload 91F46DB9 5 Bytes JMP 879D04E0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BE0C042] \SystemRoot\System32\Drivers\spop.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BE0C6D6] \SystemRoot\System32\Drivers\spop.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BE0C800] \SystemRoot\System32\Drivers\spop.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BE0C13E] \SystemRoot\System32\Drivers\spop.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C124CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BF562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BF56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C12546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C085AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C04D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C05105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C051DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C06707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C08301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C08850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C090B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C0E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C04C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 868201F8
Device \FileSystem\fastfat \FatCdrom 87A20500
Device \Driver\volmgr \Device\VolMgrControl 8681A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E} 876E6500
Device \Driver\usbohci \Device\USBPDO-0 879D5500
Device \Driver\usbohci \Device\USBPDO-1 879D5500
Device \Driver\usbehci \Device\USBPDO-2 879DA500
Device \Driver\usbohci \Device\USBPDO-3 879D5500
Device \Driver\usbohci \Device\USBPDO-4 879D5500
AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)
Device \Driver\usbehci \Device\USBPDO-5 879DA500
Device \Driver\usbohci \Device\USBPDO-6 879D5500
Device \Driver\volmgr \Device\HarddiskVolume1 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 876B21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort2 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort3 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort4 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort5 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort6 8681C1F8
Device \Driver\atapi \Device\Ide\IdePort7 8681C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8681C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 8681C1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel2 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel3 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8681D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8681D1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume6 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume7 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 876E6500
Device \Driver\volmgr \Device\HarddiskVolume8 8681A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{63BA4981-9B68-4EA4-A3D2-2693FBD1B57B} 876E6500
AttachedDevice \Driver\tdx \Device\Udp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD1D9DD5-1A56-4FD4-98AA-6542B801A20A} 876E6500
Device \Driver\usbohci \Device\USBFDO-0 879D5500
Device \Driver\usbohci \Device\USBFDO-1 879D5500
Device \Driver\usbehci \Device\USBFDO-2 879DA500
Device \Driver\USBSTOR \Device\0000007c 88EBD500
Device \Driver\usbohci \Device\USBFDO-3 879D5500
Device \Driver\USBSTOR \Device\0000007d 88EBD500
Device \Driver\usbohci \Device\USBFDO-4 879D5500
Device \Driver\USBSTOR \Device\0000007e 88EBD500
Device \Driver\usbehci \Device\USBFDO-5 879DA500
Device \Driver\USBSTOR \Device\0000007f 88EBD500
Device \Driver\usbohci \Device\USBFDO-6 879D5500
Device \FileSystem\fastfat \Fat 87A20500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 88EC0500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}\Connection@Name isatap.{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{C5019702-769C-4E2B-B6B3-21D5A81EEE11}?\Device\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}?\Device\{07F2250C-9B73-46F1-ABD8-24668488E31C}?\Device\{8B9CA000-082B-4E3A-863E-9763B6310D6C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{C5019702-769C-4E2B-B6B3-21D5A81EEE11}"?"{ACAF2497-EFB8-458B-97A7-7D5BA359D206}"?"{07F2250C-9B73-46F1-ABD8-24668488E31C}"?"{8B9CA000-082B-4E3A-863E-9763B6310D6C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{C5019702-769C-4E2B-B6B3-21D5A81EEE11}?\Device\TCPIP6TUNNEL_{ACAF2497-EFB8-458B-97A7-7D5BA359D206}?\Device\TCPIP6TUNNEL_{07F2250C-9B73-46F1-ABD8-24668488E31C}?\Device\TCPIP6TUNNEL_{8B9CA000-082B-4E3A-863E-9763B6310D6C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}@InterfaceName isatap.{EDFCCC55-28F1-44AA-8A94-2551AC6EEE4E}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ACAF2497-EFB8-458B-97A7-7D5BA359D206}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0xF0 0xC3 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0xF0 0xC3 0x33 ...
---- EOF - GMER 1.0.15 ----
--- --- ---
OSAM brachte mir dann nachstehende Fehlermeldung: "Unfortunately there are some files that has not yet been alalyzed by our lab." Dabei handelt es sich offensichtlich um die Dateien "GrabPro.DLL", "orbitcth.DLL", "TuneUpUtilitiesService32.exe" und "ZoomIt.exe". Aber der Scan selbst verlief ebenfalls ohne Probleme. Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:21:59 on 28.07.2012
OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1
Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures
Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
"Adobe Flash Player Updater.job" "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists
Control Panel Objects
%SystemRoot%\system32
"FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\Windows\system32\FlashPlayerCPLApp.cpl File exists
|| "US-122_MKII_US-144_MKII.CPL" "TASCAM" C:\Windows\system32\US-122_MKII_US-144_MKII.CPL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL File exists
|||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl File exists
"QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "Advanced SCSI Programming Interface Driver" (ASPI) C:\Windows\System32\DRIVERS\ASPI32.sys File exists
"AMD IO Driver" (amdiox86) C:\Windows\System32\DRIVERS\amdiox86.sys File not found
|||||| "amdide" (amdide) "Advanced Micro Devices Inc." C:\Windows\System32\DRIVERS\amdide.sys File exists
|||||| "amdsata" (amdsata) "Advanced Micro Devices" C:\Windows\System32\DRIVERS\amdsata.sys File exists
|||||| "amdxata" (amdxata) "Advanced Micro Devices" C:\Windows\System32\DRIVERS\amdxata.sys File exists
|||||| "ATI Function Driver for High Definition Audio Service" (AtiHdmiService) "ATI Technologies, Inc." C:\Windows\System32\drivers\AtiHdmi.sys File exists
"avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
"avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
|||||| "avkmgr" (avkmgr) "Avira GmbH" C:\Windows\System32\DRIVERS\avkmgr.sys File exists
"catchme" (catchme) C:\Users\Folger\AppData\Local\Temp\catchme.sys File not found
"Lbd" (Lbd) C:\Windows\System32\DRIVERS\Lbd.sys File not found
"MBAMProtector" (MBAMProtector) "Malwarebytes Corporation" C:\Windows\system32\drivers\mbam.sys File exists
"SANDRA" (SANDRA) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys File not found
"sbapifs" (sbapifs) "GFI Software" C:\Windows\System32\DRIVERS\sbapifs.sys File exists
"SbFw" (SbFw) "GFI Software" C:\Windows\System32\drivers\SbFw.sys File exists
"sbhips" (sbhips) "GFI Software" C:\Windows\System32\drivers\sbhips.sys File exists
"SBRE" (SBRE) "GFI Software" C:\Windows\system32\drivers\SBREdrv.sys File exists
"sbwtis" (sbwtis) "GFI Software" C:\Windows\System32\DRIVERS\sbwtis.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\Windows\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
|||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys File exists
"uxriipod" (uxriipod) C:\Users\Folger\AppData\Local\Temp\uxriipod.sys Hidden registry entry, rootkit activity | File not found
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File exists
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Program Files\7-Zip\7-zip.dll File exists
|||||| {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll File exists
|||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
{c5aec3ec-e812-4677-a9a7-4fee1f9aa000} "Icaros Thumbnail Provider" "Tabibito Technology" C:\Program Files\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll File exists
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll File exists
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL File exists
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll File exists
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll File exists
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"Grab Pro" C:\Program Files\Orbitdownloader\GrabPro.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_30.dll File exists
|| {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class"
file:///F:/components/wmvhdrating.ocx C:\Windows\Downloaded Program Files\wmvhdrating.ocx File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll File exists
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists
|||| {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists
|| "PokerStars" "PokerStars" C:\Program Files\PokerStars\PokerStarsUpdate.exe File exists
|| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"Grab Pro" C:\Program Files\Orbitdownloader\GrabPro.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File exists
|||| {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File exists
|||| {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" "Orbitdownloader.com" C:\Program Files\Orbitdownloader\orbitcth.dll File exists
|| {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
LSA Providers
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
|||||| "Security Packages" "Microsoft Corp." C:\Windows\system32\livessp.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Folger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ANT Agent" "GARMIN Corp." C:\Program Files\Garmin\ANT Agent\ANT Agent.exe File exists
"ZoomIt" "Sysinternals - www.sysinternals.com" C:\Users\Folger\Downloads\ZoomIt43\ZoomIt.exe File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"Ad-Aware Antivirus" "Lavasoft Limited" "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run File exists
"Ad-Aware Browsing Protection" "Lavasoft" "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" File exists
"AppleSyncNotifier" "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File exists
"avgnt" "Avira Operations GmbH & Co. KG" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
"Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
"pdfcmon" "pdfforge GbR" C:\Windows\system32\pdfcmon.dll File exists
|||||| "Redirected Port" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information
|||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
"Ad-Aware" (SBAMSvc) "GFI Software" C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe File exists
"Ad-Aware Service" (Ad-Aware Service) "Lavasoft Limited" C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe File exists
|| "Adobe Acrobat Update Service" (AdobeARMservice) "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe File exists
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists
"AMD FUEL Service" (AMD FUEL Service) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService File not found
"Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe File exists
"Avira Echtzeit Scanner" (AntiVirService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
"Avira Planer" (AntiVirSchedulerService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
"Freemake Improver" (Freemake Improver) "Freemake" C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "Google Update-Dienst (gupdatem)" (gupdatem) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "Google Updater Service" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists
|||||| "HP Network Devices Support" (HPSLPSVC) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL File exists
|||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists
"iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
"MBAMService" (MBAMService) "Malwarebytes Corporation" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe File exists
"Mozilla Maintenance Service" (MozillaMaintenance) "Mozilla Foundation" C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe File exists
|||||| "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) "Nero AG" C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe File exists
|||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists
|||||| "Protexis Licensing V2" (PSI_SVC_2) "Protexis Inc." c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe File exists
|||||| "SeaPort" (SeaPort) "Microsoft Corporation" C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File exists
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe File exists
|||||| "Windows Live ID Sign-in Assistant" (wlidsvc) "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists
|||||| "WindowsLive Local NSP" "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists
|||||| "WindowsLive NSP" "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Abschließend die aswMBR-Logdatei: Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-28 12:44:39
-----------------------------
12:44:39.668 OS Version: Windows 6.1.7601 Service Pack 1
12:44:39.669 Number of processors: 4 586 0x402
12:44:39.671 ComputerName: FOLGER-PC UserName: Folger
12:45:16.577 Initialize success
12:45:25.672 AVAST engine defs: 12072800
12:45:55.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:45:55.280 Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 11
12:45:55.280 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
12:45:55.280 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 11
12:45:55.296 Disk 0 MBR read successfully
12:45:55.296 Disk 0 MBR scan
12:45:55.312 Disk 0 unknown MBR code
12:45:55.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:45:55.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1409190 MB offset 206848
12:45:55.343 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 2886230016
12:45:55.374 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 2928173056
12:45:55.374 Disk 0 scanning sectors +2930275120
12:45:55.421 Disk 0 scanning C:\Windows\system32\drivers
12:46:03.673 Service scanning
12:46:18.088 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:46:22.627 Modules scanning
12:46:26.153 Disk 0 trace - called modules:
12:46:26.184 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8681c1f8]<<
12:46:26.184 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a47030]
12:46:26.200 3 CLASSPNP.SYS[8c5a559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86a0f030]
12:46:26.200 \Driver\atapi[0x86852c28] -> IRP_MJ_CREATE -> 0x8681c1f8
12:46:28.711 AVAST engine scan C:\Windows
12:46:32.830 AVAST engine scan C:\Windows\system32
12:48:53.620 AVAST engine scan C:\Windows\system32\drivers
12:49:04.400 AVAST engine scan C:\Users\Folger
13:03:09.469 AVAST engine scan C:\ProgramData
13:04:42.835 Scan finished successfully
13:12:18.762 Disk 0 MBR has been saved successfully to "C:\Users\Folger\Desktop\MBR.dat"
13:12:18.778 The log file has been saved successfully to "C:\Users\Folger\Desktop\aswMBR.txt"
LG Andreas |
aswMBR.exe und speichere die Datei auf deinem Desktop.