Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   MS Removal Tool, Bildschrim bleibt schwarz (https://www.trojaner-board.de/97088-ms-removal-tool-bildschrim-bleibt-schwarz.html)

selAce 03.04.2011 14:34
MS Removal Tool, Bildschrim bleibt schwarz
 
Hallo,

ich habe ein großes Problem mit dem fake "MS Removal Tool". Wie hier im Forum shcon in einigen anderen Threads beschrieben habe ich mir auch dieses Programm eingefangen mit den üblichen Symptomen. Daraufhin habe ich genau die Anleitung aus dem 2. Post unter folgendem Link befolgt: http://www.trojaner-board.de/96914-m...entfernen.html

Die Logfiles müssten im Anhang sein.

So weit so gut. Nachdem ich die beschriebenen Punkte ausgeführt habe, wollte ich meinen Laptop wieder im normalen Modus starten. Allerdings bleibt mein Bildschirm nach dem Anmelden schwarz und ich kann nur noch den Taskmanager starten und wieder im abgesicherten Modus starten. Was soll ich nun tun? Gibt es eine andere Lösung außer "Format C" ?

Vielen Dank schon mal und beste Grüße

cosinus 03.04.2011 15:27
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Der abgesicherte Modus funktioniert noch?

selAce 03.04.2011 15:34
Weitere Logs von Malwarebytes gibt es nicht. Die entsprechenden Dateien wurden auch in Quarantäne verschoben.

Der abgesicherte Modus funktioniert noch!

cosinus 03.04.2011 15:50
Zitat:
O4 - HKLM..\Run: [avast5] C:\Program Files\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
Wieso hast du Avast und AntiVir drauf?! Sowas sollte man tunlichst sein lassen. Bitte deinstalliere eins der beiden. Nur Malwarebytes und SASW vertragen sich mit anderen Scannern.

selAce 03.04.2011 15:59
Ok, muss ich diesbezüglich dann noch mehr beachten?
Ich habe jetzt zwar eins der beiden Programme deinstalliert, jedoch besteht mein Problem weiterhin, dass der Hintergrund nach der Anmeldung schwarz bleibt.

cosinus 03.04.2011 16:03
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.04.03 12:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\iHc31001aInAf31001
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

selAce 03.04.2011 16:27
Hier die Logdatei:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Folder C:\ProgramData\iHc31001aInAf31001\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: elephant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 181576447 bytes
->Temporary Internet Files folder emptied: 368681584 bytes
->Java cache emptied: 5933943 bytes
->FireFox cache emptied: 104372470 bytes
->Flash cache emptied: 120341 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7967211 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 638,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04032011_171536

cosinus 03.04.2011 16:31
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

selAce 03.04.2011 17:06
Hier die Logdatei:

Code:
ComboFix 11-04-02.05 - Thilo 03.04.2011  17:51:17.1.2 - x86 NETWORK
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.3067.2591 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-03 bis 2011-04-03  ))))))))))))))))))))))))))))))
.
.
2011-04-03 15:55 . 2011-04-03 15:55        --------        d-----w-        c:\users\elephant\AppData\Local\temp
2011-04-03 15:15 . 2011-04-03 15:15        --------        d-----w-        C:\_OTL
2011-04-03 11:40 . 2011-04-03 11:40        --------        d-----w-        c:\users\Thilo\AppData\Roaming\Malwarebytes
2011-04-03 11:40 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 11:40 . 2011-04-03 11:40        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-03 11:40 . 2011-04-03 11:40        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-03 11:40 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-03 10:38 . 2011-04-03 12:23        --------        d-----w-        c:\programdata\iHc31001aInAf31001
2011-04-01 08:46 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4DD0520-5F58-47E8-82B5-8ED1BEC2B0F7}\mpengine.dll
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-09 11:22 . 2011-02-19 05:33        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-09 11:22 . 2011-02-19 05:32        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-09 11:22 . 2011-02-19 05:32        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-03-09 11:22 . 2010-12-23 05:28        850432        ----a-w-        c:\windows\system32\sbe.dll
2011-03-09 11:22 . 2010-12-23 05:28        642048        ----a-w-        c:\windows\system32\CPFilters.dll
2011-03-09 11:22 . 2010-12-23 05:28        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-09 11:22 . 2010-12-23 05:24        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-09 11:22 . 2010-12-18 05:30        2690560        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-09 11:22 . 2010-12-18 05:26        1034240        ----a-w-        c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 13:56 . 2010-06-24 09:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-09 09:17        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-07-05 20:36        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-13 08:47 . 2010-07-05 21:42        38848        ----a-w-        c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-07-05 21:42        188216        ----a-w-        c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-05 21:43        294608        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-05 21:43        47440        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-05 21:43        23632        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-05 21:43        51280        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-05 21:43        17744        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 07:31 . 2011-02-23 09:56        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 09:56        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 09:17        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 09:17        294400        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 09:17        428032        ----a-w-        c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 09:17        2329088        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"OTL"="c:\users\Thilo\Downloads\OTL.exe" [2011-04-03 580608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Thilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Thilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 04:00        199680        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-07 22:23        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Thilo\Desktop\Neuer Ordner\kerneld.wnt [x]
R3 iMSPQMn;iMSPQMn;c:\users\Thilo\AppData\Local\Temp\iMSPQMn.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\flx6yod6.default\
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\users\***\Desktop\Neuer Ordner\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-03  18:03:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-03 16:03
.
Vor Suchlauf: 10 Verzeichnis(se), 90.376.036.352 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 90.153.193.472 Bytes frei
.
- - End Of File - - 2F434D7C267F3634027AE879EA52EA82

cosinus 03.04.2011 17:07
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

selAce 03.04.2011 17:21
Code:
2011/04/03 18:17:46.0810 1608        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 18:17:47.0091 1608        ================================================================================
2011/04/03 18:17:47.0091 1608        SystemInfo:
2011/04/03 18:17:47.0091 1608       
2011/04/03 18:17:47.0091 1608        OS Version: 6.1.7600 ServicePack: 0.0
2011/04/03 18:17:47.0091 1608        Product type: Workstation
2011/04/03 18:17:47.0091 1608        ComputerName: ***-PC
2011/04/03 18:17:47.0091 1608        UserName: ***
2011/04/03 18:17:47.0091 1608        Windows directory: C:\Windows
2011/04/03 18:17:47.0091 1608        System windows directory: C:\Windows
2011/04/03 18:17:47.0091 1608        Processor architecture: Intel x86
2011/04/03 18:17:47.0091 1608        Number of processors: 2
2011/04/03 18:17:47.0091 1608        Page size: 0x1000
2011/04/03 18:17:47.0091 1608        Boot type: Safe boot with network
2011/04/03 18:17:47.0091 1608        ================================================================================
2011/04/03 18:17:47.0449 1608        Initialize success
2011/04/03 18:17:55.0764 1280        ================================================================================
2011/04/03 18:17:55.0764 1280        Scan started
2011/04/03 18:17:55.0764 1280        Mode: Manual;
2011/04/03 18:17:55.0764 1280        ================================================================================
2011/04/03 18:17:57.0745 1280        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/03 18:17:57.0792 1280        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/03 18:17:57.0948 1280        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/03 18:17:58.0011 1280        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/03 18:17:58.0151 1280        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/03 18:17:58.0198 1280        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/03 18:17:58.0369 1280        AFD            (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/03 18:17:58.0401 1280        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/03 18:17:58.0557 1280        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/03 18:17:58.0728 1280        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/03 18:17:58.0744 1280        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/03 18:17:58.0775 1280        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/03 18:17:58.0915 1280        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/03 18:17:58.0947 1280        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/03 18:17:59.0009 1280        amdsata        (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/03 18:17:59.0134 1280        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/03 18:17:59.0165 1280        amdxata        (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/03 18:17:59.0321 1280        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/03 18:17:59.0493 1280        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/03 18:17:59.0524 1280        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/03 18:17:59.0586 1280        aswFsBlk        (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/03 18:17:59.0711 1280        aswMonFlt      (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/03 18:17:59.0773 1280        aswRdr          (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/04/03 18:17:59.0805 1280        aswSP          (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/04/03 18:17:59.0929 1280        aswTdi          (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/04/03 18:17:59.0992 1280        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/03 18:18:00.0023 1280        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/03 18:18:00.0195 1280        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/03 18:18:00.0335 1280        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/03 18:18:00.0522 1280        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/03 18:18:00.0569 1280        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/03 18:18:00.0725 1280        bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/03 18:18:00.0741 1280        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/03 18:18:00.0787 1280        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/03 18:18:00.0834 1280        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/03 18:18:00.0975 1280        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/03 18:18:00.0990 1280        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/03 18:18:01.0021 1280        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/03 18:18:01.0162 1280        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/03 18:18:01.0427 1280        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/03 18:18:01.0505 1280        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/03 18:18:01.0630 1280        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/03 18:18:01.0692 1280        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/03 18:18:01.0848 1280        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/03 18:18:01.0895 1280        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/03 18:18:01.0942 1280        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/03 18:18:02.0067 1280        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/03 18:18:02.0129 1280        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/03 18:18:02.0176 1280        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/03 18:18:02.0316 1280        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/03 18:18:02.0441 1280        DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/03 18:18:02.0566 1280        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/03 18:18:02.0613 1280        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/03 18:18:02.0722 1280        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/03 18:18:02.0831 1280        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/03 18:18:03.0049 1280        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/03 18:18:03.0237 1280        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/03 18:18:03.0283 1280        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/03 18:18:03.0486 1280        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/03 18:18:03.0502 1280        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/03 18:18:03.0564 1280        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/03 18:18:03.0689 1280        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/03 18:18:03.0705 1280        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/03 18:18:03.0751 1280        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/03 18:18:03.0876 1280        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/03 18:18:03.0923 1280        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/03 18:18:03.0970 1280        fssfltr        (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/03 18:18:04.0079 1280        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/03 18:18:04.0157 1280        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/03 18:18:04.0266 1280        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/03 18:18:04.0313 1280        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/03 18:18:04.0375 1280        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/03 18:18:04.0500 1280        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/03 18:18:04.0547 1280        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/03 18:18:04.0578 1280        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/03 18:18:04.0687 1280        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/03 18:18:04.0750 1280        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/03 18:18:04.0890 1280        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/03 18:18:04.0968 1280        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/03 18:18:05.0077 1280        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/03 18:18:05.0124 1280        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/03 18:18:05.0218 1280        iaStorV        (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/03 18:18:05.0327 1280        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/03 18:18:05.0577 1280        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/03 18:18:05.0623 1280        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/03 18:18:05.0655 1280        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/03 18:18:05.0779 1280        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/03 18:18:05.0811 1280        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/03 18:18:05.0873 1280        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/03 18:18:05.0967 1280        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/03 18:18:06.0013 1280        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/03 18:18:06.0138 1280        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/03 18:18:06.0201 1280        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/03 18:18:06.0310 1280        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/03 18:18:06.0341 1280        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/03 18:18:06.0513 1280        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/03 18:18:06.0575 1280        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/03 18:18:06.0591 1280        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/03 18:18:06.0700 1280        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/03 18:18:06.0747 1280        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/03 18:18:06.0887 1280        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/03 18:18:06.0934 1280        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/03 18:18:06.0981 1280        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/03 18:18:07.0121 1280        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/03 18:18:07.0168 1280        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/03 18:18:07.0215 1280        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/03 18:18:07.0355 1280        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/03 18:18:07.0371 1280        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/03 18:18:07.0417 1280        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/03 18:18:07.0558 1280        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/03 18:18:07.0573 1280        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/03 18:18:07.0651 1280        mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/03 18:18:07.0745 1280        mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/03 18:18:07.0776 1280        mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/03 18:18:07.0839 1280        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/03 18:18:07.0932 1280        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/03 18:18:07.0979 1280        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/03 18:18:08.0041 1280        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/03 18:18:08.0151 1280        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/03 18:18:08.0213 1280        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/03 18:18:08.0307 1280        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/03 18:18:08.0338 1280        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/03 18:18:08.0369 1280        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/03 18:18:08.0447 1280        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/03 18:18:08.0556 1280        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/03 18:18:08.0587 1280        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/03 18:18:08.0634 1280        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/03 18:18:08.0759 1280        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/03 18:18:08.0853 1280        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/03 18:18:08.0977 1280        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/03 18:18:09.0040 1280        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/03 18:18:09.0071 1280        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/03 18:18:09.0180 1280        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/03 18:18:09.0211 1280        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/03 18:18:09.0258 1280        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/03 18:18:09.0367 1280        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/03 18:18:09.0664 1280        NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/04/03 18:18:10.0038 1280        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/04/03 18:18:10.0257 1280        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/03 18:18:10.0303 1280        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/03 18:18:10.0475 1280        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/03 18:18:10.0522 1280        Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/03 18:18:10.0693 1280        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/03 18:18:10.0849 1280        NVHDA          (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/03 18:18:11.0115 1280        nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/03 18:18:11.0489 1280        nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/03 18:18:11.0520 1280        nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/03 18:18:11.0676 1280        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/03 18:18:11.0707 1280        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/03 18:18:11.0832 1280        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/03 18:18:11.0863 1280        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/03 18:18:11.0895 1280        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/03 18:18:12.0066 1280        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/03 18:18:12.0082 1280        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/03 18:18:12.0113 1280        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/03 18:18:12.0269 1280        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/03 18:18:12.0300 1280        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/03 18:18:12.0519 1280        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/03 18:18:12.0565 1280        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/03 18:18:12.0721 1280        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/03 18:18:12.0799 1280        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/03 18:18:12.0940 1280        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/03 18:18:12.0971 1280        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/03 18:18:12.0987 1280        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/03 18:18:13.0143 1280        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/03 18:18:13.0174 1280        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/03 18:18:13.0299 1280        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/03 18:18:13.0345 1280        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/03 18:18:13.0470 1280        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/03 18:18:13.0533 1280        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/03 18:18:13.0642 1280        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/03 18:18:13.0689 1280        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/03 18:18:13.0751 1280        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/03 18:18:13.0860 1280        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/03 18:18:13.0891 1280        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/03 18:18:13.0954 1280        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/03 18:18:14.0126 1280        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/03 18:18:14.0172 1280        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/03 18:18:14.0313 1280        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
2011/04/03 18:18:14.0484 1280        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/03 18:18:14.0516 1280        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/03 18:18:14.0687 1280        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/03 18:18:14.0750 1280        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/03 18:18:14.0781 1280        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/03 18:18:14.0906 1280        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/03 18:18:14.0952 1280        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/03 18:18:14.0999 1280        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/03 18:18:15.0093 1280        sffp_sd        (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/03 18:18:15.0140 1280        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/03 18:18:15.0171 1280        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/03 18:18:15.0311 1280        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/03 18:18:15.0342 1280        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/03 18:18:15.0389 1280        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/03 18:18:15.0545 1280        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/03 18:18:15.0623 1280        srv            (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/03 18:18:15.0764 1280        srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/03 18:18:15.0810 1280        srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/03 18:18:15.0966 1280        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/03 18:18:15.0998 1280        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/03 18:18:16.0060 1280        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/03 18:18:16.0169 1280        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/03 18:18:16.0247 1280        Tcpip          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/03 18:18:16.0434 1280        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/03 18:18:16.0590 1280        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/03 18:18:16.0622 1280        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/03 18:18:16.0653 1280        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/03 18:18:16.0778 1280        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/03 18:18:16.0809 1280        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/03 18:18:16.0980 1280        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/03 18:18:17.0090 1280        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/03 18:18:17.0214 1280        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/03 18:18:17.0261 1280        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/03 18:18:17.0402 1280        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/03 18:18:17.0433 1280        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/03 18:18:17.0495 1280        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/03 18:18:17.0620 1280        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/03 18:18:17.0651 1280        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/03 18:18:17.0698 1280        usbehci        (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/03 18:18:17.0854 1280        usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/03 18:18:17.0901 1280        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/03 18:18:18.0057 1280        USBPNPA        (41b758cff0a3c10a69e088f440677399) C:\Windows\system32\drivers\CM108.sys
2011/04/03 18:18:18.0213 1280        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/03 18:18:18.0291 1280        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/03 18:18:18.0431 1280        USBSTOR        (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/03 18:18:18.0462 1280        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/03 18:18:18.0603 1280        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/03 18:18:18.0665 1280        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/03 18:18:18.0790 1280        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/03 18:18:18.0821 1280        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/03 18:18:18.0852 1280        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/03 18:18:18.0993 1280        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/03 18:18:19.0024 1280        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/03 18:18:19.0055 1280        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/03 18:18:19.0196 1280        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/03 18:18:19.0211 1280        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/03 18:18:19.0352 1280        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/03 18:18:19.0383 1280        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/03 18:18:19.0398 1280        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/03 18:18:19.0539 1280        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/03 18:18:19.0570 1280        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/03 18:18:19.0710 1280        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/03 18:18:19.0757 1280        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/03 18:18:19.0898 1280        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 18:18:19.0913 1280        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 18:18:19.0960 1280        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/03 18:18:20.0007 1280        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/03 18:18:20.0210 1280        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/03 18:18:20.0241 1280        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/03 18:18:20.0459 1280        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/03 18:18:20.0522 1280        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/03 18:18:20.0646 1280        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/03 18:18:20.0693 1280        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/03 18:18:20.0756 1280        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/03 18:18:20.0880 1280        yukonw7        (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/04/03 18:18:20.0958 1280        ================================================================================
2011/04/03 18:18:20.0958 1280        Scan finished
2011/04/03 18:18:20.0958 1280        ================================================================================

cosinus 03.04.2011 17:29
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

selAce 03.04.2011 17:46
Log mit GMER:

Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-03 18:45:31
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011E
Running: 4ijrz3qv.exe; Driver: C:\Users\Thilo\AppData\Local\Temp\ugloipod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwSaveKeyEx + 13B1        820448A9 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2  82064312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          autochk.exe                            004311D1 73 Bytes  [10, 08, FE, 75, 41, 8B, 4D, ...]
.text          autochk.exe                            0043121B 4 Bytes  [0F, 84, C8, 00]
.text          autochk.exe                            00431220 129 Bytes  [00, 83, 7D, 18, 00, 7E, 6D, ...]
.text          autochk.exe                            004312A2 1 Byte  [00]
.text          autochk.exe                            004312A2 7 Bytes  [00, 00, C7, 44, 01, 04, 00]
.text          ...                                   

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

selAce 03.04.2011 17:51
Log mit OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:51:11 on 03.04.2011

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\Thilo\AppData\Local\Temp\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"iMSPQMn" (iMSPQMn) - ? - C:\Users\Thilo\AppData\Local\Temp\iMSPQMn.sys  (File not found)
"Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Users\Thilo\Desktop\Neuer Ordner\kerneld.wnt  (File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
"ugloipod" (ugloipod) - ? - C:\Users\Thilo\AppData\Local\Temp\ugloipod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Avast5\ashShell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\Windows\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Thilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
"OTL" - "OldTimer Tools" - "C:\Users\Thilo\Downloads\OTL.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON SX210 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFDE.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Avast5\AvastSvc.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PostgreSQL Database Server 8.3" (pgsql-8.3) - "PostgreSQL Global Development Group" - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

selAce 03.04.2011 17:54
Und zu guter Letzt die .txt-Datei des MBRCheck:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:                Phoenix Technologies Ltd.
System Manufacturer:                SAMSUNG ELECTRONICS CO., LTD.
System Product Name:                R710
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 162):
  0x8200F000 \SystemRoot\system32\ntoskrnl.exe
  0x82410000 \SystemRoot\system32\halmacpi.dll
  0x80BD0000 \SystemRoot\system32\kdcom.dll
  0x8AC1E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8AC96000 \SystemRoot\system32\PSHED.dll
  0x8ACA7000 \SystemRoot\system32\BOOTVID.dll
  0x8ACAF000 \SystemRoot\system32\CLFS.SYS
  0x8ACF1000 \SystemRoot\system32\CI.dll
  0x8AD9C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8AE0D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AE1B000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AE63000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AE6C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AE74000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AE9E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AEA9000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AEBA000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AEC2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AECD000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AEDD000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AF28000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8AF3E000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8AF47000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8AF6A000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8AF74000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8AF82000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8AF8B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8AFBF000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B006000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B135000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B160000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B173000 \SystemRoot\System32\Drivers\cng.sys
  0x8B1D0000 \SystemRoot\System32\drivers\pcw.sys
  0x8B1DE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B1E7000 \SystemRoot\system32\drivers\ndis.sys
  0x8B29E000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B2DC000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B431000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B57A000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B5AB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8B5B4000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B5FB000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B628000 \SystemRoot\System32\Drivers\mup.sys
  0x8B638000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8B640000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B672000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8B683000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8B6DB000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B6E2000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B6E9000 \SystemRoot\System32\drivers\vga.sys
  0x8B6F5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8B716000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B723000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B72B000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8B736000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B744000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8B75B000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B770000 \SystemRoot\system32\drivers\afd.sys
  0x8B7CA000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x8B301000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8B7CF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8B7D6000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8B400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8B411000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8B333000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8B41F000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8B374000 \SystemRoot\system32\drivers\csc.sys
  0x8B3D8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8AFD0000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8B7F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x9003B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x90086000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x90095000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9040A000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
  0x90A86000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x90A90000 \SystemRoot\system32\DRIVERS\yk62x86.sys
  0x90AE1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x90AF9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x90B06000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x90B13000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x90B32000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x90B40000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x90B4D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90B57000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x90B69000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x90B81000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90B8C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x90BAE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x90BC6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x90BDD000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x90BF4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x900B4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90BFE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x900C4000 \SystemRoot\system32\DRIVERS\ks.sys
  0x900F8000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90106000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9014A000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x81110000 \SystemRoot\System32\win32k.sys
  0x90400000 \SystemRoot\System32\drivers\Dxapi.sys
  0x81360000 \SystemRoot\System32\drivers\dxg.sys
  0x81390000 \SystemRoot\System32\TSDDD.dll
  0x9015B000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x81010000 \SystemRoot\System32\framebuf.dll
  0x90171000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x90188000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x9018A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90195000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x901A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x901AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x901BA000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x901C7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x901D2000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x901DC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x81020000 \SystemRoot\System32\ATMFD.DLL
  0x901ED000 \SystemRoot\system32\drivers\WudfPf.sys
  0x90207000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9024D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9025D000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x90276000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x90288000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x902AB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x902E6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x90313000 \??\C:\Users\Thilo\AppData\Local\Temp\ugloipod.sys
  0x77AA0000 \Windows\System32\ntdll.dll
  0x47EA0000 \Windows\System32\smss.exe
  0x77CE0000 \Windows\System32\apisetschema.dll
  0x00430000 \Windows\System32\autochk.exe
  0x77C30000 \Windows\System32\usp10.dll
  0x77960000 \Windows\System32\urlmon.dll
  0x77860000 \Windows\System32\wininet.dll
  0x77660000 \Windows\System32\iertutil.dll
  0x77590000 \Windows\System32\msctf.dll
  0x77430000 \Windows\System32\ole32.dll
  0x77C20000 \Windows\System32\normaliz.dll
  0x77380000 \Windows\System32\rpcrt4.dll
  0x77330000 \Windows\System32\Wldap32.dll
  0x766E0000 \Windows\System32\shell32.dll
  0x76540000 \Windows\System32\setupapi.dll
  0x77BE0000 \Windows\System32\ws2_32.dll
  0x764A0000 \Windows\System32\advapi32.dll
  0x76490000 \Windows\System32\lpk.dll
  0x76440000 \Windows\System32\gdi32.dll
  0x763E0000 \Windows\System32\shlwapi.dll
  0x76380000 \Windows\System32\difxapi.dll
  0x76360000 \Windows\System32\sechost.dll
  0x762B0000 \Windows\System32\msvcrt.dll
  0x761D0000 \Windows\System32\kernel32.dll
  0x761B0000 \Windows\System32\imm32.dll
  0x760E0000 \Windows\System32\user32.dll
  0x76050000 \Windows\System32\clbcatq.dll
  0x76040000 \Windows\System32\psapi.dll
  0x76030000 \Windows\System32\nsi.dll
  0x76000000 \Windows\System32\imagehlp.dll
  0x75F80000 \Windows\System32\comdlg32.dll
  0x75EF0000 \Windows\System32\oleaut32.dll
  0x75ED0000 \Windows\System32\devobj.dll
  0x75DB0000 \Windows\System32\crypt32.dll
  0x75D80000 \Windows\System32\wintrust.dll
  0x75D30000 \Windows\System32\KernelBase.dll
  0x75CA0000 \Windows\System32\comctl32.dll
  0x75C70000 \Windows\System32\cfgmgr32.dll
  0x75C60000 \Windows\System32\msasn1.dll

Processes (total 25):
      0 System Idle Process
      4 System
    248 C:\Windows\System32\smss.exe
    336 csrss.exe
    372 C:\Windows\System32\wininit.exe
    384 csrss.exe
    440 C:\Windows\System32\services.exe
    448 C:\Windows\System32\lsass.exe
    460 C:\Windows\System32\lsm.exe
    568 C:\Windows\System32\svchost.exe
    644 C:\Windows\System32\svchost.exe
    704 C:\Windows\System32\svchost.exe
    736 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\winlogon.exe
    860 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\svchost.exe
    1436 C:\Windows\explorer.exe
    1492 C:\Windows\System32\ctfmon.exe
    1576 C:\Windows\System32\svchost.exe
    1852 C:\Program Files\Mozilla Firefox\firefox.exe
    1948 C:\Users\Thilo\Downloads\MBRCheck.exe
    1464 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00200  (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011E 

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:20 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131