| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HDD Fehler, Desktop leer, Windows Rescue...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.06.2011, 19:17
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  HDD Fehler, Desktop leer, Windows Rescue... Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.06.2011, 22:26
| #17 |
 | HDD Fehler, Desktop leer, Windows Rescue... So. Erstmal GMER log.
__________________Rest kommt morgen. Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-09 23:24:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 77mn5n05.exe; Driver: C:\Users\Aupex\AppData\Local\Temp\ugdyrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91F84DAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91F86FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91F87262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91F874D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91F856BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91F864F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91F86A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x91F8599A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91F86922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x91F84998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91F867F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91F84B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91F86B5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91F85344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91F8688C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91F8824A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91F85E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91F89458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x91F85C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91F8833C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91F88AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91F86AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x91F85740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91F869B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91F84FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91F8883E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91F86BF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91F84ED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91F877DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x91F88DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91F886D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x91F83652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91F86F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91F86E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91F87FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x91F839CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91F892FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x91F835EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91F86238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91F85560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91F8787E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x91F884DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91F88F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91F89020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91F8915A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91F8816E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91F8518E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91F850E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91F88C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91F8527A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91F85442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91F87722]
INT 0x62 ? 87F82F00
INT 0x72 ? 85D60BF8
INT 0x82 ? 85D60BF8
INT 0x92 ? 87F82F00
INT 0xA2 ? 85D5FBF8
INT 0xA2 ? 87F82F00
INT 0xA2 ? 87F82F00
INT 0xA2 ? 85D5FBF8
INT 0xB2 ? 87F82F00
INT 0xB2 ? 87F82F00
INT 0xB3 ? 87F82F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 82CB489C 4 Bytes [AA, 4D, F8, 91] {STOSB ; DEC EBP; CLC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 82CB48C0 8 Bytes CALL E55D4134
.text ntkrnlpa.exe!KeSetEvent + 181 82CB4904 4 Bytes [D8, 74, F8, 91] {FDIV DWORD [EAX+EDI*8-0x6f]}
.text ntkrnlpa.exe!KeSetEvent + 1A9 82CB492C 4 Bytes [BE, 56, F8, 91]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82CB4944 4 Bytes [F2, 64, F8, 91]
.text ...
? system32\drivers\bcywctyd.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\spzp.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 8B931B2E 5 Bytes JMP 85D601D8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90A06380, 0x34F1E7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8C7D041B 5 Bytes JMP 87F824E0
.text aguzti75.SYS 91509000 22 Bytes [82, 93, FC, 82, 6C, 92, FC, ...]
.text aguzti75.SYS 91509017 137 Bytes [00, 32, 17, 3A, 83, 3D, 15, ...]
.text aguzti75.SYS 915090A1 43 Bytes [10, CB, 82, 74, 06, C5, 82, ...]
.text aguzti75.SYS 915090CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text aguzti75.SYS 915090DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
.text win32k.sys!EngMulDiv + 4D3C 9CAB9CAB 5 Bytes JMP 8A204610
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [832986D2] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83298040] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [832987FC] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [832980BE] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8329813C] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [832A8048] \SystemRoot\System32\Drivers\spzp.sys
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\aguzti75.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86B241F8
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \FileSystem\fastfat \FatCdrom 87671350
Device \Driver\volmgr \Device\VolMgrControl 85D621F8
Device \Driver\netbt \Device\NetBT_Tcpip_{14436A7B-9E23-494B-A111-E37191A2C976} 899051F8
Device \Driver\usbuhci \Device\USBPDO-0 87F7C1F8
Device \Driver\PCI_PNP2992 \Device\00000051 spzp.sys
Device \Driver\usbuhci \Device\USBPDO-1 87F7C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7E4D3FD4-2868-44D7-9825-067520FD8405} 899051F8
Device \Driver\usbehci \Device\USBPDO-2 87FA11F8
Device \Driver\usbuhci \Device\USBPDO-3 87F7C1F8
Device \Driver\usbuhci \Device\USBPDO-4 87F7C1F8
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\usbuhci \Device\USBPDO-5 87F7C1F8
Device \Driver\usbehci \Device\USBPDO-6 87FA11F8
Device \Driver\volmgr \Device\HarddiskVolume1 85D621F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\volmgr \Device\HarddiskVolume2 85D621F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\cdrom \Device\CdRom0 87F521F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86B221F8
Device \Driver\atapi \Device\Ide\IdePort0 86B221F8
Device \Driver\atapi \Device\Ide\IdePort1 86B221F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 86B221F8
Device \Driver\volmgr \Device\HarddiskVolume3 85D621F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\cdrom \Device\CdRom1 87F521F8
Device \Driver\sptd \Device\3090105492 spzp.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 899051F8
Device \Driver\Smb \Device\NetbiosSmb 89ADE500
Device \Driver\iScsiPrt \Device\RaidPort0 8802C1F8
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\usbuhci \Device\USBFDO-0 87F7C1F8
Device \Driver\usbuhci \Device\USBFDO-1 87F7C1F8
Device \Driver\usbehci \Device\USBFDO-2 87FA11F8
Device \Driver\usbuhci \Device\USBFDO-3 87F7C1F8
Device \Driver\usbuhci \Device\USBFDO-4 87F7C1F8
Device \Driver\usbuhci \Device\USBFDO-5 87F7C1F8
Device \Driver\usbehci \Device\USBFDO-6 87FA11F8
Device \Driver\aguzti75 \Device\Scsi\aguzti751 87F94500
Device \Driver\Si3531 \Device\Scsi\Si35311Port2Path0Target1fLun0 86B231F8
Device \Driver\Si3531 \Device\Scsi\Si35311 86B231F8
Device \Driver\aguzti75 \Device\Scsi\aguzti751Port4Path0Target0Lun0 87F94500
Device \FileSystem\fastfat \Fat 87671350
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \FileSystem\cdfs \Cdfs 866381F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0x54 0xD1 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xB4 0x59 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3E 0xF7 0xFD 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xB5 0x0A 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0x54 0xD1 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xB4 0x59 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3E 0xF7 0xFD 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xB5 0x0A 0x49 ...
---- EOF - GMER 1.0.15 ----
|
|
10.06.2011, 11:16
| #18 |
| | HDD Fehler, Desktop leer, Windows Rescue...Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:58:59 on 10.06.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab ZAO" - D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll "AppInit_DLLs" - "Kaspersky Lab ZAO" - D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights 10" - "Nero AG" - D:\Program Files\nero10\Nero BurnRights\NeroBurnRights_10.cpl "QuickTime" - "Apple Inc." - D:\Program Files\QuickTime\QTSystem\QuickTime.cpl "TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a14719il" (a14719il) - "Microsoft Corporation" - C:\Windows\system32\drivers\a14719il.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm251.sys "afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys "catchme" (catchme) - ? - C:\Users\Aupex\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyDelay.sys "Hotcore helper" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "MGHwCtrl" (MGHwCtrl) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\MGHwCtrl.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SbieDrv" (SbieDrv) - "tzuk" - d:\Program Files\Sandboxie\SbieDrv.sys "Sony Ericsson Device 0016 driver (WDM)" (s0016bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016bus.sys "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)" (s0016nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016nd5.sys "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)" (s0016unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016unic.sys "Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)" (s0016mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mgmt.sys "Sony Ericsson Device 0016 USB WMC Modem Driver" (s0016mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdm.sys "Sony Ericsson Device 0016 USB WMC Modem Filter" (s0016mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdfl.sys "Sony Ericsson Device 0016 USB WMC OBEX Interface" (s0016obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016obex.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - D:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Program Files\Acronis\TrueImageHome\tishell.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell-Erweiterungskomponente" - ? - D:\Program Files\Cdraw\Graphics10\Draw\CdrViewer\CrlShell100.dll {8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\system32\erasext.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - d:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - d:\Program Files\Logitech\SetPoint\kbcplext.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - d:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} "Battlefield Play4Free Updater" - "EA Digital Illusions CE AB" - C:\Windows\Downloaded Program Files\BP4FUpdater.dll / https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - d:\Program Files\Spybot2\SDHelper.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - d:\Program Files\Free Download Manager\iefdm2.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - d:\Program Files\Spybot2\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer Networking Limited" - d:\Program Files\Spybot2\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "AVP" - "Kaspersky Lab ZAO" - "D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" "CloneCDTray" - "SlySoft, Inc." - "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "MGSysCtrl" - "MSI" - C:\Program Files\System Control Manager\MGSysCtrl.exe "NBAgent" - "Nero AG" - "D:\Program Files\nero10\Nero BackItUp\NBAgent.exe" /WinStart "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TrayServer" - "MAGIX AG" - D:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Kaspersky Security Suite CBE 11 Service" (AVP) - "Kaspersky Lab ZAO" - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Sandboxie Service" (SbieSvc) - "tzuk" - d:\Program Files\Sandboxie\SbieSvc.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - D:\Program Files\Spybot2\SDWinSec.exe "SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe (File found, but it contains no detailed information) "SQL Server (JTLWAWI)" (MSSQL$JTLWAWI) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBR-Check: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 173):
0x82C08000 \SystemRoot\system32\ntkrnlpa.exe
0x82FC2000 \SystemRoot\system32\hal.dll
0x80605000 \SystemRoot\system32\kdcom.dll
0x8060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067C000 \SystemRoot\system32\PSHED.dll
0x8068D000 \SystemRoot\system32\BOOTVID.dll
0x80695000 \SystemRoot\system32\CLFS.SYS
0x806D6000 \SystemRoot\system32\CI.dll
0x83208000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83284000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83291000 \SystemRoot\System32\Drivers\spat.sys
0x83391000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8339A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B6000 \SystemRoot\system32\drivers\acpi.sys
0x833C0000 \SystemRoot\system32\drivers\msisadrv.sys
0x833C8000 \SystemRoot\system32\drivers\pci.sys
0x833EF000 \SystemRoot\System32\drivers\partmgr.sys
0x83200000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B800000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B80A000 \SystemRoot\system32\drivers\volmgr.sys
0x8B819000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B863000 \SystemRoot\system32\drivers\intelide.sys
0x8B86A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B878000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B888000 \SystemRoot\system32\drivers\atapi.sys
0x8B890000 \SystemRoot\system32\drivers\ataport.SYS
0x8B8AE000 \SystemRoot\system32\DRIVERS\Si3531.sys
0x8B8E4000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B916000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B926000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B935000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8B938000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B942000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA07000 \SystemRoot\system32\drivers\ndis.sys
0x8BB12000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCFA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD15000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BE06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF16000 \SystemRoot\system32\drivers\volsnap.sys
0x8C003000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x8C0DE000 \SystemRoot\System32\Drivers\spldr.sys
0x8C0E6000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8C10B000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x8C10D000 \SystemRoot\System32\Drivers\mup.sys
0x8C205000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8C727000 \SystemRoot\System32\drivers\ecache.sys
0x8C74E000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8C753000 \SystemRoot\system32\drivers\disk.sys
0x8C764000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8C785000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C79B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x90E07000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9153E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x915DE000 \SystemRoot\System32\drivers\watchdog.sys
0x915EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C7A4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C7E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C11C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91603000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x9182A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x91842000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x91852000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x91860000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9187A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x91889000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x9189D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x918B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x918BB000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x918C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x918CF000 \SystemRoot\system32\DRIVERS\enecir.sys
0x918E1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x918E5000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x918E7000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x918EE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91906000 \SystemRoot\System32\Drivers\a14719il.SYS
0x9193C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9194B000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x9195B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9198A000 \SystemRoot\system32\DRIVERS\storport.sys
0x919CB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x919D6000 \SystemRoot\System32\Drivers\RootMdm.sys
0x919DE000 \SystemRoot\system32\drivers\modem.sys
0x8C1A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x919EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C7F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C1E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BF4F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BF64000 \SystemRoot\system32\DRIVERS\termdd.sys
0x919F6000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x919FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BF74000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BF9E000 \SystemRoot\system32\DRIVERS\circlass.sys
0x915F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91600000 \SystemRoot\system32\DRIVERS\lgbtbus.sys
0x8C78E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BFAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFE1000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8BFEC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E00000 \SystemRoot\system32\DRIVERS\lgvmodem.sys
0x90E04000 \SystemRoot\system32\DRIVERS\lgbtport.sys
0x92002000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BD9F000 \SystemRoot\system32\drivers\portcls.sys
0x921DB000 \SystemRoot\system32\drivers\drmk.sys
0x92202000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9231E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92320000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9232B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9233B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92342000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9234B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92353000 \SystemRoot\system32\DRIVERS\klif.sys
0x923D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x923DF000 \SystemRoot\System32\Drivers\Null.SYS
0x923E6000 \SystemRoot\System32\Drivers\Beep.SYS
0x923ED000 \SystemRoot\System32\drivers\vga.sys
0x8BDCC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C1F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDF5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BB78000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BC00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BB86000 \SystemRoot\system32\DRIVERS\tdx.sys
0x923F9000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x8BB9C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BBA5000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8BBAD000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8BE00000 \SystemRoot\system32\DRIVERS\kl2.sys
0x8BBB5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B9B3000 \SystemRoot\system32\drivers\afd.sys
0x8BBC9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92805000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9281B000 \SystemRoot\system32\DRIVERS\klim6.sys
0x92823000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92831000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92844000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92880000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9288A000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9288F000 \SystemRoot\System32\Drivers\dfsc.sys
0x9CC30000 \SystemRoot\System32\win32k.sys
0x928B3000 \SystemRoot\System32\drivers\Dxapi.sys
0x928BD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CE50000 \SystemRoot\System32\TSDDD.dll
0x9CE70000 \SystemRoot\System32\cdd.dll
0x928CC000 \SystemRoot\system32\drivers\luafv.sys
0x928EF000 \SystemRoot\system32\drivers\spsys.sys
0x9299F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x929AF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x929D9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x929E3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA3204000 \SystemRoot\system32\drivers\HTTP.sys
0xA3271000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA328E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA32A7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA32BC000 \SystemRoot\system32\drivers\mrxdav.sys
0xA32DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA32FC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3335000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA334D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3375000 \SystemRoot\System32\DRIVERS\srv.sys
0xA33C4000 \SystemRoot\system32\DRIVERS\afcdp.sys
0xA5009000 \SystemRoot\system32\drivers\peauth.sys
0xA50E7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA50F1000 \??\d:\Program Files\Sandboxie\SbieDrv.sys
0xA510F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA511B000 \??\C:\Windows\system32\drivers\MGHwCtrl.sys
0xA5125000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA513B000 \??\C:\Windows\system32\drivers\mbam.sys
0xA5154000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77640000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll
Processes (total 73):
0 System Idle Process
4 System
648 C:\Windows\System32\smss.exe
748 csrss.exe
800 C:\Windows\System32\wininit.exe
808 csrss.exe
844 C:\Windows\System32\services.exe
864 C:\Windows\System32\lsass.exe
872 C:\Windows\System32\lsm.exe
1024 C:\Windows\System32\winlogon.exe
1048 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\nvvsvc.exe
1128 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\audiodg.exe
1472 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\SLsvc.exe
1540 C:\Windows\System32\svchost.exe
1616 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1832 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\spoolsv.exe
2040 C:\Windows\System32\svchost.exe
736 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
904 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
792 D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1368 C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
1632 C:\Windows\System32\agrsmsvc.exe
1824 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
1896 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
2148 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2256 C:\Program Files\Nero\Update\NASvc.exe
2300 C:\Program Files\System Control Manager\edd.exe
2332 C:\Windows\System32\PnkBstrA.exe
2356 C:\Windows\System32\svchost.exe
2424 D:\Program Files\Sandboxie\SbieSvc.exe
2508 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2520 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2548 C:\Windows\System32\svchost.exe
2616 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2672 C:\Windows\System32\SearchIndexer.exe
2856 D:\Program Files\Spybot2\SDWinSec.exe
3228 C:\Windows\System32\taskeng.exe
204 C:\Windows\System32\taskeng.exe
2944 C:\Windows\System32\dwm.exe
3584 C:\Windows\explorer.exe
3612 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
1640 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
1800 C:\Program Files\System Control Manager\MGSysCtrl.exe
1152 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2340 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3992 C:\Windows\RtHDVCpl.exe
1924 C:\Windows\System32\rundll32.exe
4012 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
420 C:\Program Files\Windows Media Player\wmpnscfg.exe
12 C:\Windows\System32\rundll32.exe
4000 C:\Program Files\Windows Sidebar\sidebar.exe
3812 D:\Program Files\Spybot2\TeaTimer.exe
4148 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4464 C:\Program Files\Windows Sidebar\sidebar.exe
5980 C:\Windows\System32\svchost.exe
4912 D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
5188 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5432 C:\Windows\System32\taskeng.exe
2800 C:\Windows\System32\mobsync.exe
5400 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3208 C:\Windows\System32\conime.exe
4832 D:\Program Files\Mozilla Firefox\firefox.exe
5640 C:\Windows\System32\SearchProtocolHost.exe
5884 C:\Windows\System32\SearchFilterHost.exe
5120 C:\Users\Aupex\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`770d7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`029d5600 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
|
|
10.06.2011, 12:14
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Fehler, Desktop leer, Windows Rescue... Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2011, 21:22
| #20 |
| | HDD Fehler, Desktop leer, Windows Rescue... MBR Check Log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 172):
0x82C50000 \SystemRoot\system32\ntkrnlpa.exe
0x82C1D000 \SystemRoot\system32\hal.dll
0x8060D000 \SystemRoot\system32\kdcom.dll
0x80614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80684000 \SystemRoot\system32\PSHED.dll
0x80695000 \SystemRoot\system32\BOOTVID.dll
0x8069D000 \SystemRoot\system32\CLFS.SYS
0x806DE000 \SystemRoot\system32\CI.dll
0x83203000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8327F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8328C000 \SystemRoot\System32\Drivers\spaf.sys
0x8338C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x83395000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B807000 \SystemRoot\system32\drivers\acpi.sys
0x8B84D000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B855000 \SystemRoot\system32\drivers\pci.sys
0x8B87C000 \SystemRoot\System32\drivers\partmgr.sys
0x8B88B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B88E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B898000 \SystemRoot\system32\drivers\volmgr.sys
0x8B8A7000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B8F1000 \SystemRoot\system32\drivers\intelide.sys
0x8B8F8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B906000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B916000 \SystemRoot\system32\drivers\atapi.sys
0x8B91E000 \SystemRoot\system32\drivers\ataport.SYS
0x8B93C000 \SystemRoot\system32\DRIVERS\Si3531.sys
0x8B972000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B9A4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B9B4000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B9C3000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8B9C6000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8BA00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA71000 \SystemRoot\system32\drivers\ndis.sys
0x8BB7C000 \SystemRoot\system32\drivers\msrpc.sys
0x8BBA7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC05000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD0D000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BE0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF1E000 \SystemRoot\system32\drivers\volsnap.sys
0x8C00F000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x8C0EA000 \SystemRoot\System32\Drivers\spldr.sys
0x8C0F2000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8C117000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x8C119000 \SystemRoot\System32\Drivers\mup.sys
0x8C208000 \SystemRoot\system32\DRIVERS\kl1.sys
0x8C72A000 \SystemRoot\System32\drivers\ecache.sys
0x8C751000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8C756000 \SystemRoot\system32\drivers\disk.sys
0x8C767000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8C788000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C79E000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x90801000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90F38000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90FD8000 \SystemRoot\System32\drivers\watchdog.sys
0x90FE4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C7A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90FEF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C128000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91207000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x9142E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x91446000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x91456000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x91464000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9147E000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x9148D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x914A1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x914B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x914BF000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x914C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x914D3000 \SystemRoot\system32\DRIVERS\enecir.sys
0x914E5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x914E9000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x914EB000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x914F2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9150A000 \SystemRoot\System32\Drivers\aogv80ko.SYS
0x91540000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9154F000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x9155F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9158E000 \SystemRoot\system32\DRIVERS\storport.sys
0x915CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x915DA000 \SystemRoot\System32\Drivers\RootMdm.sys
0x915E2000 \SystemRoot\system32\drivers\modem.sys
0x8C7E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x915EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C1D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C1E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BF57000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BF6C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x915FA000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x91200000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BF7C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C000000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8C791000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91202000 \SystemRoot\system32\DRIVERS\lgbtbus.sys
0x8BFA6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BFB3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFE8000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8BD97000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C7FC000 \SystemRoot\system32\DRIVERS\lgvmodem.sys
0x8C200000 \SystemRoot\system32\DRIVERS\lgbtport.sys
0x91A0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BDA8000 \SystemRoot\system32\drivers\portcls.sys
0x8BDD5000 \SystemRoot\system32\drivers\drmk.sys
0x91E0F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91F2B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91F2D000 \SystemRoot\system32\DRIVERS\hidir.sys
0x91F38000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91F48000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91F4F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91F58000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91F60000 \SystemRoot\system32\DRIVERS\klif.sys
0x91FE3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91FEC000 \SystemRoot\System32\Drivers\Null.SYS
0x91FF3000 \SystemRoot\System32\Drivers\Beep.SYS
0x91E00000 \SystemRoot\System32\drivers\vga.sys
0x8B9D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91BE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91BEB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91BF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BE00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91A00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BBE2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BDFA000 \SystemRoot\system32\DRIVERS\kl2.sys
0x833BB000 \SystemRoot\system32\DRIVERS\smb.sys
0x92005000 \SystemRoot\system32\drivers\afd.sys
0x9204D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9207F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92095000 \SystemRoot\system32\DRIVERS\klim6.sys
0x9209D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x920AB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x920BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x920FA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92104000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x92109000 \SystemRoot\System32\Drivers\dfsc.sys
0x9CAB0000 \SystemRoot\System32\win32k.sys
0x9212D000 \SystemRoot\System32\drivers\Dxapi.sys
0x92137000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CCD0000 \SystemRoot\System32\TSDDD.dll
0x9CCF0000 \SystemRoot\System32\cdd.dll
0x92146000 \SystemRoot\system32\drivers\luafv.sys
0xA240A000 \SystemRoot\system32\drivers\spsys.sys
0xA24BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA24CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA24F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA24FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2511000 \SystemRoot\system32\drivers\HTTP.sys
0xA257E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA259B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA25B4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA25C9000 \SystemRoot\system32\drivers\mrxdav.sys
0x92169000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x92188000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x921C1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x833CF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3207000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3256000 \SystemRoot\system32\DRIVERS\afcdp.sys
0xA327C000 \SystemRoot\system32\drivers\peauth.sys
0xA335A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3364000 \??\d:\Program Files\Sandboxie\SbieDrv.sys
0xA3382000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA338E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA33A4000 \??\C:\Windows\system32\drivers\MGHwCtrl.sys
0xA33AE000 \??\C:\Windows\system32\drivers\mbam.sys
0xA33D6000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xA33DC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA33E5000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xA33ED000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x77B70000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll
Processes (total 69):
0 System Idle Process
4 System
712 C:\Windows\System32\smss.exe
836 csrss.exe
888 C:\Windows\System32\wininit.exe
900 csrss.exe
932 C:\Windows\System32\services.exe
952 C:\Windows\System32\lsass.exe
960 C:\Windows\System32\lsm.exe
1116 C:\Windows\System32\winlogon.exe
1140 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\nvvsvc.exe
1216 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\audiodg.exe
1576 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\SLsvc.exe
1656 C:\Windows\System32\svchost.exe
1728 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1908 C:\Windows\System32\svchost.exe
520 C:\Windows\System32\spoolsv.exe
648 C:\Windows\System32\svchost.exe
904 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
956 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
1388 D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1744 C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
1904 C:\Windows\System32\agrsmsvc.exe
756 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
2096 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
2160 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2280 C:\Program Files\Nero\Update\NASvc.exe
2324 C:\Program Files\System Control Manager\edd.exe
2356 C:\Windows\System32\PnkBstrA.exe
2392 C:\Windows\System32\svchost.exe
2460 D:\Program Files\Sandboxie\SbieSvc.exe
2512 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2556 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2592 C:\Windows\System32\svchost.exe
2636 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2660 C:\Windows\System32\SearchIndexer.exe
2876 D:\Program Files\Spybot2\SDWinSec.exe
3256 C:\Windows\System32\dwm.exe
3344 C:\Windows\explorer.exe
3352 C:\Windows\System32\taskeng.exe
3424 C:\Windows\System32\taskeng.exe
3788 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4020 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
1812 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
2508 C:\Program Files\System Control Manager\MGSysCtrl.exe
2288 C:\Windows\RtHDVCpl.exe
3376 C:\Windows\System32\rundll32.exe
3420 C:\Windows\System32\rundll32.exe
3548 D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
1896 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3736 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3136 C:\Program Files\Windows Media Player\wmpnscfg.exe
3328 C:\Program Files\Windows Sidebar\sidebar.exe
2448 D:\Program Files\Spybot2\TeaTimer.exe
3680 C:\Program Files\Windows Sidebar\sidebar.exe
5912 C:\Windows\System32\svchost.exe
4204 D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
5308 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
3956 C:\Windows\System32\taskeng.exe
4416 D:\Program Files\Mozilla Firefox\firefox.exe
5420 C:\Users\Aupex\Desktop\MBRCheck.exe
5076 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`770d7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`029d5600 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
14.06.2011, 09:12
| #21 |
| | HDD Fehler, Desktop leer, Windows Rescue... Gmer Log: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-14 10:09:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 77mn5n05.exe; Driver: C:\Users\Aupex\AppData\Local\Temp\ugdyrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91F80DAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91F82FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91F83262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91F834D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91F816BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91F824F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91F82A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x91F8199A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91F82922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x91F80998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91F827F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91F80B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91F82B5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91F81344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91F8288C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91F8424A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91F81E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91F85458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x91F81C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91F8433C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91F84AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91F82AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x91F81740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91F829B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91F80FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91F8483E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91F82BF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91F80ED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91F837DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x91F84DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91F846D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x91F7F652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91F82F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91F82E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91F83FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x91F7F9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91F852FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x91F7F5EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91F82238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91F81560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91F8387E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x91F844DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91F84F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91F85020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91F8515A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91F8416E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91F8118E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91F810E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91F84C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91F8127A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91F81442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91F83722]
INT 0x62 ? 87EC0F00
INT 0x72 ? 85D5FBF8
INT 0x82 ? 85D5FBF8
INT 0x92 ? 87EC0F00
INT 0xA2 ? 85D5EBF8
INT 0xA2 ? 87EC0F00
INT 0xA2 ? 87EC0F00
INT 0xA2 ? 85D5EBF8
INT 0xB2 ? 87EC0F00
INT 0xB2 ? 87EC0F00
INT 0xB3 ? 87EC0F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 82CFC89C 4 Bytes [AA, 0D, F8, 91]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CFC8C0 8 Bytes CALL E561C0F4
.text ntkrnlpa.exe!KeSetEvent + 181 82CFC904 4 Bytes [D8, 34, F8, 91] {FDIV DWORD [EAX+EDI*8]; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1A9 82CFC92C 4 Bytes [BE, 16, F8, 91]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82CFC944 4 Bytes JMP F824F282
.text ...
? System32\Drivers\spov.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 8B8A6B2E 5 Bytes JMP 85D5F1D8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90801380, 0x34F1E7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8C7DC41B 5 Bytes JMP 87EC04E0
.text ao5fllsn.SYS 91311000 22 Bytes [82, 43, C2, 82, 6C, 42, C2, ...]
.text ao5fllsn.SYS 91311017 137 Bytes [00, 32, 47, 39, 83, 3D, 45, ...]
.text ao5fllsn.SYS 913110A1 43 Bytes [90, CF, 82, 74, 86, C9, 82, ...]
.text ao5fllsn.SYS 913110CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ao5fllsn.SYS 913110DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...
.text win32k.sys!EngMulDiv + 4D3C 9CA99CAB 5 Bytes JMP 8A2A0610
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8328B6D2] \SystemRoot\System32\Drivers\spov.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8328B040] \SystemRoot\System32\Drivers\spov.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8328B7FC] \SystemRoot\System32\Drivers\spov.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8328B0BE] \SystemRoot\System32\Drivers\spov.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8328B13C] \SystemRoot\System32\Drivers\spov.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8329B048] \SystemRoot\System32\Drivers\spov.sys
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\ao5fllsn.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86B231F8
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \Driver\sptd \Device\3895462074 spov.sys
Device \Driver\volmgr \Device\VolMgrControl 85D611F8
Device \Driver\netbt \Device\NetBT_Tcpip_{14436A7B-9E23-494B-A111-E37191A2C976} 89819500
Device \Driver\usbuhci \Device\USBPDO-0 87ED1500
Device \Driver\PCI_PNP9574 \Device\00000051 spov.sys
Device \Driver\usbuhci \Device\USBPDO-1 87ED1500
Device \Driver\netbt \Device\NetBT_Tcpip_{7E4D3FD4-2868-44D7-9825-067520FD8405} 89819500
Device \Driver\usbehci \Device\USBPDO-2 87EE71F8
Device \Driver\usbuhci \Device\USBPDO-3 87ED1500
Device \Driver\usbuhci \Device\USBPDO-4 87ED1500
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\usbuhci \Device\USBPDO-5 87ED1500
Device \Driver\usbehci \Device\USBPDO-6 87EE71F8
Device \Driver\volmgr \Device\HarddiskVolume1 85D611F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\volmgr \Device\HarddiskVolume2 85D611F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\cdrom \Device\CdRom0 88083500
Device \Driver\volmgr \Device\HarddiskVolume3 85D611F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\cdrom \Device\CdRom1 88083500
Device \Driver\netbt \Device\NetBt_Wins_Export 89819500
Device \Driver\Smb \Device\NetbiosSmb 8981A500
Device \Driver\iScsiPrt \Device\RaidPort0 87EDF1F8
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\usbuhci \Device\USBFDO-0 87ED1500
Device \Driver\usbuhci \Device\USBFDO-1 87ED1500
Device \Driver\usbehci \Device\USBFDO-2 87EE71F8
Device \Driver\usbuhci \Device\USBFDO-3 87ED1500
Device \Driver\usbuhci \Device\USBFDO-4 87ED1500
Device \Driver\usbuhci \Device\USBFDO-5 87ED1500
Device \Driver\usbehci \Device\USBFDO-6 87EE71F8
Device \Driver\Si3531 \Device\Scsi\Si35311Port2Path0Target1fLun0 86B221F8
Device \Driver\Si3531 \Device\Scsi\Si35311 86B221F8
Device \Driver\ao5fllsn \Device\Scsi\ao5fllsn1Port4Path0Target0Lun0 87FB8500
Device \Driver\ao5fllsn \Device\Scsi\ao5fllsn1 87FB8500
Device \FileSystem\cdfs \Cdfs 8A68D500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0x54 0xD1 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xB4 0x59 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3E 0xF7 0xFD 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xB5 0x0A 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0x54 0xD1 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xB4 0x59 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3E 0xF7 0xFD 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0xB5 0x0A 0x49 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Aupex\AppData\Local\temp\~DF4C74.tmp 0 bytes
File C:\Users\Aupex\AppData\Local\temp\~DF4C8C.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
|
|
14.06.2011, 10:08
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Fehler, Desktop leer, Windows Rescue... Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.06.2011, 17:07
| #23 |
| | HDD Fehler, Desktop leer, Windows Rescue... So erstmal Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6861
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
15.06.2011 18:00:56
mbam-log-2011-06-15 (18-00-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 514239
Laufzeit: 2 Stunde(n), 11 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
d:\spiele\mohaa\ereg mohaab\go_ez.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Gruss |
|
15.06.2011, 21:07
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Fehler, Desktop leer, Windows Rescue...Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.06.2011, 21:26
| #25 |
| | HDD Fehler, Desktop leer, Windows Rescue... Original, Ebay oder Amazon UK. Medal of Honor War Chest (Mohaa 1 und alle erweiterungen.) Deinstallieren? |
|
15.06.2011, 21:53
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Fehler, Desktop leer, Windows Rescue... Dann wird es wohl eher ein Fehlalarm sein. Werte die Datei aber bitte sicherheitshalber bei VirusTotal - Free Online Virus, Malware and URL Scanner hoch und poste den Ergebnislink. Vorher musst du sie aus der Q von MBAM aber wiederherstellen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 14:14
| #27 |
| | HDD Fehler, Desktop leer, Windows Rescue... Theoretisch könnte ich das Spiel aber auch deinstallieren, da ich es schon lange nicht mehr gespielt habe. Ist es möglich, das eine Datei beim Online-Spielen Infiziert wird? (Wäre meine einzige Erklärung?). Logs von SUPERAntiSpyware folgen |
|
16.06.2011, 14:45
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Fehler, Desktop leer, Windows Rescue...Zitat:
 Ich glaube aber eher an einem Fehlalarm. Wenn das Spiel eh nicht mehr genutzt wird kann es aber weg.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2011, 17:00
| #29 |
| | HDD Fehler, Desktop leer, Windows Rescue... Hier ist das Logfile von SASW Blöde frage: Wie kommt Malware von Pornsites auf einen Rechner, auf dem definitiv (nur ich habe Zugang und der Rechner ist für meine Buchhaltung und Geschäftsdaten in Beschlag. Von ein paar Spielen und Musik bzw. Videoschnitt- und Bildbearbeitungssoftware mal abgesehen.) keine Pornsites aufgerufen werden? Irgendwie findet jedes Programm mehr Malware. Ist dieser Rechner noch zu retten, oder sollte ich das System besser neu aufsetzen? Log: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/20/2011 at 05:32 PM
Application Version : 4.54.1000
Core Rules Database Version : 7288
Trace Rules Database Version: 5100
Scan type : Complete Scan
Total Scan Time : 03:14:29
Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 14701
Registry threats detected : 0
File items scanned : 291439
File threats detected : 20
Adware.Tracking Cookie
aka-cdn-ns.adtech.de [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
files.youporn.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
ia.media-imdb.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
media.stage-entertainment.de [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
media1.shufuni.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
pornder.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
s0.2mdn.net [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
sftrack.searchforce.net [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
static.sunporno.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
static1.pornturbo.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
vht.tradedoubler.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
vidii.hardsextube.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
www.adservercentral.info [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
www.alphaporno.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
www.mypornmotion.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
www.naiadsystems.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
www.pornative.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
www.sexe911.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
wwwstatic.megaporn.com [ C:\Users\Aupex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L27QZQRJ ]
Trojan.Agent/Gen-Clicker
D:\PROGRAM FILES\MIXXX\UNINSTALL.EXE
|
|
20.06.2011, 18:21
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Fehler, Desktop leer, Windows Rescue... Cookies kannst du eigentlich ignorieren. Entweder wurde bewusst auf diese Seiten gesurft oder du bist durch "schlechte" Suchergebnisse auf solche Seiten gelangt. Es gibt ja auch Seiten die Werbebanner von anderen Domains eingebettet haben und die Cookies werden meist nach Einstellung automatisch angenommen. Zitat:
Das ESET-Tool bitte auch noch ausführen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu HDD Fehler, Desktop leer, Windows Rescue... |
| alternate, audacity, avp.exe, bho, browser, c:\windows\system32\rundll32.exe, call of duty, converter, desktop, desktop leer, druck, error, excel.exe, firefox, flash player, free download, hijack, hijackthis, home, install.exe, kaspersky, langs, logfile, malware, mbamservice.exe, microsoft office word, mozilla thunderbird, mp3, nvidia update, nvlddmkm.sys, office 2007, oldtimer, openvpn, plug-in, realtek, registry, safer networking, searchplugins, security, security update, senden, server, shell32.dll, software, sptd.sys, start menu, super, svchost.exe, system, tastatur, torrent.exe, trojan.fakems, vista, vista recovery, windows, winload toolbar |
Linear-Darstellung
