Firefox öffnet neue Tabs mit Werbung Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-03 15:51:38
Windows 6.1.7600
Running: y5cmvqwg.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uglcypod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C393F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C222D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C391DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C396F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C39F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81C3A1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 81C8B8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 81CAB3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spax.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE PCIIDEX.SYS!DllUnload 8B874606 5 Bytes JMP 843E41D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9002D000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 9067FCA0 5 Bytes JMP 8562A1D8
.text peauth.sys 98D52C9D 28 Bytes CALL B25C1097
.text peauth.sys 98D52CC1 28 Bytes CALL B25C10BB
PAGE peauth.sys 98D58E20 101 Bytes [89, 23, 70, C3, 8B, 24, CC, ...]
PAGE peauth.sys 98D5902C 102 Bytes [10, 80, AB, 08, 86, 56, C7, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 98E2C000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 98E2C123 629 Bytes [75, E2, 98, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 98E2C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 98E2C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 98E2C4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1552] SHELL32.dll!SHFileOperationW 765D9708 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [8B64CECE] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8B64CF22] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B61F90E] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B61FF9C] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8B61F3E6] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B620178] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B61F1D4] \SystemRoot\System32\Drivers\spax.sys
IAT \SystemRoot\system32\DRIVERS\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 843E15B8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 850A41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977} 855B61F8
Device \Driver\volmgr \Device\VolMgrControl 843E31F8
Device \Driver\usbuhci \Device\USBPDO-0 856361F8
Device \Driver\PCI_PNP5360 \Device\00000051 spax.sys
Device \Driver\usbuhci \Device\USBPDO-1 856361F8
Device \Driver\usbehci \Device\USBPDO-2 85628470
Device \Driver\usbuhci \Device\USBPDO-3 856361F8
Device \Driver\usbuhci \Device\USBPDO-4 856361F8
Device \Driver\usbuhci \Device\USBPDO-5 856361F8
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-6 856361F8
Device \Driver\volmgr \Device\HarddiskVolume1 843E31F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 85628470
Device \Driver\volmgr \Device\HarddiskVolume2 843E31F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 85518470
Device \Driver\cdrom \Device\CdRom1 85518470
Device \Driver\atapi \Device\Ide\IdePort0 843E61F8
Device \Driver\atapi \Device\Ide\IdePort1 843E61F8
Device \Driver\atapi \Device\Ide\IdePort2 843E61F8
Device \Driver\atapi \Device\Ide\IdePort3 843E61F8
Device \Driver\atapi \Device\Ide\IdePort4 843E61F8
Device \Driver\atapi \Device\Ide\IdePort5 843E61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 843E61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 843E61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6 843E61F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 855B61F8
Device \Driver\sptd \Device\3167720360 spax.sys
Device \Driver\usbuhci \Device\USBFDO-0 856361F8
Device \Driver\usbuhci \Device\USBFDO-1 856361F8
Device \Driver\usbehci \Device\USBFDO-2 85628470
Device \Driver\NetBT \Device\NetBT_Tcpip_{90CD409F-4B02-4458-AEF5-9A1D58AC1267} 855B61F8
Device \Driver\usbuhci \Device\USBFDO-3 856361F8
Device \Driver\usbuhci \Device\USBFDO-4 856361F8
Device \Driver\usbuhci \Device\USBFDO-5 856361F8
Device \Driver\usbuhci \Device\USBFDO-6 856361F8
Device \Driver\usbehci \Device\USBFDO-7 85628470
Device \Driver\adc0rn5f \Device\Scsi\adc0rn5f1Port6Path0Target0Lun0 857061F8
Device \Driver\adc0rn5f \Device\Scsi\adc0rn5f1 857061F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{32C17511-1BC4-49D3-A99D-7A78BB541D10}\Connection@Name isatap.{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{32C17511-1BC4-49D3-A99D-7A78BB541D10}?\Device\{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{32C17511-1BC4-49D3-A99D-7A78BB541D10}"?"{10A19763-DD68-4591-A1FB-9D453A2DB415}"?"{BC8E02EB-F09F-4B82-93F7-7018E9217252}"?"{C4E288D5-8521-4920-9292-2D30DAE4634C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{32C17511-1BC4-49D3-A99D-7A78BB541D10}?\Device\TCPIP6TUNNEL_{10A19763-DD68-4591-A1FB-9D453A2DB415}?\Device\TCPIP6TUNNEL_{BC8E02EB-F09F-4B82-93F7-7018E9217252}?\Device\TCPIP6TUNNEL_{C4E288D5-8521-4920-9292-2D30DAE4634C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{32C17511-1BC4-49D3-A99D-7A78BB541D10}@InterfaceName isatap.{CBF43A7E-EE3A-43D7-892E-DF7CDC6FF977}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{32C17511-1BC4-49D3-A99D-7A78BB541D10}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge 1
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Mo?, ?Mai ?03 ?10, 01:45:44???????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 5205
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2549
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x2F 0xE7 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x0C 0xFC 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x2F 0xE7 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xE5 0x38 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x0C 0xFC 0x93 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 06CD48B22DF6FA5CF2C020EDA912256D8D096951455A2FF4156D54C2F47D7FF9C442383BC6631CB31938A69869A4404810FD88433ED808568BAFCCA1F7AB9CD5B598A65DD0C383C002C35A79CCFDF212305B20B20977368EEDD70D3924DE27E77B8497AFA8A4B1A3E94D9F8318F0EB56655F1412756A3E390C1A9997EF501479DDCE517B0EE3AAF0B2521FDF739EE11B48DD0E04B53B2364583EBDFEB710D8C5C8D2DF4126B5F532E0E3C3686F800BD217BCFBE15F476E93699D0864BBFE6F7C4C0211B2F79F1EE49CA7BEACFA61A6E9B3F40F376C3EAF3DFB2A49F19C5257C11C5FF9B6F07DB479B35583F06C6174BCA495FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794A6A0AC4980AC793337395FC060B9B8CA946D55454998C526EA5A4C18E45D4A00AF0C44BD131B52BC8A16018798D08C72DB65838F359A118762E1A70048443B2963E93EAA87249680EF1242F2C84B594EADB91F045179EA463970795C46F3033D8F2C9EA41A19543113CA6A5618D1C1911767D33AF7CDAEE5FB0078A8898F57B8E16945AA64C7385E639320D8B2811080671EB49D06A1E081FCBB40B7BFAF922ACC6A751384F5192D9372EFF4476CAF753340B66E5AF025C8D184CC2C195E343586AC57091E5
---- EOF - GMER 1.0.15 ----
Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:51:04 on 03.05.2010
OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe
[Common]
-----( %SystemRoot%\Tasks )-----
"At1.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At10.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At11.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At12.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At13.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At14.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At15.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At16.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At17.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At18.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At19.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At2.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At20.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At21.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At22.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At23.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At24.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At25.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At26.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At27.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At28.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At29.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At3.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At30.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At31.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At32.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At33.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At34.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At35.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At36.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At37.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At38.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At39.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At4.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At40.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At41.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At42.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At43.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At44.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At45.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At46.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At47.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At48.job" - ? - C:\ProgramData\u5h37uF1.exe (File not found)
"At5.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At6.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At7.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At8.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"At9.job" - ? - C:\Windows\Fonts\0reM8I.com (File not found)
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adc0rn5f" (adc0rn5f) - "Advanced Micro Devices" - C:\Windows\system32\drivers\adc0rn5f.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Mario\AppData\Local\Temp\catchme.sys (File not found)
"ijrrq" (ijrrq) - ? - C:\Windows\system32\drivers\ijrrq.sys (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"OHCI-konformer 1394-Hostcontroller" (1394ohci) - ? - C:\Windows\system32\DRIVERS\1394ohci.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"uglcypod" (uglcypod) - ? - C:\Users\Mario\AppData\Local\Temp\uglcypod.sys (Hidden registry entry, rootkit activity | File not found)
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" - "O&O Software GmbH" - C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"UnlockerAssistant" - ? - "C:\Program Files\Unlocker\UnlockerAssistant .exe" (File found, but it contains no detailed information)
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Oki OPDMN094 Language Monitor" - "Oki Data Corporation" - C:\Windows\system32\Opdmn094.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"N" (N) - ? - C:\Users\Mario\AppData\Local\Temp\N.exe (File not found)
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Program Files\OO Software\Defrag\oodag.exe
"OZAMLPV" (OZAMLPV) - ? - C:\Users\Mario\AppData\Local\Temp\OZAMLPV.exe (File not found)
"QSIQQP" (QSIQQP) - ? - C:\Users\Mario\AppData\Local\Temp\QSIQQP.exe (File not found)
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
03.05.2010, 14:52
Hybrid-Darstellung
