Zitat:
Zitat von
cosinus Hab ich behauptet wir seien fertig?
tschuldige, dachte nur weil ich combofix schon benutzt hab
den
GMER log kann ich noch nachreichen wenn er wichtig ist (wollte grad den PC nicht neustarten und Internetverbindung kappen und so)
Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:04:59 on 12.11.2010
OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.12
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1226351843-3028240923-2621857280-1005Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\MSI\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1226351843-3028240923-2621857280-1005UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\MSI\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
"trueprint.cpl" - "AuthenTec, Inc." - C:\WINDOWS\system32\trueprint.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a92ofcu8" (a92ofcu8) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a92ofcu8.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\MSI\LOKALE~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"FLASHSYS" (FLASHSYS) - ? - C:\Programme\MSI\Live Update 4\LU4\FLASHSYS.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MGHwCtrl" (MGHwCtrl) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\MGHwCtrl.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PdaNet Modem" (pnetmdm) - "June Fabrics Technology" - C:\WINDOWS\System32\DRIVERS\pnetmdm.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File found, but it contains no detailed information)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7" - "ICQ, LLC." - C:\Programme\ICQ7.0\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\MSI\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Pro Agent" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Pro\DTAgent.exe" -autorun
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\MSI\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"ooVoo.exe" - "ooVoo LLC" - C:\Programme\ooVoo\oovoo.exe /minimized
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe" (File found, but it contains no detailed information)
"Steam" - "Valve Corporation" - "c:\programme\steam\steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"MGSysCtrl" - "MSI" - C:\Programme\System Control Manager\MGSysCtrl.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"DeviceMonitorService" (DeviceMonitorService) - "Nero AG" - C:\Programme\Motorola Media Link\NServiceEntry.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
"O2Micro Flash Memory" (O2Flash) - ? - C:\WINDOWS\system32\o2flash.exe (File found, but it contains no detailed information)
"SCM Driver Daemon" (NishService) - ? - C:\Programme\System Control Manager\edd.exe (File found, but it contains no detailed information)
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
Alles auswählen Aufklappen ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\TUKERNEL.EXE
0x80720000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74DD000 spxr.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74C5000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7496000 ACPI.sys
0xF7485000 pci.sys
0xF75F7000 ohci1394.sys
0xF7607000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7617000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7869000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF784A000 ftdisk.sys
0xF798B000 dmload.sys
0xF7961000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF7832000 atapi.sys
0xF7717000 o2sd.sys
0xF7647000 o2media.sys
0xF7657000 disk.sys
0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB8741000 fltMgr.sys
0xB872F000 sr.sys
0xF7677000 PxHelp20.sys
0xB8718000 KSecDD.sys
0xB868B000 Ntfs.sys
0xB865E000 NDIS.sys
0xB8643000 Mup.sys
0xF7465000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB7E94000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB789D000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7889000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7435000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7947000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB7866000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7425000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7415000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7405000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB77A3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7887000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB7769000 \SystemRoot\system32\DRIVERS\RT2500.sys
0xB7744000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7048000 \SystemRoot\System32\Drivers\a92ofcu8.SYS
0xF7797000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0xB87C0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7A7B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB87B0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8603000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7027000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB87A0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8790000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF779F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7016000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8780000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6FA9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8770000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6ED5000 \SystemRoot\system32\DRIVERS\update.sys
0xB85D3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8760000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB4524000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB4502000 \SystemRoot\system32\drivers\portcls.sys
0xF76D7000 \SystemRoot\system32\drivers\drmk.sys
0xB43EA000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xB771B000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79D9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AB2000 \SystemRoot\System32\Drivers\Null.SYS
0xF79DB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77EF000 \SystemRoot\System32\drivers\vga.sys
0xF79DD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79DF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77F7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77FF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6FFA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4299000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4241000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4219000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB41F7000 \SystemRoot\System32\drivers\afd.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7817000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB41D6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7846000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7727000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB41AB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7826000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB4114000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB7816000 \SystemRoot\System32\Drivers\Fips.SYS
0xB40F1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79E5000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF778F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB77F6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB40DD000 \SystemRoot\System32\Drivers\usbvideo.sys
0xB40C5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79F9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB43CA000 \SystemRoot\System32\drivers\Dxapi.sys
0xB433E000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB700D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3C0F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB3BFF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3902000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3A3F000 \SystemRoot\system32\drivers\sysaudio.sys
0xB35F2000 \SystemRoot\System32\Drivers\HTTP.sys
0xB33BB000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4316000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB85C3000 \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xB2981000 \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys
0xB341E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3113000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB266B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB16B6000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Pro\Engine.dll
Processes (total 61):
0 System Idle Process
4 System
860 C:\WINDOWS\system32\smss.exe
1008 csrss.exe
1212 C:\WINDOWS\system32\winlogon.exe
1304 C:\WINDOWS\system32\services.exe
1316 C:\WINDOWS\system32\lsass.exe
1552 C:\WINDOWS\system32\svchost.exe
1624 svchost.exe
1800 C:\WINDOWS\system32\svchost.exe
1944 svchost.exe
276 svchost.exe
568 C:\WINDOWS\system32\spoolsv.exe
604 C:\Programme\Avira\AntiVir Desktop\sched.exe
1068 C:\WINDOWS\explorer.exe
1692 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1744 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1860 C:\Programme\Bonjour\mDNSResponder.exe
1932 svchost.exe
1988 C:\Programme\Motorola Media Link\NServiceEntry.exe
204 C:\WINDOWS\ehome\ehrecvr.exe
488 C:\WINDOWS\ehome\ehSched.exe
628 C:\Programme\ICQ6Toolbar\ICQ Service.exe
744 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1128 C:\Programme\Java\jre6\bin\jqs.exe
1268 C:\WINDOWS\ehome\ehtray.exe
1676 C:\Programme\System Control Manager\edd.exe
1044 C:\WINDOWS\system32\nvsvc32.exe
316 C:\WINDOWS\system32\o2flash.exe
664 svchost.exe
708 C:\WINDOWS\system32\svchost.exe
912 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
1560 mcrdsvc.exe
3684 C:\WINDOWS\system32\wscntfy.exe
3936 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
208 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3632 C:\WINDOWS\ehome\ehmsas.exe
3816 C:\WINDOWS\system32\rundll32.exe
3836 C:\WINDOWS\AGRSMMSG.exe
3976 C:\Programme\System Control Manager\MGSysCtrl.exe
4036 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
404 C:\WINDOWS\vsnp2std.exe
476 C:\WINDOWS\system32\dllhost.exe
892 C:\WINDOWS\RTHDCPL.exe
1476 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2064 alg.exe
2744 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2924 C:\Programme\iTunes\iTunesHelper.exe
3056 C:\Programme\DivX\DivX Update\DivXUpdate.exe
3084 C:\Programme\RocketDock\RocketDock.exe
3348 C:\Programme\Windows Live\Messenger\msnmsgr.exe
3744 C:\Programme\Steam\steam.exe
2196 C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
3812 C:\Programme\iPod\bin\iPodService.exe
1660 C:\Programme\Mozilla Firefox\firefox.exe
3676 C:\Programme\Mozilla Firefox\plugin-container.exe
2380 C:\Programme\iTunes\iTunes.exe
772 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
2540 C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe
2912 C:\Programme\ooVoo\ooVoo.exe
1440 C:\Dokumente und Einstellungen\MSI\Eigene Dateien\Downloads\MBRCheck(2).exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000e`b440fc00 (NTFS)
PhysicalDrive0 Model Number: FUJITSUMHV2120BHPL, Rev: 00000029
Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E23806C2F0D027B8B01E88B1FEB78C4E6CEA7A07
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
__________________
12.11.2010, 18:49
Hybrid-Darstellung
