| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt:Xpack.gen in Skype.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
28.12.2010, 11:57
| #1 |
 |  TR/Crypt:Xpack.gen in Skype.exe Hier ist erstmal der GMER scan (konnte ihn aber nur einmal auf C machen, da er ansonsten immer abgestürzt ist). Ich führe dann jetzt OSAM aus. Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-28 10:45:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: yczqw3t2.exe; Driver: C:\DOKUME~1\X\LOKALE~1\Temp\uwtdipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAllocateVirtualMemory [0xA1C1FFE0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xA1C1FF10]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xA1C1E0E0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xA1C20280]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xA1C1DAB0]
SSDT F7B13E7E ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xA1C1F3B0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xA1C1F4A0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xA1C1D6E0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xA1C1E3B0]
SSDT F7B13E74 ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xA1C208B0]
SSDT F7B13E83 ZwDeleteKey
SSDT F7B13E8D ZwDeleteValueKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateKey [0xA1C1E710]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateValueKey [0xA1C1E7F0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwFsControlFile [0xA1C1D9C0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xA1C22900]
SSDT F7B13E92 ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xA1C1E2F0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xA1C1DF40]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xA1C1E580]
SSDT F7B13E60 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xA1C1D7B0]
SSDT F7B13E65 ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xA1C201A0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xA1C1E8D0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xA1C1E9B0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xA1C1FE40]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xA1C1EEB0]
SSDT F7B13E9C ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xA1C20550]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xA1C20620]
SSDT F7B13E97 ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xA1C1EC40]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xA1C1ED10]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xA1C20370]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xA1C1FD50]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xA1C20980]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSecurityObject [0xA1C20A80]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xA1C1F060]
SSDT F7B13E88 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xA1C1FBA0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xA1C1FC60]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xA1C207D0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xA1C1F890]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xA1C1FA50]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xA1C1F130]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteFile [0xA1C1D8B0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xA1C200C0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80504700 4 Bytes CALL A966E8C6
.text ntkrnlpa.exe!ZwCallbackReturn + 2EA8 80504744 4 Bytes JMP 0C6AE90A
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [A0, FB, C1, A1, 60, FC, C1, ...]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF4FA7000, 0x198FE0, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd6d4d
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015affd6d4d (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@iTunes ??????????B?????????????????C:\WINDOWS\Installer\2cd1ff7.msi?A???????????s????????????????????????????????$??????????t??AppleCare Support???20091109?????????????f???????0??9.0.2.25?}????B?????????????hxxp://www.apple.com/de/support/????F:\iTunes\??????? ???????T??????ei??01805 009 433???9.0.2.25????????????????????? ??????????????????????????????N?????????????????N???????????N??????a??{00020424-0000-0000-C000-000000000046}??????????? ??????????????????????????????N?br?????b??????????????????????{9E93C96F-CF0D-43F6-8BA8-B807A3370712}??0???????????????????????1.c?????? ???????-???????????????? ?????????&???????????????????????????????????IiTunes?????? ??????????????????????????????N?????????????????????????N?????????{00020424-0000-0000-C000-000000000046}??? ??????? ??????????????????????????????N?????????????????N???????????N??????e??{00020424-0000-0000-C000-000000000046}??????? ??????????????????????????????N????????b????????????????0-C0??{9E93C96F-CF0D-43F6-8BA8-B807A3370712}???????????????????n??1.c?????? ?
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@GEAR wrj2b!MWC]I~n*tPfdZOZLy8k=Bk.?0gjLiiedIAAoAE]@ceOAacrz`zqEAC
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@CoreFP hN!z]?!'h(XybGG%lrLW
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@ATL u.'b9VZqf(g6u.Q(31aRw.'b9VZqf(g6u.Q(31aR
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@SyncServices ????????????????????????????????? ????????????????????????????????????????????????????????????????????????????????????????????8????????????e????Apple Mobile Device Support?????????????????????????????????????????????????????????Apple Mobile Device Support?????? ?????????????????????z??????0?2??? ???????????????????AppleMobileDeviceSupport????? ?????????????????????z??????0??????????????????????????????????????????????????????????? ???????????????????????????????*?????????????????????Z.$}Ck,ug(d4M!I%lrLW????? 2?????????????s???AppleMobileDeviceSupport????? ??????????????s???tPWdYa*ug(cNaTJ%lrLWAQVoZa*ug(89)UJ%lrLWUX(aga*ug(M'jZJ%lrLW5j{7Y~6'h(Kh!UO%lrLWdAow`Q'=$@oLjx8S9ImNk&vB8Orq4Ah(%D_!]=ySV}v,XqR!D@NV21E~v*1kw=8v]plh*?x-JP%K%lkt~Do_Jb*ug(iH^&K%lrLW?AppleMobileDeviceSupport???? 2?????????????????AppleMobileDeviceSupport????? ????????????????????v????????????e????????????????????????????????????????????????? *ee ????????????*??s??????????????????????? ???????????????? ????z?????? ????? ?????????????????????8
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@AppleMobileDeviceSupport Z.$}Ck,ug(d4M!I%lrLW
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@MobileDrivers tPWdYa*ug(cNaTJ%lrLWAQVoZa*ug(89)UJ%lrLWUX(aga*ug(M'jZJ%lrLW5j{7Y~6'h(Kh!UO%lrLWdAow`Q'=$@oLjx8S9ImNk&vB8Orq4Ah(%D_!]=ySV}v,XqR!D@NV21E~v*1kw=8v]plh*?x-JP%K%lkt~Do_Jb*ug(iH^&K%lrLW?AppleMobileDeviceSupport
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@CRT_WinSXS _j0,Y]s!Soe8MkbIdFwUv$f.Z@}4G(*9MkbIdFwUv$f.Z@}4G(u8MkbIdFwU%9YbWIfIbe?9MkbIdFwU_j0,Y]s!Sou8MkbIdFwU_j0,Y]s!So*9MkbIdFwU!N0,YT,$So*9MkbIdFwU!N0,YT,$Sou8MkbIdFwUa@0,YF5$So*9MkbIdFwUe?0,Yk5$So*9MkbIdFwU]A0,Yx4$So*9MkbIdFwUe?0,Yk5$Sou8MkbIdFwUa@0,YF5$Sou8MkbIdFwUXB0,YS4$So*9MkbIdFwU]A0,Yx4$Sou8MkbIdFwUTC0,Y*4$So*9MkbIdFwUPD0,Ya3$So*9MkbIdFwUXB0,YS4$Sou8MkbIdFwU&vv.ZiM}F(*9MkbIdFwUTC0,Y*4$Sou8MkbIdFwULE0,Y83$So*9MkbIdFwUPD0,Ya3$Sou8MkbIdFwULE0,Y83$Sou8MkbIdFwUEgn.Z_T*G(*9MkbIdFwUzH^.ZJcAG(*9MkbIdFwU&vv.ZiM}F(u8MkbIdFwUEgn.Z_T*G(u8MkbIdFwU=6U.Z@jJG(*9MkbIdFwUUQ^.ZZ_AG(*9MkbIdFwUzH^.ZJcAG(u8MkbIdFwU=6U.Z@jJG(u8MkbIdFwUUQ^.ZZ_AG(u8MkbIdFwUaZO,H*K2`Ee8MkbIdFwUxp%0Ij`~kV*9MkbIdFwUaZO,H*K2`E*9MkbIdFwU%?O,H~_2`E*9MkbIdFwUg+O,H9h2`E*9MkbIdFwUc,O,Hog2`E*9MkbIdFwU_-O,HJg2`E*9MkbIdFwUZ.O,H}f2`E*9MkbIdFwUV0O,HWf2`E*9MkbIdFwUR1O,H.f2`E*9MkbIdFwUN2O,Hee2`E*9MkbIdFwU(g70I8-kkV*9MkbIdFwUGW.0I-5tkV*9MkbIdFwU}5y.ItF+lV*9MkbIdFwU@&q.IjM5lV*9MkbIdFwUWBy.I)C+lV*9MkbIdFwU?AppleMobileDeviceSupport
---- EOF - GMER 1.0.15 ----
|
|
28.12.2010, 12:15
| #2 |
| | TR/Crypt:Xpack.gen in Skype.exe Hier ist der OSAM log
__________________Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:14:08 on 28.12.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "CognizanceWS" - "Cognizance Corporation" - C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\Settings.dll "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "afwcore" (afwcore) - "Agnitum Ltd." - C:\WINDOWS\System32\drivers\afwcore.sys "Agnitum firewall driver" (afw) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\afw.sys "ASWFilt" (ASWFilt) - "Agnitum Ltd." - C:\WINDOWS\System32\Filt\ASWFilt.dll "ATI Function Driver for HDMI Service" (AtiHdmiService) - "ATI Research Inc." - C:\WINDOWS\System32\drivers\AtiHdmi.sys "ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "CP2101 USB Composite Device driver (WDM)" (slabbus) - ? - C:\WINDOWS\System32\DRIVERS\slabbus.sys (File not found) "CP210x USB to UART Bridge Controller Drivers" (slabser) - ? - C:\WINDOWS\System32\DRIVERS\slabser.sys (File not found) "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "ITECIR Infrared Receiver" (itecir) - "ITE Tech. Inc. " - C:\WINDOWS\System32\DRIVERS\itecir.sys "Keyboard Filter" (kbfiltr) - " " - C:\WINDOWS\System32\DRIVERS\kbfiltr.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SandBox" (SandBox) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\SandBox.sys "SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\WINDOWS\system32\drivers\SCDEmu.sys "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Synaptics TouchPad Driver" (SynTP) - "Synaptics, Inc." - C:\WINDOWS\System32\DRIVERS\SynTP.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "{95808DC4-FA4A-4c74-92FE-5B863F82066B}" ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\VISSHE.DLL {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll {8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\system32\erasext.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - F:\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office 2007\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Programme\PowerISO\PWRISOSH.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - "Synaptics, Inc." - C:\Programme\Synaptics\SynTP\SynTPCpl.dll {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Programme\TeraCopy\TeraCopy.dll (File found, but it contains no detailed information) {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Programme\TeraCopy\TeraCopyExt.dll (File found, but it contains no detailed information) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRar\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {A1A7E22D-1587-4230-8F16-081C68D21448} "Quick Tune" - "Agnitum Ltd." - C:\Programme\Agnitum\Outpost\ie_bar.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- 55963676-2F5E-4BAF-AC28-CF26AA587566 "55963676-2F5E-4BAF-AC28-CF26AA587566" - ? - (File not found | COM-object registry key not found) / vpnweb.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} "MUCatalogWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll / hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285851806468 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262448071296 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=58813 {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {6FE6A929-59D1-4763-91AD-29B61CFFB35B} "An Mindjet MindManager senden" - "Mindjet" - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll {07A11D74-9D25-4fea-A833-8B0D76A5577A} "An Mindjet MindManager senden" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {A1A7E22D-1587-4230-8F16-081C68D21448} "Outpost Firewall Pro Quick Tune" - "Agnitum Ltd." - C:\Programme\Agnitum\Outpost\ie_bar.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DF21F1DB-80C6-11D3-9483-B03D0EC10000} "ASUS Security Protect Manager" - "Bioscrypt Inc." - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll {07A11D74-9D25-4fea-A833-8B0D76A5577A} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll {6FE6A929-59D1-4763-91AD-29B61CFFB35B} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\X\Startmenü\Programme\Autostart\desktop.ini "OneNote 2007 Screen Clipper and Launcher.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office 2007\Office12\ONENOTEM.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "TrueCrypt" - "TrueCrypt Foundation" - "C:\Programme\Ud\Ud.exe" /q preferences /a favorites -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "OutpostMonitor" - "Agnitum Ltd." - "C:\PROGRA~1\Agnitum\Outpost\op_mon.exe" /tray /noservice [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "ASUS Security Protect Manager" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AdeonaClientService" (AdeonaClientService) - ? - C:\Programme\Dell\cygrunsrv.exe (File found, but it contains no detailed information) "Agnitum Client Security Service" (acssrv) - "Agnitum Ltd." - C:\PROGRA~1\Agnitum\Outpost\acs.exe "Anmeldesitzungsbroker" (ASBroker) - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "CLCV0" (UTSCSI) - ? - C:\WINDOWS\system32\UTSCSI.EXE "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "getPlus(R) Helper" (getPlusHelper) - ? - C:\Programme\NOS\bin\getPlus_Helper.dll (File not found) "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lokaler Verbindungskanal" (ASChannel) - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll "LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe "LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\bin\ocgina.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCard.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll "OneCard" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Und hier der MBRCheck Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7357000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7346000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7327000 ftdisk.sys
0xF798B000 dmload.sys
0xF7301000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72E9000 atapi.sys
0xF7717000 cercsr6.sys
0xF72D1000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72B1000 fltmgr.sys
0xF729F000 sr.sys
0xF74F7000 PxHelp20.sys
0xF7288000 KSecDD.sys
0xF71FB000 Ntfs.sys
0xF71CE000 NDIS.sys
0xF798D000 speedfan.sys
0xF71A6000 snapman.sys
0xF718C000 Mup.sys
0xF7A51000 giveio.sys
0xF5534000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF4F5C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF4F48000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF4F20000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7767000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF4EFC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5524000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF4EE8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF4ED7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF4EC3000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF4E71000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7617000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF79EB000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0xF777F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF4E40000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79F1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7627000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF4DC4000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF7857000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF4D6C000 \SystemRoot\system32\DRIVERS\itecir.sys
0xF7637000 \SystemRoot\system32\DRIVERS\IFXTPM.SYS
0xF7647000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF69AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF699C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF4D49000 \SystemRoot\system32\DRIVERS\ks.sys
0xF785F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7154000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0xF7867000 \SystemRoot\system32\DRIVERS\afw.sys
0xF4D09000 \SystemRoot\system32\drivers\afwcore.sys
0xF77BF000 \SystemRoot\system32\drivers\TDI.SYS
0xF7BD5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF693C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7144000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF4CF2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF55B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF692C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF4CE1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7847000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF4CB1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A05000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF4C53000 \SystemRoot\system32\DRIVERS\update.sys
0xF7134000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76A7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE47B000 \SystemRoot\system32\drivers\RtHDMI.sys
0xAE457000 \SystemRoot\system32\drivers\portcls.sys
0xF7587000 \SystemRoot\system32\drivers\drmk.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xADD9C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xADC4A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF77D7000 \SystemRoot\System32\Drivers\Modem.SYS
0xADBB1000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7A4B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A7C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A4D000 \SystemRoot\System32\Drivers\Beep.SYS
0xAB438000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAB430000 \SystemRoot\System32\drivers\vga.sys
0xF798F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7991000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB428000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB420000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAB7DC000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAAD60000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAAD07000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAACDF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAACB9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAB51E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAAC97000 \SystemRoot\System32\drivers\afd.sys
0xAB4FE000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAB4EE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA6582000 \SystemRoot\System32\drivers\truecrypt.sys
0xA3455000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0xAB5CD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF77A7000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA33A9000 \SystemRoot\system32\DRIVERS\SandBox.sys
0xF4C0B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA34E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA34D8000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xA31F8000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xA34C8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xA3DCB000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xAB760000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA3488000 \SystemRoot\system32\Filt\ASWFilt.dll
0xA31CD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA315D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xACCAF000 \SystemRoot\System32\Drivers\Fips.SYS
0xA3137000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF799F000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xA3113000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA44D1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77FF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B0C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF061000 \SystemRoot\System32\ati2cqag.dll
0xBF0E9000 \SystemRoot\System32\atikvmag.dll
0xBF14F000 \SystemRoot\System32\atiok3x2.dll
0xBF18F000 \SystemRoot\System32\ati3duag.dll
0xBF4E6000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA0EC5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA6663000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0D58000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAD910000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA0C60000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79A1000 \??\C:\Programme\CyberLink\PowerDVD\000.fcl
0xA0953000 \SystemRoot\system32\drivers\wdmaud.sys
0xA0B50000 \SystemRoot\system32\drivers\sysaudio.sys
0xA0151000 \SystemRoot\System32\Drivers\HTTP.sys
0x9FB40000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 37):
0 System Idle Process
4 System
964 C:\WINDOWS\system32\smss.exe
1064 csrss.exe
1108 C:\WINDOWS\system32\winlogon.exe
1152 C:\WINDOWS\system32\services.exe
1164 C:\WINDOWS\system32\lsass.exe
1340 C:\WINDOWS\system32\svchost.exe
1380 C:\WINDOWS\system32\ati2evxx.exe
1400 C:\WINDOWS\system32\svchost.exe
1580 svchost.exe
1620 C:\WINDOWS\system32\svchost.exe
1676 svchost.exe
1708 svchost.exe
1788 C:\WINDOWS\system32\ati2evxx.exe
1852 C:\WINDOWS\system32\spoolsv.exe
1892 C:\Programme\Avira\AntiVir Desktop\sched.exe
276 svchost.exe
496 C:\WINDOWS\system32\agrsmsvc.exe
532 C:\Programme\Avira\AntiVir Desktop\avguard.exe
728 C:\Programme\Java\jre6\bin\jqs.exe
788 C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
792 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1028 C:\WINDOWS\system32\snmp.exe
1068 C:\WINDOWS\system32\svchost.exe
1428 C:\WINDOWS\system32\UTSCSI.EXE
2440 C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
2672 C:\WINDOWS\explorer.exe
3100 scardsvr.exe
3228 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3356 C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
3600 alg.exe
328 C:\WINDOWS\system32\wscntfy.exe
2680 C:\WINDOWS\system32\svchost.exe
1256 C:\Dokumente und Einstellungen\X\Desktop\osam_autorun_manager_5_0_portable\osam.exe
3940 C:\Programme\Opera\opera.exe
3408 C:\Dokumente und Einstellungen\X\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71140000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`35154000
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000031`b5143e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000003e`1d615e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
|
| Themen zu TR/Crypt:Xpack.gen in Skype.exe |
| 0x00000001, adblock, antivir, antivir guard, avgntflt.sys, avira, converter, desktop, device driver, entfernen, error, excel, fatal error, feedback, firefox, firefox.exe, flash player, hijack, hijackthis, hkus\s-1-5-18, homepage, internet browser, kaspersky, location, microsoft office 2003, microsoft office word, mp3, nemesis, office 2007, oldtimer, opera.exe, otl scan, otl.exe, plug-in, poweriso, preferences, realtek, safer networking, schattenkopien, searchplugins, security, security update, senden, server, shell32.dll, skype.exe, software, system restore, tr/crypt, tr/crypt:xpack.gen, updates, usb 2.0, vlc media player, windows, windows internet, windows xp, wma, wörter, xpack.gen |
Hybrid-Darstellung
