| |
| |||||||
Log-Analyse und Auswertung: Google verlinkt auf teils anstößige Seiten.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.03.2011, 15:28
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Google verlinkt auf teils anstößige Seiten. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2011, 15:57
| #17 |
 | Google verlinkt auf teils anstößige Seiten. Okay habe das Kaspersky Tool ausgeführt. Also das obere, den Rest nicht. Es wurde aber nichts gefunden, hier das Log:
__________________Code:
ATTFilter 2011/03/24 05:58:40.0015 6092 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 05:58:40.0421 6092 ================================================================================
2011/03/24 05:58:40.0421 6092 SystemInfo:
2011/03/24 05:58:40.0421 6092
2011/03/24 05:58:40.0421 6092 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/24 05:58:40.0421 6092 Product type: Workstation
2011/03/24 05:58:40.0421 6092 ComputerName: *****
2011/03/24 05:58:40.0421 6092 UserName: Besitzer
2011/03/24 05:58:40.0421 6092 Windows directory: C:\WINDOWS
2011/03/24 05:58:40.0421 6092 System windows directory: C:\WINDOWS
2011/03/24 05:58:40.0421 6092 Processor architecture: Intel x86
2011/03/24 05:58:40.0421 6092 Number of processors: 1
2011/03/24 05:58:40.0421 6092 Page size: 0x1000
2011/03/24 05:58:40.0421 6092 Boot type: Normal boot
2011/03/24 05:58:40.0421 6092 ================================================================================
2011/03/24 05:58:41.0109 6092 Initialize success
2011/03/24 05:58:53.0062 1520 ================================================================================
2011/03/24 05:58:53.0062 1520 Scan started
2011/03/24 05:58:53.0062 1520 Mode: Manual;
2011/03/24 05:58:53.0062 1520 ================================================================================
2011/03/24 05:58:54.0687 1520 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/24 05:58:54.0812 1520 aadev (96ac285c7c13e23df3428e7dc0ba13ae) C:\WINDOWS\system32\DRIVERS\aadev.sys
2011/03/24 05:58:55.0078 1520 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\WINDOWS\system32\drivers\acedrv11.sys
2011/03/24 05:58:55.0281 1520 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/24 05:58:55.0375 1520 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/24 05:58:55.0515 1520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/24 05:58:55.0687 1520 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/24 05:58:56.0000 1520 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/24 05:58:56.0437 1520 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/24 05:58:56.0671 1520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/24 05:58:56.0765 1520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/24 05:58:56.0921 1520 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/03/24 05:58:57.0078 1520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/24 05:58:57.0187 1520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/24 05:58:57.0281 1520 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/24 05:58:57.0593 1520 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/03/24 05:58:57.0828 1520 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/24 05:58:57.0906 1520 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/24 05:58:58.0015 1520 AVMUNET (236508d337c46e4152e38d4778cf50df) C:\WINDOWS\system32\DRIVERS\avmunet.sys
2011/03/24 05:58:58.0109 1520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/24 05:58:58.0218 1520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/24 05:58:58.0343 1520 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/24 05:58:58.0484 1520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/24 05:58:58.0562 1520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/24 05:58:58.0765 1520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/24 05:58:59.0140 1520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/24 05:58:59.0265 1520 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/24 05:58:59.0468 1520 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/24 05:58:59.0593 1520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/24 05:58:59.0703 1520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/24 05:58:59.0890 1520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/24 05:59:00.0046 1520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/24 05:59:00.0171 1520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/24 05:59:00.0250 1520 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/24 05:59:00.0359 1520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/24 05:59:00.0468 1520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/24 05:59:00.0562 1520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/24 05:59:00.0656 1520 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/24 05:59:00.0765 1520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/24 05:59:00.0875 1520 GVCplDrv (f22bf7f345df95c09942951246aaa28d) C:\WINDOWS\system32\drivers\GVCplDrv.sys
2011/03/24 05:59:00.0984 1520 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/03/24 05:59:01.0093 1520 hidev4iu (2f706a832b41807ec82c31e621558afb) C:\WINDOWS\system32\drivers\hidev4iu.sys
2011/03/24 05:59:01.0265 1520 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/24 05:59:01.0453 1520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/24 05:59:01.0718 1520 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/24 05:59:01.0843 1520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/24 05:59:02.0062 1520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/24 05:59:02.0171 1520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/24 05:59:02.0296 1520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/24 05:59:02.0375 1520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/24 05:59:02.0515 1520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/24 05:59:02.0625 1520 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/24 05:59:02.0765 1520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/24 05:59:02.0843 1520 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/03/24 05:59:02.0953 1520 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/24 05:59:03.0062 1520 k510bus (b1fe6feac5a501c89057a69c9f5e9d1f) C:\WINDOWS\system32\DRIVERS\k510bus.sys
2011/03/24 05:59:03.0171 1520 k510mdfl (7a4ecca08560e8ff330acaa4128af7b0) C:\WINDOWS\system32\DRIVERS\k510mdfl.sys
2011/03/24 05:59:03.0265 1520 k510mdm (094d532b727030c3b8b6bd3b743d9526) C:\WINDOWS\system32\DRIVERS\k510mdm.sys
2011/03/24 05:59:03.0390 1520 k510mgmt (ad67bfa00ba39c65551338ee001cdddd) C:\WINDOWS\system32\DRIVERS\k510mgmt.sys
2011/03/24 05:59:03.0515 1520 k510obex (7d5094b00a47d871a48d035beb3a0922) C:\WINDOWS\system32\DRIVERS\k510obex.sys
2011/03/24 05:59:03.0875 1520 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/24 05:59:03.0968 1520 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/24 05:59:04.0093 1520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/24 05:59:04.0218 1520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/24 05:59:04.0437 1520 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/03/24 05:59:04.0515 1520 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/03/24 05:59:04.0656 1520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/24 05:59:04.0750 1520 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/24 05:59:04.0843 1520 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/24 05:59:04.0937 1520 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/24 05:59:05.0062 1520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/24 05:59:05.0187 1520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/24 05:59:05.0328 1520 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/24 05:59:05.0515 1520 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/24 05:59:05.0593 1520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/24 05:59:05.0656 1520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/24 05:59:05.0765 1520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/24 05:59:05.0859 1520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/24 05:59:05.0953 1520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/24 05:59:06.0046 1520 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/24 05:59:06.0125 1520 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/24 05:59:06.0250 1520 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/24 05:59:06.0343 1520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/24 05:59:06.0484 1520 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/24 05:59:06.0546 1520 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/24 05:59:06.0640 1520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/24 05:59:06.0750 1520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/24 05:59:06.0828 1520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/24 05:59:06.0921 1520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/24 05:59:07.0015 1520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/24 05:59:07.0156 1520 NETDSL (1f1acda3cbb76ef5ce28f3d8a2d08272) C:\WINDOWS\system32\DRIVERS\netdsl.sys
2011/03/24 05:59:07.0250 1520 NETFWDSL (998e0d45edf780d4ff52d862926f148e) C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS
2011/03/24 05:59:07.0406 1520 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/24 05:59:07.0531 1520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/24 05:59:07.0625 1520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/24 05:59:07.0765 1520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/24 05:59:08.0031 1520 nv (07e25fe08344021091f000d84611a2ab) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/24 05:59:08.0484 1520 nvatabus (eeabd98aa887dd923546f20d400b2907) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/03/24 05:59:08.0546 1520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/24 05:59:08.0625 1520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/24 05:59:08.0734 1520 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/24 05:59:08.0859 1520 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/24 05:59:08.0968 1520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/24 05:59:09.0015 1520 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/24 05:59:09.0093 1520 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/24 05:59:09.0265 1520 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/24 05:59:09.0343 1520 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/24 05:59:09.0937 1520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/24 05:59:10.0031 1520 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/24 05:59:10.0171 1520 prodrv06 (6d3b2fc5dec2f59b28fe5fa17250a7b0) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/03/24 05:59:10.0421 1520 prohlp02 (c5f47b7ec2ec906847d5f80ba779a5bd) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/03/24 05:59:10.0500 1520 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
2011/03/24 05:59:10.0593 1520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/24 05:59:10.0671 1520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/24 05:59:10.0796 1520 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/24 05:59:11.0125 1520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/24 05:59:11.0234 1520 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/24 05:59:11.0328 1520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/24 05:59:11.0421 1520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/24 05:59:11.0562 1520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/24 05:59:11.0671 1520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/24 05:59:11.0796 1520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/24 05:59:11.0906 1520 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/24 05:59:12.0015 1520 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/24 05:59:12.0109 1520 RRNetCap (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2011/03/24 05:59:12.0140 1520 RRNetCapMP (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2011/03/24 05:59:12.0265 1520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/24 05:59:12.0375 1520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/24 05:59:12.0640 1520 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/24 05:59:12.0875 1520 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/03/24 05:59:12.0968 1520 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/03/24 05:59:13.0062 1520 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/03/24 05:59:13.0156 1520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/24 05:59:13.0265 1520 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/03/24 05:59:13.0390 1520 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2011/03/24 05:59:13.0515 1520 SI3114 (a812952a87f629d29393574d05c2c6ec) C:\WINDOWS\system32\DRIVERS\SI3114.sys
2011/03/24 05:59:13.0625 1520 Si3114r5 (247e354f949d836f34be9b1221cd686b) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
2011/03/24 05:59:13.0703 1520 SiFilter (8b6f455f10735aace4cdc4b863ab362f) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/03/24 05:59:13.0843 1520 SiRemFil (5fe93c0b54009f5f6f7aec9bbb9855c2) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2011/03/24 05:59:13.0953 1520 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/24 05:59:14.0078 1520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/24 05:59:14.0203 1520 sptd (4e3c4ffcb2c95c2ec1fa04a6f4531533) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/24 05:59:14.0203 1520 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4e3c4ffcb2c95c2ec1fa04a6f4531533
2011/03/24 05:59:14.0218 1520 sptd - detected Locked file (1)
2011/03/24 05:59:14.0296 1520 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/24 05:59:14.0437 1520 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/24 05:59:14.0609 1520 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/03/24 05:59:14.0718 1520 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/03/24 05:59:14.0828 1520 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/03/24 05:59:14.0906 1520 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/24 05:59:15.0046 1520 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/03/24 05:59:15.0156 1520 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/24 05:59:15.0234 1520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/24 05:59:15.0328 1520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/24 05:59:15.0703 1520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/24 05:59:15.0828 1520 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/03/24 05:59:15.0937 1520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/24 05:59:16.0078 1520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/24 05:59:16.0140 1520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/24 05:59:16.0218 1520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/24 05:59:16.0406 1520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/24 05:59:16.0609 1520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/24 05:59:16.0765 1520 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/24 05:59:16.0843 1520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/24 05:59:16.0968 1520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/24 05:59:17.0046 1520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/24 05:59:17.0156 1520 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/24 05:59:17.0250 1520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/24 05:59:17.0328 1520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/24 05:59:17.0421 1520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/24 05:59:17.0546 1520 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/24 05:59:17.0671 1520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/24 05:59:17.0875 1520 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/24 05:59:18.0015 1520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/24 05:59:18.0140 1520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/24 05:59:18.0312 1520 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/24 05:59:18.0406 1520 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/24 05:59:18.0546 1520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/24 05:59:18.0625 1520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/24 05:59:18.0765 1520 yukonwxp (b29e7a2e211494ac05c2575d4725497a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/03/24 05:59:18.0953 1520 ================================================================================
2011/03/24 05:59:18.0953 1520 Scan finished
2011/03/24 05:59:18.0953 1520 ================================================================================
2011/03/24 05:59:18.0968 2880 Detected object count: 1
2011/03/24 05:59:40.0421 2880 Locked file(sptd) - User select action: Skip
|
|
24.03.2011, 15:59
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf teils anstößige Seiten. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
24.03.2011, 16:50
| #19 |
| | Google verlinkt auf teils anstößige Seiten. Okay hat alles geklappt. Nach MBRCheck hatte ich aber erstmal einen BLueScreen und ich hab den PC neu gestartet. Zweimal kam dann die Mledung von einem Disk Boot Fehler oder so. Jetzt gehts wieder und hier sind die logs: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-24 06:30:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000081 Maxtor_6V160E0 rev.VA111630
Running: ddosccpb.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgryraod.sys
---- System - GMER 1.0.15 ----
SSDT AD62A616 ZwCreateKey
SSDT AD62A60C ZwCreateThread
SSDT AD62A61B ZwDeleteKey
SSDT AD62A625 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xB9ED684E]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEE]
SSDT AD62A62A ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xB9ED1090]
SSDT AD62A5F8 ZwOpenProcess
SSDT AD62A5FD ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xB9ED6CC6]
SSDT sptd.sys ZwQueryValueKey [0xB9ED6B46]
SSDT AD62A634 ZwReplaceKey
SSDT AD62A62F ZwRestoreKey
SSDT AD62A620 ZwSetValueKey
Code \??\C:\WINDOWS\system32\drivers\hidev4iu.sys (Button Miniport Driver for Input Devices/Bluw (Hong Kong) Limited) ZwResumeThread [0xB1A36DF4]
Code \??\C:\cofi\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwResumeThread 805CAD9E 7 Bytes JMP B1A36DF8 \??\C:\WINDOWS\system32\drivers\hidev4iu.sys (Button Miniport Driver for Input Devices/Bluw (Hong Kong) Limited)
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload B90D48AC 5 Bytes JMP 8A18D960
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB81BF360, 0x35483F, 0xE8000020]
? System32\Drivers\afhsxx47.SYS Das System kann den angegebenen Pfad nicht finden. !
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xAC3B1480, 0x306DD, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xABE4B300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB2F1E300, 0x1B7E, 0xE8000020]
? C:\cofi\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? System32\Drivers\hiber_WMILIB.SYS Das System kann den angegebenen Pfad nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED1ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED1C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED1B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED272E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED2604] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A75C1D8
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
Device \FileSystem\Udfs \UdfsCdRom 890AE1D8
Device \FileSystem\Udfs \UdfsDisk 890AE1D8
Device \Driver\usbohci \Device\USBPDO-0 8A1981D8
Device \Driver\usbehci \Device\USBPDO-1 8A196980
Device \Driver\NetBT \Device\NetBT_Tcpip_{7151162D-3C17-4452-8699-F0E9D51FD52E} 89174980
Device \Driver\prodrv06 \Device\ProDrv06 E20A13A0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A75F1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{75A194B9-F09B-4C88-B646-84BD1CC42606} 89174980
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A75F1D8
Device \Driver\Cdrom \Device\CdRom0 8A622578
Device \Driver\NetBT \Device\NetBT_Tcpip_{CE66EAE0-5428-4023-934B-1AEE0F3C7763} 89174980
Device \Driver\Cdrom \Device\CdRom1 8A622578
Device \Driver\Cdrom \Device\CdRom2 8A622578
Device \Driver\nvatabus \Device\00000081 8A75E1D8
Device \Driver\nvatabus \Device\00000081 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E101CF60
Device \Driver\NetBT \Device\NetBt_Wins_Export 89174980
Device \Driver\NetBT \Device\NetbiosSmb 89174980
Device \Driver\00000045 \Device\0000005e sptd.sys
Device \Driver\usbohci \Device\USBFDO-0 8A1981D8
Device \Driver\nvatabus \Device\NvAta0 8A75E1D8
Device \Driver\nvatabus \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbehci \Device\USBFDO-1 8A196980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8911F1D8
Device \Driver\nvatabus \Device\NvAta1 8A75E1D8
Device \Driver\nvatabus \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvatabus \Device\NvAta2 8A75E1D8
Device \Driver\nvatabus \Device\NvAta2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8911F1D8
Device \Driver\Ftdisk \Device\FtControl 8A75F1D8
Device \Driver\nvatabus \Device\0000007e 8A75E1D8
Device \Driver\nvatabus \Device\0000007e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvatabus \Device\0000007f 8A75E1D8
Device \Driver\nvatabus \Device\0000007f prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471 8A144980
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 8A6F11D8
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path2Target10Lun0 8A6F11D8
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path2Target10Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471Port4Path0Target0Lun0 8A144980
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 88FA51D8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1282968998
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -664695999
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x23 0x1D 0x49 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0xDD 0x7B 0x2B ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x23 0x1D 0x49 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 06:40:20 on 24.03.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-839522115-1003Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-839522115-1003UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Pando" - "Pando Networks" - D:\Programme\Pando Networks\Media Booster\PMB.cpl "PavCPL" - ? - C:\WINDOWS\system32\pavcpl.cpl (File not found) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys "afhsxx47" (afhsxx47) - ? - C:\WINDOWS\system32\drivers\afhsxx47.sys (Hidden registry entry, rootkit activity | File not found) "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM ADSL Adapter Device" (aadev) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\aadev.sys "AVM FRITZ!web DSL PPP" (NETFWDSL) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFWDSL.SYS "AVM PPP over Ethernet" (NETDSL) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\netdsl.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "cdiskdun" (cdiskdun) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\cdiskdun.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "dtscsi" (dtscsi) - ? - C:\WINDOWS\System32\Drivers\dtscsi.sys (File not found) "GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "hidev4iu" (hidev4iu) - "Bluw (Hong Kong) Limited" - C:\WINDOWS\system32\drivers\hidev4iu.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kgryraod" (kgryraod) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgryraod.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys "RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys "Sony Ericsson 750 driver (WDM)" (k750bus) - ? - C:\WINDOWS\System32\DRIVERS\k750bus.sys (File not found) "Sony Ericsson 750 USB WMC Device Management Drivers" (k750mgmt) - ? - C:\WINDOWS\System32\DRIVERS\k750mgmt.sys (File not found) "Sony Ericsson 750 USB WMC Modem Drivers" (k750mdm) - ? - C:\WINDOWS\System32\DRIVERS\k750mdm.sys (File not found) "Sony Ericsson 750 USB WMC Modem Filter" (k750mdfl) - ? - C:\WINDOWS\System32\DRIVERS\k750mdfl.sys (File not found) "Sony Ericsson 750 USB WMC OBEX Interface Drivers" (k750obex) - ? - C:\WINDOWS\System32\DRIVERS\k750obex.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys "StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TerraCam USB PRO" (OM518P) - ? - C:\WINDOWS\System32\Drivers\om518vid.sys (File not found) "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- "(0) Source" - ? - hxxp://blog.visuellegedanken.de/images/2007_04_09_zwerg_wallpaper_1280_1024.jpg (HTTP value) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install (File not found) {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install (File not found) {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) "ImageResizer Shell Extension" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "ShellPlusContextMenu" - ? - (File not found | COM-object registry key not found) {30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll {C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll {2F860D82-AF3C-11D4-BDB3-00E0987D8540} "UltimateZip Drag Drop Handler" - ? - (File not found | COM-object registry key not found) {2F860D81-AF3C-11D4-BDB3-00E0987D8540} "UltimateZip Shell Extension" - ? - (File not found | COM-object registry key not found) {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found) ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{70DE7956-479D-4EB7-8641-2B45774C350E}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found) "ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe "ICQ7.1" - "ICQ, LLC." - D:\Programme\ICQ7.1\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Anleitung.exe" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Keyboard driver " - ? - D:\Programme\Keyboard Driver\Keyboard Driver\ikeymain.exe (File found, but it contains no detailed information) "LogMeIn Hamachi Ui" - "LogMeIn Inc." - "D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "NVRTCLK" - ? - C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Lexmark Print-2-Fax Port" - ? - C:\WINDOWS\system32\LXPRMON.DLL (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apache2" (Apache2) - ? - "C:\Dokumente und Einstellungen\Besitzer\Desktop\dslan_v1.3\dslan_v1.3\apache\bin\apache.exe" -k runservice (File not found) "Apache2.2" (Apache2.2) - "Apache Software Foundation" - D:\Programme\xampp\apache\bin\apache.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe "AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe "ICQ Service" (ICQ Service) - ? - D:\Programme\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jqs.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - D:\Programme\LogMeIn Hamachi\hamachi-2.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - d:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\MA2_6.scr (File found, but it contains no detailed information) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d
Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9ED0000 sptd.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9EB8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E89000 ACPI.sys
0xB9E78000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9E59000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 sfsync02.sys
0xBA0F8000 VolSnap.sys
0xB9E41000 atapi.sys
0xB9E2C000 nvatabus.sys
0xB9DFF000 Si3114r5.sys
0xB9DEA000 SI3114.sys
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DCA000 fltmgr.sys
0xB9DB8000 sr.sys
0xBA4BC000 SiWinAcc.sys
0xBA128000 PxHelp20.sys
0xB9DA1000 KSecDD.sys
0xB9D14000 Ntfs.sys
0xB9CE7000 NDIS.sys
0xBA5AC000 SiRemFil.sys
0xB9CD4000 sfvfs02.sys
0xBA338000 sfhlp02.sys
0xBA5AE000 sfhlp01.sys
0xB9CC2000 sfdrv01.sys
0xBA5B0000 prosync1.sys
0xBA138000 prohlp02.sys
0xB9CA8000 Mup.sys
0xBA168000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA248000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB90BC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8A7D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB89A0000 \SystemRoot\system32\drivers\portcls.sys
0xBA298000 \SystemRoot\system32\drivers\drmk.sys
0xB88BC000 \SystemRoot\system32\drivers\ks.sys
0xB9690000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9680000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9670000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB87C3000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB81BF000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB81AB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8161000 \SystemRoot\System32\Drivers\afhsxx47.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA318000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\irsir.sys
0xBA584000 \SystemRoot\system32\DRIVERS\irenum.sys
0xB814D000 \SystemRoot\system32\DRIVERS\parport.sys
0xB80F1000 \SystemRoot\system32\DRIVERS\NETFWDSL.SYS
0xBA178000 \SystemRoot\system32\drivers\tbhsd.sys
0xBA7D2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA458000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C84000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB80DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB80C9000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA350000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA368000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA390000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB72C9000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C64000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB74D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA62E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB2E46000 \SystemRoot\System32\Drivers\Null.SYS
0xBA630000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA632000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA634000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA408000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB905A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1C18000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1BBF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1B97000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9052000 \SystemRoot\system32\DRIVERS\netdsl.sys
0xB1B6B000 \SystemRoot\System32\drivers\afd.sys
0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA410000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB1B40000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1B05000 \SystemRoot\System32\drivers\prodrv06.sys
0xB1A95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1A30000 \??\C:\WINDOWS\system32\drivers\hidev4iu.sys
0xBA258000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1A0A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA278000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB19E4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xADA2C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA636000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
0xADE09000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xADB79000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD45C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xADC37000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xADC33000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xACAF4000 \SystemRoot\System32\Drivers\Udfs.SYS
0xACADF000 \SystemRoot\System32\Drivers\dump_nvatabus.sys
0xBA640000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xADC17000 \SystemRoot\System32\drivers\Dxapi.sys
0xAD9F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA69B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF5F9000 \SystemRoot\System32\ATMFD.DLL
0xAC8CA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAC8B4000 \SystemRoot\system32\DRIVERS\irda.sys
0xB49EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC7BF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAC782000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7DAD000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA622000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAD15A000 \SystemRoot\System32\DRIVERS\aadev.sys
0xAC369000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xABE4B000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB2F1E000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xABDF3000 \SystemRoot\system32\DRIVERS\srv.sys
0xACEB2000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAB59B000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB583000 \SystemRoot\System32\Drivers\GVCplDrv.SYS
0xB1649000 \??\C:\cofi\catchme.sys
0xB1241000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA620000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA2041000 \??\C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgryraod.sys
0xA2016000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 38):
0 System Idle Process
4 System
1176 C:\WINDOWS\system32\smss.exe
1280 csrss.exe
1304 C:\WINDOWS\system32\winlogon.exe
1356 C:\WINDOWS\system32\services.exe
1368 C:\WINDOWS\system32\lsass.exe
1560 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
456 C:\WINDOWS\system32\svchost.exe
532 svchost.exe
688 svchost.exe
1124 C:\WINDOWS\system32\LEXBCES.EXE
584 C:\WINDOWS\system32\spoolsv.exe
160 C:\WINDOWS\system32\LEXPPS.EXE
1284 D:\Programme\Avira\AntiVir Desktop\sched.exe
1680 svchost.exe
1952 D:\Programme\Avira\AntiVir Desktop\avguard.exe
896 D:\Programme\xampp\apache\bin\apache.exe
1888 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
1600 D:\Programme\LogMeIn Hamachi\hamachi-2.exe
2024 D:\Programme\ICQ6Toolbar\ICQ Service.exe
1072 D:\Programme\Java\jre6\bin\jqs.exe
1732 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2292 C:\WINDOWS\system32\nvsvc32.exe
2460 C:\WINDOWS\system32\PnkBstrA.exe
2612 D:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
3096 C:\WINDOWS\system32\svchost.exe
3840 D:\Programme\xampp\apache\bin\apache.exe
3820 alg.exe
3612 C:\WINDOWS\system32\svchost.exe
8080 C:\WINDOWS\explorer.exe
7296 D:\Programme\TortoiseSVN\bin\TSVNCache.exe
1444 C:\Dokumente und Einstellungen\Besitzer\Desktop\ddosccpb.exe
7056 D:\Programme\Mozilla Firefox\firefox.exe
4920 D:\Programme\Mozilla Firefox\plugin-container.exe
7836 C:\WINDOWS\system32\notepad.exe
5772 C:\Dokumente und Einstellungen\Besitzer\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
PhysicalDrive0 Model Number: Maxtor6V160E0, Rev: VA111630
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0
|
|
24.03.2011, 18:26
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf teils anstößige Seiten. MBRCheck ist unvollständig!! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2011, 12:23
| #21 |
| | Google verlinkt auf teils anstößige Seiten. Also habe alles gemacht wie beschrieben. Es sind jedoch 2 Probleme aufgetreten. 1. Habe ich den kgryraod Eintrag nicht gefunden. Hab ein paar mal genau durchgeschaut, er war aber nicht zu finden. Wenn ich das richtig gesehen habe, dann wurden durch den Filter alle "Hidden registry entry, rootkit activity" rot angezeigt. Und es gab nur einen roten Eintrag, der aber nicht der gesuchte war. 2. Habe ich wahrscheinlich versehentlich den Report übersprungen. Es gab da nur eine kleine Box, mit einem Haken und dem Eintrag. Wusste nicht, dass das der Report ist. Nach dem löschen des Eintrags kam diese Box nochmal und ich ahbe dessen Inhalt mal gespeichert: Code:
ATTFilter (Success) HKLM\SYSTEM\CurrentControlSet\Services\cdiskdun cdiskdun C:\DOKUME~1\Besitzer\LOKALE~1\Temp\cdiskdun.sys
|
|
25.03.2011, 14:11
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf teils anstößige Seiten.Zitat:
Der andere wurde anscheinend gelöscht. Schau mal mit OSAM nach, ob der Eintrag auch wirklich gelöscht wurde.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2011, 09:30
| #23 |
| | Google verlinkt auf teils anstößige Seiten. Der Eintrag ist nicht mehr zu finden |
|
26.03.2011, 18:59
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf teils anstößige Seiten. Poste das Log von mbrcheck bitte noch vollständig.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2011, 17:03
| #25 |
| | Google verlinkt auf teils anstößige Seiten. Das ist alles was drin steht: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d
Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9ED0000 sptd.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9EB8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E89000 ACPI.sys
0xB9E78000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9E59000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 sfsync02.sys
0xBA0F8000 VolSnap.sys
0xB9E41000 atapi.sys
0xB9E2C000 nvatabus.sys
0xB9DFF000 Si3114r5.sys
0xB9DEA000 SI3114.sys
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DCA000 fltmgr.sys
0xB9DB8000 sr.sys
0xBA4BC000 SiWinAcc.sys
0xBA128000 PxHelp20.sys
0xB9DA1000 KSecDD.sys
0xB9D14000 Ntfs.sys
0xB9CE7000 NDIS.sys
0xBA5AC000 SiRemFil.sys
0xB9CD4000 sfvfs02.sys
0xBA338000 sfhlp02.sys
0xBA5AE000 sfhlp01.sys
0xB9CC2000 sfdrv01.sys
0xBA5B0000 prosync1.sys
0xBA138000 prohlp02.sys
0xB9CA8000 Mup.sys
0xBA168000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA248000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB90BC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8A7D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB89A0000 \SystemRoot\system32\drivers\portcls.sys
0xBA298000 \SystemRoot\system32\drivers\drmk.sys
0xB88BC000 \SystemRoot\system32\drivers\ks.sys
0xB9690000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9680000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9670000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB87C3000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB81BF000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB81AB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8161000 \SystemRoot\System32\Drivers\afhsxx47.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA318000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\irsir.sys
0xBA584000 \SystemRoot\system32\DRIVERS\irenum.sys
0xB814D000 \SystemRoot\system32\DRIVERS\parport.sys
0xB80F1000 \SystemRoot\system32\DRIVERS\NETFWDSL.SYS
0xBA178000 \SystemRoot\system32\drivers\tbhsd.sys
0xBA7D2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA458000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C84000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB80DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB80C9000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA350000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA368000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA390000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB72C9000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C64000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB74D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA62E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB2E46000 \SystemRoot\System32\Drivers\Null.SYS
0xBA630000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA632000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA634000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA408000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB905A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1C18000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1BBF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1B97000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9052000 \SystemRoot\system32\DRIVERS\netdsl.sys
0xB1B6B000 \SystemRoot\System32\drivers\afd.sys
0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA410000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB1B40000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1B05000 \SystemRoot\System32\drivers\prodrv06.sys
0xB1A95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1A30000 \??\C:\WINDOWS\system32\drivers\hidev4iu.sys
0xBA258000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1A0A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA278000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB19E4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xADA2C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA636000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
0xADE09000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xADB79000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD45C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xADC37000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xADC33000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xACAF4000 \SystemRoot\System32\Drivers\Udfs.SYS
0xACADF000 \SystemRoot\System32\Drivers\dump_nvatabus.sys
0xBA640000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xADC17000 \SystemRoot\System32\drivers\Dxapi.sys
0xAD9F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA69B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF5F9000 \SystemRoot\System32\ATMFD.DLL
0xAC8CA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAC8B4000 \SystemRoot\system32\DRIVERS\irda.sys
0xB49EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC7BF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAC782000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7DAD000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA622000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAD15A000 \SystemRoot\System32\DRIVERS\aadev.sys
0xAC369000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xABE4B000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB2F1E000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xABDF3000 \SystemRoot\system32\DRIVERS\srv.sys
0xACEB2000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAB59B000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB583000 \SystemRoot\System32\Drivers\GVCplDrv.SYS
0xB1649000 \??\C:\cofi\catchme.sys
0xB1241000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA620000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA2041000 \??\C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgryraod.sys
0xA2016000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 38):
0 System Idle Process
4 System
1176 C:\WINDOWS\system32\smss.exe
1280 csrss.exe
1304 C:\WINDOWS\system32\winlogon.exe
1356 C:\WINDOWS\system32\services.exe
1368 C:\WINDOWS\system32\lsass.exe
1560 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
456 C:\WINDOWS\system32\svchost.exe
532 svchost.exe
688 svchost.exe
1124 C:\WINDOWS\system32\LEXBCES.EXE
584 C:\WINDOWS\system32\spoolsv.exe
160 C:\WINDOWS\system32\LEXPPS.EXE
1284 D:\Programme\Avira\AntiVir Desktop\sched.exe
1680 svchost.exe
1952 D:\Programme\Avira\AntiVir Desktop\avguard.exe
896 D:\Programme\xampp\apache\bin\apache.exe
1888 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
1600 D:\Programme\LogMeIn Hamachi\hamachi-2.exe
2024 D:\Programme\ICQ6Toolbar\ICQ Service.exe
1072 D:\Programme\Java\jre6\bin\jqs.exe
1732 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2292 C:\WINDOWS\system32\nvsvc32.exe
2460 C:\WINDOWS\system32\PnkBstrA.exe
2612 D:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
3096 C:\WINDOWS\system32\svchost.exe
3840 D:\Programme\xampp\apache\bin\apache.exe
3820 alg.exe
3612 C:\WINDOWS\system32\svchost.exe
8080 C:\WINDOWS\explorer.exe
7296 D:\Programme\TortoiseSVN\bin\TSVNCache.exe
1444 C:\Dokumente und Einstellungen\Besitzer\Desktop\ddosccpb.exe
7056 D:\Programme\Mozilla Firefox\firefox.exe
4920 D:\Programme\Mozilla Firefox\plugin-container.exe
7836 C:\WINDOWS\system32\notepad.exe
5772 C:\Dokumente und Einstellungen\Besitzer\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
PhysicalDrive0 Model Number: Maxtor6V160E0, Rev: VA111630
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0
|
|
27.03.2011, 21:06
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf teils anstößige Seiten.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2011, 12:32
| #27 |
| | Google verlinkt auf teils anstößige Seiten. Nein tut mir Leid. Soll cih den Check nochmal machen? |
|
30.03.2011, 15:28
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf teils anstößige Seiten. Ja, aber lass mbrcheck mal bitte länger laufen. Ne Minute mindestens.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2011, 16:20
| #29 |
| | Google verlinkt auf teils anstößige Seiten. Tut mir Leid, dass es immer so lange dauert bis ich anworte. Hab ich lezter Zeit viel zu tun. Habe nun einen MBRCheck gemacht, mit dem gleichen Ergebniss: Der PC ist ausgegangen -> Bluescreen mit dem Hinweis, mein PC wurde ausgeschaltet, damit er nicht beschädigt wird -> ähnliches MBRCheck-Log, das genauso wie das vorherige aufhört. |
|
04.04.2011, 19:21
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf teils anstößige Seiten. Hast Du noch andere Betriebssystem außer WinXP drauf? Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus. (wurde von combofix installiert) Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen) Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus den Bootkit Remover nochmals aus und poste das neue Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Google verlinkt auf teils anstößige Seiten. |
| 0x00000001, 32 bit, adware.softmate, alternate, antivir, audiograbber, avgntflt.sys, besitzer, conduit, counter-strike source, device driver, downloader, excel.exe, falsche seite, google chrome, hacktool.sniffer.wpepro, hijack.shell, hijackthis, intranet, msvcr80.dll, ntdll.dll, plug-in, pum.bad.proxy, pup.hacktool.wpe, realtek, reverse, rogue.virusheat, saver, search.hijack, shell32.dll, skype.exe, sptd.sys, stolen.data, trojan.agent, trojan.downloader, trojan.dropper, trojan.zlob, usbport.sys, visual studio, windows internet |
Linear-Darstellung
