| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: windows recovery (fast gelöst?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.03.2011, 19:41
| #16 |
 |  windows recovery (fast gelöst?) bin heute nur kurz da und deswegen keine zeit dafür. ich werde morgen die gewünschten logs erstellen. nicht das du denkst, deine mühe scheitert an faulheit  |
|
26.03.2011, 13:12
| #17 |
| | windows recovery (fast gelöst?) ich hoffe das passt so. ich suche krampfhaft nach dem GMER log, aber trotz speichern aufm desktop nicht zu finden
__________________ OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:04:09 on 26.03.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~2\avconfig.cpl "Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASUS Video3D Service" (Video3D) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\Drivers\Video3D32.sys "ASUS Virtual Video Capture Device Driver" (asusgsb) - "ASUSTeK Computer Inc." - C:\WINDOWS\System32\drivers\asusgsb.sys "ASUSTeK Virtual Capture Device" (ASUSVRC) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\DRIVERS\AsusVRC.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\sven\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "EIO_XP" (EIO_XP) - "ASUSTeK Computer Inc." - C:\WINDOWS\system32\drivers\EIO_XP.sys "ElbyVCD" (ElbyVCD) - ? - C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys (File not found) "Enhanced Display Driver Helper Service" (asuskbnt) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\drivers\atkkbnt.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PC Tools Data Store" (pctDS) - "PC Tools" - C:\WINDOWS\System32\drivers\pctDS.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PLCNDIS5 NDIS Protocol Driver" (PLCNDIS5) - "Intellon, Inc." - C:\WINDOWS\system32\plcndis5.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "pxtdypob" (pxtdypob) - ? - C:\DOKUME~1\sven\LOKALE~1\Temp\pxtdypob.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {a45cfb7d-6e23-40b5-94fa-290314f01dc5} "Better File Rename" - "publicspace.net" - C:\Programme\Better File Rename\BfrExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} "Panda Security Toolbar" - ? - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\sven\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "LuxeMate525" - ? - C:\PROGRAMME\KYE\LUXEMATE525\LuxeMateLoader.exe (File found, but it contains no detailed information) "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "LIDIL hpzll43a" - "Hewlett-Packard Company" - C:\WINDOWS\system32\hpzll43a.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATK Keyboard Service" (ATKKeyboardService) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\ATKKBService.exe "Google Update Service (gupdate1c9fedb85c2a06c)" (gupdate1c9fedb85c2a06c) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7366000 fltmgr.sys
0xF7337000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7326000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7307000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF72E4000 nvrd32.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74B7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF72A8000 nvgts.sys
0xF7290000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74C7000 disk.sys
0xF727E000 sr.sys
0xF7241000 PCTCore.sys
0xF71EA000 pctDS.sys
0xF74D7000 PxHelp20.sys
0xF71D3000 KSecDD.sys
0xF7146000 Ntfs.sys
0xF7119000 NDIS.sys
0xF70FF000 Mup.sys
0xF7657000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7677000 \SystemRoot\system32\DRIVERS\serial.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF7953000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF68A7000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF795B000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6883000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF685B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7697000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6838000 \SystemRoot\system32\DRIVERS\ks.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF674F000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6385000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6371000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7963000 \SystemRoot\system32\drivers\atkkbnt.sys
0xF7967000 \SystemRoot\System32\Drivers\Video3D32.sys
0xF796B000 \SystemRoot\system32\drivers\asusgsb.sys
0xF780F000 \SystemRoot\system32\DRIVERS\AsusVRC.sys
0xF7A7D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7817000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF781F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7973000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF635A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6349000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7507000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7827000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF782F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7517000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF62EB000 \SystemRoot\system32\DRIVERS\update.sys
0xF797B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7537000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7567000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xAE288000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAE264000 \SystemRoot\system32\drivers\portcls.sys
0xF7577000 \SystemRoot\system32\drivers\drmk.sys
0xF79B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B1D000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7847000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF784F000 \SystemRoot\System32\drivers\vga.sys
0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7857000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF785F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF68C3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE1D7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE17E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE12E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE108000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF793F000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE0E6000 \SystemRoot\System32\drivers\afd.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7867000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAE0BB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE04B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75C7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7943000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF786F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7947000 \??\C:\WINDOWS\system32\drivers\EIO_XP.sys
0xADF8F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF794F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF621F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF79C7000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7647000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xADF4F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79D9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE21E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF771F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ABB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\atkdisp.dll
0xBF045000 \SystemRoot\System32\ati2dvag.dll
0xBF09B000 \SystemRoot\System32\ati2cqag.dll
0xBF135000 \SystemRoot\System32\atikvmag.dll
0xBF1BA000 \SystemRoot\System32\atiok3x2.dll
0xBF209000 \SystemRoot\System32\ati3duag.dll
0xBF4E5000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xABBEA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xABB5C000 \SystemRoot\system32\DRIVERS\irda.sys
0xF783F000 \SystemRoot\system32\plcndis5.sys
0xABC0A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB877000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB9B4000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB4DA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A33000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAB2D0000 \SystemRoot\system32\DRIVERS\srv.sys
0xABCBE000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAAF44000 \SystemRoot\System32\Drivers\HTTP.sys
0xAAE8B000 \??\C:\DOKUME~1\sven\LOKALE~1\Temp\pxtdypob.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 27):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
680 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
952 C:\WINDOWS\system32\ati2evxx.exe
972 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1284 svchost.exe
1404 C:\WINDOWS\system32\ati2evxx.exe
1488 svchost.exe
1648 C:\WINDOWS\system32\spoolsv.exe
1952 C:\WINDOWS\explorer.exe
260 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
284 C:\Programme\KYE\LuxeMate525\LuxeMate525.exe
184 svchost.exe
1872 C:\WINDOWS\ATKKBService.exe
532 C:\Programme\Java\jre6\bin\jqs.exe
580 C:\Programme\CDBurnerXP\NMSAccessU.exe
1240 C:\WINDOWS\system32\svchost.exe
2232 C:\WINDOWS\system32\wscntfy.exe
2656 alg.exe
1824 C:\WINDOWS\system32\wuauclt.exe
3976 C:\Dokumente und Einstellungen\sven\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3250624A, Rev: 3.AAH
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
|
26.03.2011, 19:19
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | windows recovery (fast gelöst?) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
__________________Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
|
| Themen zu windows recovery (fast gelöst?) |
| .dll, 0x00000001, adobe, alternate, antivirus, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, cdburnerxp, cloud, converter, einstellungen, explorer, firefox, hacked, helper, home, homepage, host.exe, location, logfile, mozilla, mp3, nvidia, oldtimer, otl.exe, plug-in, realtek, registry, rundll, sched.exe, searchplugins, security, shell32.dll, software, spyware, staropen, super, system, windows, wscript.exe |
Linear-Darstellung
