| |
| |||||||
Log-Analyse und Auswertung: Kazy.merkml1, fakeSysdef.A.313, usw.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.05.2011, 21:11
| #16 |
 |  Kazy.merkml1, fakeSysdef.A.313, usw. Hallo, nochmal! Also, ich hoffe, alles ist komplett: Gmer: GMER 1.0.15.15627 - hxxp://www.gmer.net Rootkit quick scan 2011-05-10 21:51:19 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O Running: g2m3e4r.exe; Driver: C:\Users\minnie\AppData\Local\Temp\pxdiypog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:04:32 on 10.05.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Google Inc. Google Chrome 0.0.0.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll "AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cc0771faeb8a83.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA1cc0771fb166348.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "pmxusb.cpl" - ? - C:\Windows\system32\pmxusb.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\minnie\AppData\Local\Temp\catchme.sys (File not found) "pxdiypog" (pxdiypog) - ? - C:\Users\minnie\AppData\Local\Temp\pxdiypog.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Program Files\7-Zip\7-zip.dll {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\ZIPIZA~1\IZArcCM.dll (File found, but it contains no detailed information) {BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\ZIPIZA~1\IZArcCM.dll (File found, but it contains no detailed information) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} "FireShot" - ? - C:\Users\minnie\AppData\Roaming\Mozilla\Firefox\Profiles\k003e2dl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Hardcopy.LNK" - "sw4you, Siegfried Weckmann" - C:\Program Files\Hardcopy\hardcopy.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart "LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "Kaspersky PURE" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Verwaltungsservice vom CryproStorage-System" (CSObjectsSrv) - "Infowatch" - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Microsoft Corporation" - C:\Windows\WLXPGSS.SCR -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru mbrCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: MEDION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MEDION System Product Name: E7214 Logical Drives Mask: 0x0000001c Kernel Drivers (total 187): 0x82C4A000 \SystemRoot\system32\ntkrnlpa.exe 0x82C13000 \SystemRoot\system32\halmacpi.dll 0x80BB0000 \SystemRoot\system32\kdcom.dll 0x8323D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x832B5000 \SystemRoot\system32\PSHED.dll 0x832C6000 \SystemRoot\system32\BOOTVID.dll 0x832CE000 \SystemRoot\system32\CLFS.SYS 0x83310000 \SystemRoot\system32\CI.dll 0x8AC09000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8AC7A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8AC88000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8ACD0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8ACD9000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8ACE1000 \SystemRoot\system32\DRIVERS\pci.sys 0x8AD0B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8AD16000 \SystemRoot\system32\DRIVERS\CSCrySec.sys 0x8AD2A000 \SystemRoot\System32\drivers\partmgr.sys 0x8AD3B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8AD43000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8AD4E000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8AD5E000 \SystemRoot\System32\drivers\volmgrx.sys 0x8ADA9000 \SystemRoot\System32\drivers\mountmgr.sys 0x8AE17000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8AFCC000 \SystemRoot\system32\drivers\amdxata.sys 0x8ADBF000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AFD5000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B013000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B142000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B16D000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B180000 \SystemRoot\System32\Drivers\cng.sys 0x8B1DD000 \SystemRoot\System32\drivers\pcw.sys 0x8B1EB000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B200000 \SystemRoot\system32\drivers\ndis.sys 0x8B2B7000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B2F5000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B439000 \SystemRoot\System32\drivers\tcpip.sys 0x8B582000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B5B3000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B5F2000 \SystemRoot\System32\Drivers\spldr.sys 0x8B400000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B31A000 \SystemRoot\System32\Drivers\mup.sys 0x8B32A000 \SystemRoot\system32\DRIVERS\klbg.sys 0x8B42D000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B337000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B369000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B37A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B3AC000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90037000 \SystemRoot\system32\DRIVERS\klif.sys 0x90088000 \SystemRoot\System32\Drivers\Null.SYS 0x9008F000 \SystemRoot\System32\Drivers\Beep.SYS 0x90096000 \SystemRoot\System32\drivers\vga.sys 0x900A2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x900C3000 \SystemRoot\System32\drivers\watchdog.sys 0x900D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x900D8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x900E0000 \SystemRoot\system32\drivers\rdprefmp.sys 0x900E8000 \SystemRoot\System32\Drivers\Msfs.SYS 0x900F3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90101000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90118000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x9083F000 \SystemRoot\system32\DRIVERS\kl1.sys 0x90D5F000 \SystemRoot\system32\drivers\afd.sys 0x90DB9000 \SystemRoot\System32\DRIVERS\netbt.sys 0x90DEB000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x90800000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9081F000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x90830000 \SystemRoot\system32\DRIVERS\klim6.sys 0x90DF2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x90123000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90136000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90146000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90187000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90191000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9019B000 \SystemRoot\System32\drivers\discache.sys 0x901A7000 \SystemRoot\System32\Drivers\dfsc.sys 0x90837000 \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys 0x901BF000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x901CD000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x91436000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x90E1E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x90ED5000 \SystemRoot\System32\drivers\dxgmms1.sys 0x90F0E000 \SystemRoot\system32\DRIVERS\HECI.sys 0x90F19000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90F28000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x90F73000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90F92000 \SystemRoot\system32\DRIVERS\L1C62x86.sys 0x92C14000 \SystemRoot\system32\DRIVERS\rtl8192se.sys 0x92D27000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x92D31000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x92D35000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x92D4D000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x92D5A000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x92D91000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x92D93000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0x92D9C000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x92DA9000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x92DCA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x92DD3000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x92DE5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x92DF2000 \SystemRoot\System32\Drivers\x10hid.sys 0x92C00000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0x92DF4000 \SystemRoot\System32\Drivers\HIDPARSE.SYS 0x90FA4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x90FB6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90FCE000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90FD9000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x90E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x91D53000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x91D6A000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x92DFB000 \SystemRoot\system32\DRIVERS\swenum.sys 0x91D81000 \SystemRoot\system32\DRIVERS\ks.sys 0x91DB5000 \SystemRoot\system32\DRIVERS\circlass.sys 0x91DC3000 \SystemRoot\system32\DRIVERS\umbus.sys 0x833BB000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x91DD1000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x91DDD000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9360E000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x938FA000 \SystemRoot\system32\drivers\portcls.sys 0x93929000 \SystemRoot\system32\drivers\drmk.sys 0x93942000 \SystemRoot\system32\DRIVERS\IntcDAud.sys 0x94D40000 \SystemRoot\System32\win32k.sys 0x93980000 \SystemRoot\System32\drivers\Dxapi.sys 0x9398A000 \SystemRoot\System32\Drivers\crashdmp.sys 0x81E3C000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x81E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x81E11000 \SystemRoot\System32\Drivers\x10ufx2.sys 0x81E1B000 \SystemRoot\system32\DRIVERS\monitor.sys 0x94FA0000 \SystemRoot\System32\TSDDD.dll 0x94FD0000 \SystemRoot\System32\cdd.dll 0x939C7000 \SystemRoot\system32\drivers\luafv.sys 0x939E2000 \SystemRoot\system32\drivers\WudfPf.sys 0x81E26000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x95613000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x95659000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x95669000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9567C000 \SystemRoot\system32\drivers\HTTP.sys 0x95701000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9571A000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9572C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9574F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9578A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x99007000 \SystemRoot\system32\drivers\peauth.sys 0x9909E000 \SystemRoot\System32\Drivers\secdrv.SYS 0x990A8000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x990C9000 \SystemRoot\System32\drivers\tcpipreg.sys 0x990D6000 \SystemRoot\System32\DRIVERS\srv2.sys 0x99125000 \SystemRoot\System32\DRIVERS\srv.sys 0x991E1000 \??\C:\Users\minnie\AppData\Local\Temp\pxdiypog.sys 0x77880000 \Windows\System32\ntdll.dll 0x47CC0000 \Windows\System32\smss.exe 0x77AC0000 \Windows\System32\apisetschema.dll 0x00D80000 \Windows\System32\autochk.exe 0x779E0000 \Windows\System32\user32.dll 0x777F0000 \Windows\System32\clbcatq.dll 0x77740000 \Windows\System32\msvcrt.dll 0x776B0000 \Windows\System32\oleaut32.dll 0x779D0000 \Windows\System32\lpk.dll 0x77650000 \Windows\System32\difxapi.dll 0x77510000 \Windows\System32\urlmon.dll 0x774C0000 \Windows\System32\gdi32.dll 0x77490000 \Windows\System32\imagehlp.dll 0x773C0000 \Windows\System32\msctf.dll 0x773A0000 \Windows\System32\imm32.dll 0x76750000 \Windows\System32\shell32.dll 0x779C0000 \Windows\System32\psapi.dll 0x76700000 \Windows\System32\Wldap32.dll 0x76500000 \Windows\System32\iertutil.dll 0x76400000 \Windows\System32\wininet.dll 0x763A0000 \Windows\System32\shlwapi.dll 0x76200000 \Windows\System32\setupapi.dll 0x761C0000 \Windows\System32\ws2_32.dll 0x761A0000 \Windows\System32\sechost.dll 0x760C0000 \Windows\System32\kernel32.dll 0x76020000 \Windows\System32\advapi32.dll 0x76010000 \Windows\System32\nsi.dll 0x75F90000 \Windows\System32\comdlg32.dll 0x75EF0000 \Windows\System32\usp10.dll 0x75EE0000 \Windows\System32\normaliz.dll 0x75E30000 \Windows\System32\rpcrt4.dll 0x75CD0000 \Windows\System32\ole32.dll 0x75C40000 \Windows\System32\comctl32.dll 0x75C20000 \Windows\System32\devobj.dll 0x75BF0000 \Windows\System32\wintrust.dll 0x75BA0000 \Windows\System32\KernelBase.dll 0x75B70000 \Windows\System32\cfgmgr32.dll 0x75A50000 \Windows\System32\crypt32.dll 0x75A40000 \Windows\System32\msasn1.dll Processes (total 60): 0 System Idle Process 4 System 340 C:\Windows\System32\smss.exe 476 csrss.exe 532 C:\Windows\System32\wininit.exe 540 csrss.exe 580 C:\Windows\System32\services.exe 600 C:\Windows\System32\lsass.exe 608 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\svchost.exe 784 C:\Windows\System32\svchost.exe 832 C:\Windows\System32\svchost.exe 884 C:\Windows\System32\svchost.exe 912 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\winlogon.exe 1120 C:\Windows\System32\svchost.exe 1328 C:\Windows\System32\svchost.exe 1468 C:\Windows\System32\spoolsv.exe 1504 C:\Windows\System32\svchost.exe 1632 C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe 1692 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe 1728 C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 1832 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 1856 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1908 C:\Windows\System32\svchost.exe 1980 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 2408 C:\Windows\System32\svchost.exe 2808 C:\Windows\System32\taskhost.exe 2816 C:\Windows\System32\dwm.exe 2872 C:\Windows\explorer.exe 3004 C:\Windows\System32\svchost.exe 3244 C:\Program Files\Launch Manager\WButton.exe 3252 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3308 C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe 3316 C:\Program Files\Launch Manager\WisLMSvc.exe 3380 WmiPrvSE.exe 3412 C:\Program Files\Launch Manager\OSD.exe 3500 C:\Program Files\Launch Manager\HotkeyApp.exe 3552 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 3680 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 3740 C:\Program Files\Hardcopy\hardcopy.exe 3812 C:\Program Files\OpenOffice.org 3\program\soffice.exe 4000 C:\Program Files\OpenOffice.org 3\program\soffice.bin 2012 C:\Windows\System32\SearchIndexer.exe 2996 C:\Program Files\Windows Media Player\wmpnetwk.exe 2420 C:\Windows\System32\svchost.exe 1524 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 5116 C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 5192 C:\Windows\System32\svchost.exe 6028 C:\Windows\System32\wuauclt.exe 4468 C:\Program Files\Mozilla Firefox\firefox.exe 3192 C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe 6052 C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe 6016 C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe 4576 C:\PROGRA~1\ZIPIZA~1\IZArc.exe 748 C:\Users\minnie\AppData\Local\Temp\osam_autorun_manager_5_0_portable\osam.exe 5616 C:\Windows\System32\SearchProtocolHost.exe 3084 C:\Windows\System32\SearchFilterHost.exe 2376 C:\Users\minnie\Downloads\MBRCheck.exe 4944 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000042`c5a00000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC64G Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: D8BFBF52987DB4F8A60D8A791A81C5F636CBFC62 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Viele Grüße Myrjam |
| Themen zu Kazy.merkml1, fakeSysdef.A.313, usw. |
| 2.0.7, alles blockiert, antivir, avira, bho, blockiert, c:\windows\system32\rundll32.exe, disabletaskmgr, druck, error, excel.exe, festplatte, firefox, google, google chrome, home, install.exe, installation, intranet, kaspersky, laufwerk c, launch, location, logfile, microsoft office word, mozilla, mozilla thunderbird, nicht installiert, ntdll.dll, office 2007, oldtimer, plug-in, problem, realtek, registry, rundll, scan, searchplugins, security, security update, senden, software, speicherplatz, start menu, studio, svchost.exe, trojaner, usb 2.0, webcheck, windows |
Baum-Darstellung