gmer:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-28 07:45:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BJKT-75F4T0 rev.11.01A11
Running: 5q2gumbu.exe; Driver: C:\DOKUME~1\Frank\LOKALE~1\Temp\uxldypog.sys
---- System - GMER 1.0.15 ----
SSDT F7A7DA1E ZwCreateKey
SSDT F7A7DA14 ZwCreateThread
SSDT F7A7DA23 ZwDeleteKey
SSDT F7A7DA2D ZwDeleteValueKey
SSDT F7A7DA32 ZwLoadKey
SSDT F7A7DA00 ZwOpenProcess
SSDT F7A7DA05 ZwOpenThread
SSDT F7A7DA3C ZwReplaceKey
SSDT F7A7DA37 ZwRestoreKey
SSDT F7A7DA28 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB96F9000, 0x1C5D38, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 488376003
Disk \Device\Harddisk0\DR0 PE file @ sector 488376025
---- EOF - GMER 1.0.15 ----
osam :
Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 07:56:37 on 28.05.2011
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.17
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl
"BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"DMdm32.cpl" - ? - C:\WINDOWS\system32\DMdm32.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AFS2k" (AFS2K) - "Oak Technology Inc." - C:\WINDOWS\system32\drivers\AFS2K.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Frank\LOKALE~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
"uxldypog" (uxldypog) - ? - C:\DOKUME~1\Frank\LOKALE~1\Temp\uxldypog.sys (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Digital Line Detect.lnk" - "Avanquest Software " - C:\Programme\Digital Line Detect\DLG.exe (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Frank\Startmenü\Programme\Autostart\desktop.ini
"DesktopVideoPlayer.lnk" - "Totem Entertainment" - C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\vghd\bin\vghd.exe (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE (File found, but it contains no detailed information)
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"SupportSoft Sprocket Service (DellSupportCenter)" (sprtsvc_DellSupportCenter) - "SupportSoft, Inc." - C:\Programme\Dell Support Center\bin\sprtsvc.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
mbrcheck:
Code:
Alles auswählen Aufklappen ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\TUKERNEL.EXE
0x80722000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D7000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B1000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF7499000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7479000 fltMgr.sys
0xF7467000 sr.sys
0xF7450000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7423000 NDIS.sys
0xF7409000 Mup.sys
0xBA7D8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7677000 \SystemRoot\system32\DRIVERS\processr.sys
0xB96F8000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB96E4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB95AD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7697000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF76A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB958A000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9562000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9530000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7556000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB951C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7546000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB94EA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB9499000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA01D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA019000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB93C8000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7A88000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7536000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA015000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9311000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7526000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7516000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9300000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7506000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB92A8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF74F6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB924A000 \SystemRoot\system32\DRIVERS\update.sys
0xF791F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB920F000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xBA7A0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA770000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xAADF2000 \SystemRoot\system32\drivers\sthda.sys
0xAADCE000 \SystemRoot\system32\drivers\portcls.sys
0xBA730000 \SystemRoot\system32\drivers\drmk.sys
0xAAD9A000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAACA8000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAABF5000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF781F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79E1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7ABE000 \SystemRoot\System32\Drivers\Null.SYS
0xF79E3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF777F000 \SystemRoot\System32\drivers\vga.sys
0xF79E5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7787000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF778F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7C4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAABC2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAAB69000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAAB41000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAAB1B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAAAE3000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xAAAC1000 \SystemRoot\System32\drivers\afd.sys
0xBA720000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys
0xBA710000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7797000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA9F6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA95E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76E7000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA938000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79F7000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF779F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7576000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7566000 \SystemRoot\System32\Drivers\btwusb.sys
0xF794B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB93B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAA8FE000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0xF7A03000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA7F4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA8BE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A05000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xB9398000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA7E0000 \SystemRoot\System32\drivers\Dxapi.sys
0xAAF78000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AA2000 \SystemRoot\System32\drivers\dxgthk.sys
0xB9368000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBF9C6000 \SystemRoot\System32\ATMFD.DLL
0xA8405000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA8361000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA80E0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA807B000 \SystemRoot\system32\drivers\wdmaud.sys
0xA82F5000 \SystemRoot\system32\drivers\sysaudio.sys
0xA80B8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA7E1D000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA20E000 \??\C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xA76FC000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7341000 \??\C:\DOKUME~1\Frank\LOKALE~1\Temp\uxldypog.sys
0xA722E000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 41):
0 System Idle Process
4 System
508 C:\WINDOWS\system32\smss.exe
964 csrss.exe
1060 C:\WINDOWS\system32\winlogon.exe
1104 C:\WINDOWS\system32\services.exe
1116 C:\WINDOWS\system32\lsass.exe
1308 C:\WINDOWS\system32\ati2evxx.exe
1328 C:\WINDOWS\system32\svchost.exe
1412 svchost.exe
1484 C:\WINDOWS\system32\svchost.exe
1544 C:\WINDOWS\system32\ati2evxx.exe
1636 svchost.exe
1720 svchost.exe
1868 C:\WINDOWS\system32\WLTRYSVC.EXE
1880 C:\WINDOWS\system32\BCMWLTRY.EXE
1936 C:\WINDOWS\system32\spoolsv.exe
1988 C:\Programme\Avira\AntiVir Desktop\sched.exe
2024 svchost.exe
280 C:\Programme\Avira\AntiVir Desktop\avguard.exe
636 C:\Programme\Java\jre6\bin\jqs.exe
684 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
784 C:\Programme\Dell Support Center\bin\sprtsvc.exe
932 C:\WINDOWS\system32\svchost.exe
1008 C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
1520 wdfmgr.exe
1700 C:\WINDOWS\explorer.exe
2300 C:\WINDOWS\OEM02Mon.exe
2308 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2316 C:\WINDOWS\system32\WLTRAY.EXE
2336 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2352 C:\Programme\Sigmatel\C-Major Audio\WDM\stsystra.exe
2372 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2516 C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
2544 C:\Programme\Digital Line Detect\DLG.exe
3424 C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
3452 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3676 alg.exe
4016 C:\WINDOWS\system32\wuauclt.exe
1572 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2944 C:\Dokumente und Einstellungen\Frank\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BJKT-75F4T0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
28.05.2011, 07:01
Hybrid-Darstellung
