"PUM.Disabled.SecurityCenter" Registry infiziert

Crackspread · 04.06.2011, 23:55

Moin!

Das hat etwas gedauert mit GMER und dann leider nicht geklappt, ist zweimal abgeschmiert. Beim ersten Mal war das Tool offenbar schon recht weit durchgelaufen und hatte diverse Meldungen erstellt, bevor der Crash kam.

Habe dann wie empfohlen OSAM ausgeführt:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:53:09 on 04.06.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Spybot - Search & Destroy -  Scheduled Task.job" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL  (File signed by Microsoft | File found, but it contains no detailed information)
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl
"QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\DERKLE~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\SophosMEMSWEEP.SYS  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll  (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"WISO Mein Steuer-Sparbuch heute.lnk" - "Buhl Tax Service, Hannover" - C:\Programme\WISO\Steuersoftware 2011\mshaktuell.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"AVMWlanClient" - "AVM GmbH Berlin" - C:\Programme\avmwlanstick\wlangui.exe
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Programme\avmwlanstick\WlanNetService.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

______________________________
Und hier MBERCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 113):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF9A28000 \WINDOWS\system32\KDCOM.DLL
0xF9938000 \WINDOWS\system32\BOOTVID.dll
0xF94D8000 ACPI.sys
0xF9A2A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF94C7000 pci.sys
0xF9528000 isapnp.sys
0xF9AF0000 pciide.sys
0xF97A8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF9A2C000 intelide.sys
0xF9538000 MountMgr.sys
0xF94A8000 ftdisk.sys
0xF97B0000 PartMgr.sys
0xF9548000 VolSnap.sys
0xF9490000 atapi.sys
0xF9558000 disk.sys
0xF9568000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF9470000 fltmgr.sys
0xF945E000 sr.sys
0xF9578000 PxHelp20.sys
0xF9447000 KSecDD.sys
0xF93BA000 Ntfs.sys
0xF938D000 NDIS.sys
0xF9373000 Mup.sys
0xF9718000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8DFB000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8DE7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF9868000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF8DC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF9870000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8DAF000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF9728000 \SystemRoot\system32\DRIVERS\serial.sys
0xF9A08000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8D9B000 \SystemRoot\system32\DRIVERS\parport.sys
0xF9A0C000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF9738000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF9748000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF9758000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8D78000 \SystemRoot\system32\DRIVERS\ks.sys
0xF89CD000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF89A9000 \SystemRoot\system32\drivers\portcls.sys
0xF9768000 \SystemRoot\system32\drivers\drmk.sys
0xF9B55000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF9778000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF9A14000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF8992000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF9788000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF9798000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF9878000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF8981000 \SystemRoot\system32\DRIVERS\psched.sys
0xF95A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF9880000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF9888000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF95D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF9890000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF9898000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF9A5E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF8923000 \SystemRoot\system32\DRIVERS\update.sys
0xF8ED9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF95F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF9628000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF9A62000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF9A64000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9BA2000 \SystemRoot\System32\Drivers\Null.SYS
0xF9A66000 \SystemRoot\System32\Drivers\Beep.SYS
0xF98C0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF98C8000 \SystemRoot\System32\drivers\vga.sys
0xF9A68000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9A6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF98D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF98D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF99D8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF0722000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF06C9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF06A1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF067F000 \SystemRoot\System32\drivers\afd.sys
0xF9648000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF0654000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF05E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF9658000 \SystemRoot\System32\Drivers\Fips.SYS
0xF05BE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF9668000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF0598000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF99FC000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF9A72000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF96D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF9A00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF95B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF98F0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF9A04000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8EE1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF04B8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9A7E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8913000 \SystemRoot\System32\drivers\Dxapi.sys
0xF98F8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9B58000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
0xBF148000 \SystemRoot\System32\ATMFD.DLL
0xF0403000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF01CE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF0508000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xEFEA6000 \SystemRoot\system32\DRIVERS\srv.sys
0xEFA0E000 \SystemRoot\System32\Drivers\HTTP.sys
0xEF9A9000 \SystemRoot\system32\drivers\wdmaud.sys
0xEFAE6000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF516000 \SystemRoot\system32\DRIVERS\fwlanusb.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
452 C:\WINDOWS\system32\smss.exe
508 csrss.exe
532 C:\WINDOWS\system32\winlogon.exe
576 C:\WINDOWS\system32\services.exe
588 C:\WINDOWS\system32\lsass.exe
756 C:\WINDOWS\system32\svchost.exe
804 svchost.exe
844 C:\WINDOWS\system32\svchost.exe
892 svchost.exe
944 svchost.exe
1024 C:\WINDOWS\system32\spoolsv.exe
1084 C:\Programme\Avira\AntiVir Desktop\sched.exe
1132 svchost.exe
1196 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1208 C:\Programme\avmwlanstick\WLanNetService.exe
1268 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1328 C:\Programme\Java\jre6\bin\jqs.exe
1360 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
1424 C:\WINDOWS\system32\svchost.exe
344 alg.exe
1904 C:\WINDOWS\system32\svchost.exe
2836 wmpnetwk.exe
232 C:\WINDOWS\system32\wscntfy.exe
980 C:\WINDOWS\explorer.exe
2120 C:\WINDOWS\system32\igfxtray.exe
2188 C:\WINDOWS\system32\hkcmd.exe
2204 C:\Programme\avmwlanstick\WLanGUI.exe
2248 C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
680 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2220 C:\Programme\FreePDF_XP\fpassist.exe
2156 C:\Programme\Microsoft ActiveSync\wcescomm.exe
3220 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
3800 C:\Programme\Mozilla Firefox\firefox.exe
2132 wmiprvse.exe
1028 C:\Dokumente und Einstellungen\Der kleine Wolf\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP0802N, Rev: TK200-04

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

Gute Nacht, erstmal.

"PUM.Disabled.SecurityCenter" Registry infiziert

Log-Analyse und Auswertung: "PUM.Disabled.SecurityCenter" Registry infiziert

"PUM.Disabled.SecurityCenter" Registry infiziert

Ähnliche Themen: "PUM.Disabled.SecurityCenter" Registry infiziert