Okay hat alles geklappt. Nach MBRCheck hatte ich aber erstmal einen BLueScreen und ich hab den PC neu gestartet. Zweimal kam dann die Mledung von einem Disk Boot Fehler oder so. Jetzt gehts wieder und hier sind die logs: Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-24 06:30:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000081 Maxtor_6V160E0 rev.VA111630
Running: ddosccpb.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgryraod.sys
---- System - GMER 1.0.15 ----
SSDT AD62A616 ZwCreateKey
SSDT AD62A60C ZwCreateThread
SSDT AD62A61B ZwDeleteKey
SSDT AD62A625 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xB9ED684E]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEE]
SSDT AD62A62A ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xB9ED1090]
SSDT AD62A5F8 ZwOpenProcess
SSDT AD62A5FD ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xB9ED6CC6]
SSDT sptd.sys ZwQueryValueKey [0xB9ED6B46]
SSDT AD62A634 ZwReplaceKey
SSDT AD62A62F ZwRestoreKey
SSDT AD62A620 ZwSetValueKey
Code \??\C:\WINDOWS\system32\drivers\hidev4iu.sys (Button Miniport Driver for Input Devices/Bluw (Hong Kong) Limited) ZwResumeThread [0xB1A36DF4]
Code \??\C:\cofi\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwResumeThread 805CAD9E 7 Bytes JMP B1A36DF8 \??\C:\WINDOWS\system32\drivers\hidev4iu.sys (Button Miniport Driver for Input Devices/Bluw (Hong Kong) Limited)
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload B90D48AC 5 Bytes JMP 8A18D960
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB81BF360, 0x35483F, 0xE8000020]
? System32\Drivers\afhsxx47.SYS Das System kann den angegebenen Pfad nicht finden. !
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xAC3B1480, 0x306DD, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xABE4B300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB2F1E300, 0x1B7E, 0xE8000020]
? C:\cofi\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? System32\Drivers\hiber_WMILIB.SYS Das System kann den angegebenen Pfad nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED1ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED1C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED1B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED272E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED2604] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A75C1D8
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
Device \FileSystem\Udfs \UdfsCdRom 890AE1D8
Device \FileSystem\Udfs \UdfsDisk 890AE1D8
Device \Driver\usbohci \Device\USBPDO-0 8A1981D8
Device \Driver\usbehci \Device\USBPDO-1 8A196980
Device \Driver\NetBT \Device\NetBT_Tcpip_{7151162D-3C17-4452-8699-F0E9D51FD52E} 89174980
Device \Driver\prodrv06 \Device\ProDrv06 E20A13A0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A75F1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{75A194B9-F09B-4C88-B646-84BD1CC42606} 89174980
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A75F1D8
Device \Driver\Cdrom \Device\CdRom0 8A622578
Device \Driver\NetBT \Device\NetBT_Tcpip_{CE66EAE0-5428-4023-934B-1AEE0F3C7763} 89174980
Device \Driver\Cdrom \Device\CdRom1 8A622578
Device \Driver\Cdrom \Device\CdRom2 8A622578
Device \Driver\nvatabus \Device\00000081 8A75E1D8
Device \Driver\nvatabus \Device\00000081 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E101CF60
Device \Driver\NetBT \Device\NetBt_Wins_Export 89174980
Device \Driver\NetBT \Device\NetbiosSmb 89174980
Device \Driver\00000045 \Device\0000005e sptd.sys
Device \Driver\usbohci \Device\USBFDO-0 8A1981D8
Device \Driver\nvatabus \Device\NvAta0 8A75E1D8
Device \Driver\nvatabus \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbehci \Device\USBFDO-1 8A196980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8911F1D8
Device \Driver\nvatabus \Device\NvAta1 8A75E1D8
Device \Driver\nvatabus \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvatabus \Device\NvAta2 8A75E1D8
Device \Driver\nvatabus \Device\NvAta2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8911F1D8
Device \Driver\Ftdisk \Device\FtControl 8A75F1D8
Device \Driver\nvatabus \Device\0000007e 8A75E1D8
Device \Driver\nvatabus \Device\0000007e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvatabus \Device\0000007f 8A75E1D8
Device \Driver\nvatabus \Device\0000007f prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471 8A144980
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 8A6F11D8
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path2Target10Lun0 8A6F11D8
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path2Target10Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471Port4Path0Target0Lun0 8A144980
Device \Driver\afhsxx47 \Device\Scsi\afhsxx471Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 88FA51D8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xD6 0x93 0xA3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0xE4 0xDF 0x58 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x42 0x0D 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1282968998
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -664695999
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x23 0x1D 0x49 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0xDD 0x7B 0x2B ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xF7 0xA6 0x93 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4C 0x4D 0x90 0x44 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x80 0x23 0x1D 0x49 ...
---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 06:40:20 on 24.03.2011
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-839522115-1003Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-839522115-1003UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found)
"Pando" - "Pando Networks" - D:\Programme\Pando Networks\Media Booster\PMB.cpl
"PavCPL" - ? - C:\WINDOWS\system32\pavcpl.cpl (File not found)
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys
"afhsxx47" (afhsxx47) - ? - C:\WINDOWS\system32\drivers\afhsxx47.sys (Hidden registry entry, rootkit activity | File not found)
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM ADSL Adapter Device" (aadev) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\aadev.sys
"AVM FRITZ!web DSL PPP" (NETFWDSL) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFWDSL.SYS
"AVM PPP over Ethernet" (NETDSL) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\netdsl.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"cdiskdun" (cdiskdun) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\cdiskdun.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"dtscsi" (dtscsi) - ? - C:\WINDOWS\System32\Drivers\dtscsi.sys (File not found)
"GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"hidev4iu" (hidev4iu) - "Bluw (Hong Kong) Limited" - C:\WINDOWS\system32\drivers\hidev4iu.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"kgryraod" (kgryraod) - ? - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgryraod.sys (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
"mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys
"RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - C:\WINDOWS\System32\DRIVERS\rrnetcap.sys
"Sony Ericsson 750 driver (WDM)" (k750bus) - ? - C:\WINDOWS\System32\DRIVERS\k750bus.sys (File not found)
"Sony Ericsson 750 USB WMC Device Management Drivers" (k750mgmt) - ? - C:\WINDOWS\System32\DRIVERS\k750mgmt.sys (File not found)
"Sony Ericsson 750 USB WMC Modem Drivers" (k750mdm) - ? - C:\WINDOWS\System32\DRIVERS\k750mdm.sys (File not found)
"Sony Ericsson 750 USB WMC Modem Filter" (k750mdfl) - ? - C:\WINDOWS\System32\DRIVERS\k750mdfl.sys (File not found)
"Sony Ericsson 750 USB WMC OBEX Interface Drivers" (k750obex) - ? - C:\WINDOWS\System32\DRIVERS\k750obex.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information)
"TerraCam USB PRO" (OM518P) - ? - C:\WINDOWS\System32\Drivers\om518vid.sys (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://blog.visuellegedanken.de/images/2007_04_09_zwerg_wallpaper_1280_1024.jpg (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{7790769C-0471-11d2-AF11-00C04FA35D02} "Adressbuch 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install (File not found)
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Outlook Express 6" - ? - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install (File not found)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
"ImageResizer Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found)
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "ShellPlusContextMenu" - ? - (File not found | COM-object registry key not found)
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - D:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{2F860D82-AF3C-11D4-BDB3-00E0987D8540} "UltimateZip Drag Drop Handler" - ? - (File not found | COM-object registry key not found)
{2F860D81-AF3C-11D4-BDB3-00E0987D8540} "UltimateZip Shell Extension" - ? - (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found)
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{70DE7956-479D-4EB7-8641-2B45774C350E}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found)
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
"ICQ7.1" - "ICQ, LLC." - D:\Programme\ICQ7.1\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Anleitung.exe" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Keyboard driver " - ? - D:\Programme\Keyboard Driver\Keyboard Driver\ikeymain.exe (File found, but it contains no detailed information)
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"NVRTCLK" - ? - C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Lexmark Print-2-Fax Port" - ? - C:\WINDOWS\system32\LXPRMON.DLL (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"Apache2" (Apache2) - ? - "C:\Dokumente und Einstellungen\Besitzer\Desktop\dslan_v1.3\dslan_v1.3\apache\bin\apache.exe" -k runservice (File not found)
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - D:\Programme\xampp\apache\bin\apache.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
"ICQ Service" (ICQ Service) - ? - D:\Programme\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jqs.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - D:\Programme\LogMeIn Hamachi\hamachi-2.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - d:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\MA2_6.scr (File found, but it contains no detailed information)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d
Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9ED0000 sptd.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9EB8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E89000 ACPI.sys
0xB9E78000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9E59000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 sfsync02.sys
0xBA0F8000 VolSnap.sys
0xB9E41000 atapi.sys
0xB9E2C000 nvatabus.sys
0xB9DFF000 Si3114r5.sys
0xB9DEA000 SI3114.sys
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DCA000 fltmgr.sys
0xB9DB8000 sr.sys
0xBA4BC000 SiWinAcc.sys
0xBA128000 PxHelp20.sys
0xB9DA1000 KSecDD.sys
0xB9D14000 Ntfs.sys
0xB9CE7000 NDIS.sys
0xBA5AC000 SiRemFil.sys
0xB9CD4000 sfvfs02.sys
0xBA338000 sfhlp02.sys
0xBA5AE000 sfhlp01.sys
0xB9CC2000 sfdrv01.sys
0xBA5B0000 prosync1.sys
0xBA138000 prohlp02.sys
0xB9CA8000 Mup.sys
0xBA168000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA248000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB90BC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8A7D000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB89A0000 \SystemRoot\system32\drivers\portcls.sys
0xBA298000 \SystemRoot\system32\drivers\drmk.sys
0xB88BC000 \SystemRoot\system32\drivers\ks.sys
0xB9690000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9680000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9670000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB87C3000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB81BF000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB81AB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8161000 \SystemRoot\System32\Drivers\afhsxx47.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA318000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\irsir.sys
0xBA584000 \SystemRoot\system32\DRIVERS\irenum.sys
0xB814D000 \SystemRoot\system32\DRIVERS\parport.sys
0xB80F1000 \SystemRoot\system32\DRIVERS\NETFWDSL.SYS
0xBA178000 \SystemRoot\system32\drivers\tbhsd.sys
0xBA7D2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA458000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C84000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB80DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB80C9000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA350000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA368000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA390000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB72C9000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C64000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB74D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA62E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB2E46000 \SystemRoot\System32\Drivers\Null.SYS
0xBA630000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA632000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA634000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA408000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB905A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1C18000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1BBF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1B97000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9052000 \SystemRoot\system32\DRIVERS\netdsl.sys
0xB1B6B000 \SystemRoot\System32\drivers\afd.sys
0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA410000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB1B40000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1B05000 \SystemRoot\System32\drivers\prodrv06.sys
0xB1A95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1A30000 \??\C:\WINDOWS\system32\drivers\hidev4iu.sys
0xBA258000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1A0A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA278000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB19E4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xADA2C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA636000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
0xADE09000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xADB79000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD45C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xADC37000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xADC33000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xACAF4000 \SystemRoot\System32\Drivers\Udfs.SYS
0xACADF000 \SystemRoot\System32\Drivers\dump_nvatabus.sys
0xBA640000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xADC17000 \SystemRoot\System32\drivers\Dxapi.sys
0xAD9F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA69B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF5F9000 \SystemRoot\System32\ATMFD.DLL
0xAC8CA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAC8B4000 \SystemRoot\system32\DRIVERS\irda.sys
0xB49EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC7BF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAC782000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7DAD000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA622000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAD15A000 \SystemRoot\System32\DRIVERS\aadev.sys
0xAC369000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xABE4B000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB2F1E000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xABDF3000 \SystemRoot\system32\DRIVERS\srv.sys
0xACEB2000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAB59B000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB583000 \SystemRoot\System32\Drivers\GVCplDrv.SYS
0xB1649000 \??\C:\cofi\catchme.sys
0xB1241000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA620000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA2041000 \??\C:\DOKUME~1\Besitzer\LOKALE~1\Temp\kgryraod.sys
0xA2016000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 38):
0 System Idle Process
4 System
1176 C:\WINDOWS\system32\smss.exe
1280 csrss.exe
1304 C:\WINDOWS\system32\winlogon.exe
1356 C:\WINDOWS\system32\services.exe
1368 C:\WINDOWS\system32\lsass.exe
1560 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
456 C:\WINDOWS\system32\svchost.exe
532 svchost.exe
688 svchost.exe
1124 C:\WINDOWS\system32\LEXBCES.EXE
584 C:\WINDOWS\system32\spoolsv.exe
160 C:\WINDOWS\system32\LEXPPS.EXE
1284 D:\Programme\Avira\AntiVir Desktop\sched.exe
1680 svchost.exe
1952 D:\Programme\Avira\AntiVir Desktop\avguard.exe
896 D:\Programme\xampp\apache\bin\apache.exe
1888 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
1600 D:\Programme\LogMeIn Hamachi\hamachi-2.exe
2024 D:\Programme\ICQ6Toolbar\ICQ Service.exe
1072 D:\Programme\Java\jre6\bin\jqs.exe
1732 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2292 C:\WINDOWS\system32\nvsvc32.exe
2460 C:\WINDOWS\system32\PnkBstrA.exe
2612 D:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
3096 C:\WINDOWS\system32\svchost.exe
3840 D:\Programme\xampp\apache\bin\apache.exe
3820 alg.exe
3612 C:\WINDOWS\system32\svchost.exe
8080 C:\WINDOWS\explorer.exe
7296 D:\Programme\TortoiseSVN\bin\TSVNCache.exe
1444 C:\Dokumente und Einstellungen\Besitzer\Desktop\ddosccpb.exe
7056 D:\Programme\Mozilla Firefox\firefox.exe
4920 D:\Programme\Mozilla Firefox\plugin-container.exe
7836 C:\WINDOWS\system32\notepad.exe
5772 C:\Dokumente und Einstellungen\Besitzer\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
PhysicalDrive0 Model Number: Maxtor6V160E0, Rev: VA111630
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0
|
