| kallstrakt | 23.06.2011 14:48 |
Hier schon mal das GMER-Log: Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-23 15:46:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3300822AS rev.3.AAE
Running: nyh7fq60.exe; Driver: C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwliakod.sys
---- System - GMER 1.0.15 ----
Code \??\C:\cofi.exe\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5C05000, 0x267537, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\litsgt.sys section is writeable [0xAB3B8300, 0x1F510, 0xE8000020]
? C:\cofi.exe\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\a-squared Free\a2service.exe[1972] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00454DF5 C:\Programme\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011e2fe67a5
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011e2fe67a5 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 5F3A16CE505345FA95B9B2AAB04B3D775DEAD813B488220AA1F3D3FB8FC9BC4D29461AA1AAEEF8C804B50BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6171C11EC38DE3DBA7FD869164D6794F039F21284D5E3F868026A0DE7C956BB561E5D8688A83207DD1C23EB4BC9E4D7DA7C12BCA4E0082017FD8C649FFA050496C3215BE8C434E5F0C2B59C76211444BF814C6B3A1890E214A9CB66DE84DA4B02685D6BA32B4E96C020E24D3403650CCB666EDA276CC589A4D6522CF39E4FC79AB1BF4F0D78495B244EF7368410141FCE59857E35A6F2D2B1E891880F54DF227ED8B9D3629D74EC97FB07BDC83FDEE03D2066FC916068ED495C3D7BC5860DF9F42D7FF941DE2173B6EE65834A58072B2E922830CA88F8809A3B4EBF13665B6167110BF52BD62410C77BAF58B27AD4485E9D252757E1FC24FBA87FBE547F525DE37A983107EFD756AE0FC0C1139691F8AC40FCA48D03506564D9D119C82A80689CF2AA479F6C99CAF827BD78DCF30D719D0F121FAB58D1C4F2968A219797F5EF681A8508A3E0CB6A53D88BEBE92B99D9D9B38BBF511E64B8E6BEAF5FC84CC6573FA2B2F8A33652A4134A53BD742A8DCD2B68D66781E8F229A6C00F10CA1E0C73C0D0FDD29728195A2D3705409BB2C2DC04FEA027A
---- EOF - GMER 1.0.15 ----
Editierung: Und hier OSAM Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:53:01 on 23.06.2011
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File found, but it contains no detailed information)
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"DIRECTX.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\DIRECTX.CPL
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AMD-Prozessortreiber" (AmdK8) - "Advanced Micro Devices" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys
"ASInsHelp" (ASInsHelp) - ? - C:\WINDOWS\system32\drivers\AsInsHelp32.sys (File found, but it contains no detailed information)
"AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys (File found, but it contains no detailed information)
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"ATK0110 ACPI UTILITY" (MTsensor) - ? - C:\WINDOWS\System32\DRIVERS\ASACPI.sys
"BRGSp50 NDIS Protocol Driver" (BRGSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\BRGSp50.sys
"catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information)
"hwpsgt" (hwpsgt) - ? - C:\WINDOWS\System32\DRIVERS\hwpsgt.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"iMSPQMn" (iMSPQMn) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\iMSPQMn.sys (File not found)
"kwliakod" (kwliakod) - ? - C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwliakod.sys (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lemsgt" (lemsgt) - ? - C:\WINDOWS\System32\DRIVERS\lemsgt.sys (File found, but it contains no detailed information)
"litsgt" (litsgt) - ? - C:\WINDOWS\System32\DRIVERS\litsgt.sys (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\cofi.exe\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"NVIDIA Network Bus Enumerator" (nvnetbus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvnetbus.sys
"NVIDIA nForce Networking Controller Driver" (NVENETFD) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\NVENETFD.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SCR33X USB Smart Card Reader" (SCR33X USB Smart Card Reader) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\SCR33X2K.sys
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"tansgt" (tansgt) - ? - C:\WINDOWS\System32\DRIVERS\tansgt.sys (File found, but it contains no detailed information)
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys
"ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)" (ZD1211U(ZyDAS)) - "ZyDAS Technology Corporation" - C:\WINDOWS\System32\DRIVERS\zd1211u.sys
"ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)" (ZD1211BU(ZyDAS)) - "ZyDAS Technology Corporation" - C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8EF5DC20-419C-4E43-A088-DE5B5625CA47} "CDR Column Provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{A155339D-CCCD-4714-85EB-3754B804C9DF} "a-squared Free Shell Extension" - "Emsi Software GmbH" - C:\Programme\a-squared Free\a2freecontmenu.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{F9633464-9E18-4C06-9D3A-E131C036A9FA} "CDR Property Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{7DDDBFE0-09C4-4680-9E13-8CE7D00EDE57} "CDR Property Sheet" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{7DDDBFE2-09C4-4680-9E13-8CE7D00EDE57} "CMX Property Sheet" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{F9633465-9E18-4C06-9D3A-E131C036A9FA} "CPT Property Handler" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{7DDDBFE1-09C4-4680-9E13-8CE7D00EDE57} "CPT Property Sheet" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{724D43A0-0D85-11D4-9908-00400523E39A}" - ? - (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll
"Messenger" - ? - C:\Programme\Messenger\msmsgs.exe (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\sebastian\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AntivirusRegistration" - ? - C:\Programme\CA\Etrust Antivirus\Register.exe (File found, but it contains no detailed information)
"CHotkey" - ? - mHotkey.exe
"ledpointer" - "Chicony" - CNYHKey.exe
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"a-squared Free Service" (a2free) - "Emsi Software GmbH" - C:\Programme\a-squared Free\a2service.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"InstallDriver Table Manager" (IDriverT) - ? - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" (File not found)
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Thomas Olesch" - C:\WINDOWS\Snow3.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und schließlich MBR-Check Code:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007bc
Kernel Drivers (total 154):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7357000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7346000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7327000 ftdisk.sys
0xF798B000 dmload.sys
0xF7301000 dmio.sys
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72E9000 atapi.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72C9000 fltmgr.sys
0xF72B7000 sr.sys
0xF74F7000 PxHelp20.sys
0xF72A0000 KSecDD.sys
0xF7213000 Ntfs.sys
0xF71E6000 NDIS.sys
0xF7507000 Combo-Fix.sys
0xF798D000 speedfan.sys
0xF71CC000 Mup.sys
0xF7A50000 giveio.sys
0xF7537000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7607000 \SystemRoot\system32\DRIVERS\processr.sys
0xF782F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF675B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7837000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF63BA000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6396000 \SystemRoot\system32\drivers\portcls.sys
0xF7617000 \SystemRoot\system32\drivers\drmk.sys
0xF6373000 \SystemRoot\system32\drivers\ks.sys
0xF7627000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7637000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7647000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF62F7000 \SystemRoot\system32\drivers\hcw88vid.sys
0xF7657000 \SystemRoot\system32\drivers\STREAM.SYS
0xF718A000 \SystemRoot\system32\drivers\hcw88aud.sys
0xF62AD000 \SystemRoot\system32\drivers\hcw88tse.sys
0xF61CA000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF783F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7186000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF618A000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6157000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF5C04000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5BF0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5BC8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF79C7000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7172000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5BB4000 \SystemRoot\system32\DRIVERS\parport.sys
0xF79C9000 \SystemRoot\System32\Drivers\x10hid.sys
0xF76D7000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF7877000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xF7A51000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF716E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5B9D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF680F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF787F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5B8C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF67FF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7887000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF788F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5B5C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF67EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF774F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7757000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5AFE000 \SystemRoot\system32\DRIVERS\update.sys
0xF694B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF67DF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79CD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF67CF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF679F000 \SystemRoot\system32\drivers\HCW88BAR.sys
0xF4A6C000 \SystemRoot\system32\drivers\hcw88tun.sys
0xF4A46000 \SystemRoot\system32\drivers\hcw88bda.sys
0xF7937000 \SystemRoot\system32\drivers\BdaSup.SYS
0xF793F000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF678F000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF79D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AAB000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7AAC000 \SystemRoot\system32\drivers\papycpu.sys
0xF7AAD000 \SystemRoot\system32\drivers\papyjoy.sys
0xF7787000 \SystemRoot\System32\drivers\vga.sys
0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7973000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE77B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE722000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE6FA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE6D8000 \SystemRoot\System32\drivers\afd.sys
0xF7587000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE6AD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE615000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE5EF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF79DB000 \SystemRoot\system32\drivers\AsIO.sys
0xAE5CB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF5AF6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF75F7000 \SystemRoot\System32\Drivers\IMT0521.sys
0xF5AF2000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF5AE6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE4EB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF423E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77AF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B2E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF10B000 \SystemRoot\System32\atikvmag.dll
0xBF1B1000 \SystemRoot\System32\atiok3x2.dll
0xBF216000 \SystemRoot\System32\ati3duag.dll
0xBF9C6000 \SystemRoot\System32\ativvaxx.dll
0xBF5CF000 \SystemRoot\System32\ATMFD.DLL
0xAB9D6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB64D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A63000 \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys
0xAB75A000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xAB51C000 \SystemRoot\System32\Drivers\HTTP.sys
0xAB4FA000 \SystemRoot\system32\DRIVERS\hwpsgt.sys
0xAB836000 \SystemRoot\system32\DRIVERS\lemsgt.sys
0xAB3DA000 \SystemRoot\system32\DRIVERS\srv.sys
0xAB3B8000 \SystemRoot\system32\DRIVERS\litsgt.sys
0xAB482000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAB3B0000 \SystemRoot\system32\DRIVERS\tansgt.sys
0xAB178000 \SystemRoot\system32\drivers\wdmaud.sys
0xAB278000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79ED000 \SystemRoot\system32\drivers\MSPQM.sys
0xAABEB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF776F000 \??\C:\cofi.exe\catchme.sys
0xF79DD000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA9D9C000 \??\C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\kwliakod.sys
0xA9D71000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 37):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
664 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\ati2evxx.exe
936 C:\WINDOWS\system32\svchost.exe
1008 svchost.exe
1100 C:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1332 svchost.exe
1404 C:\WINDOWS\system32\ati2evxx.exe
1508 C:\WINDOWS\system32\spoolsv.exe
1940 svchost.exe
1972 C:\Programme\a-squared Free\a2service.exe
2032 svchost.exe
160 C:\WINDOWS\ehome\ehrecvr.exe
172 C:\WINDOWS\ehome\ehSched.exe
264 C:\Programme\Java\jre6\bin\jqs.exe
336 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
352 ehrec.exe
500 C:\Programme\CyberLink\Shared Files\RichVideo.exe
624 svchost.exe
644 C:\WINDOWS\system32\svchost.exe
1836 C:\Programme\Common Files\X10\Common\X10nets.exe
1856 mcrdsvc.exe
2332 alg.exe
3244 C:\WINDOWS\ehome\ehtray.exe
3272 C:\WINDOWS\mHotkey.exe
3288 C:\WINDOWS\CNYHKey.exe
3304 C:\WINDOWS\sm56hlpr.exe
3412 C:\WINDOWS\system32\svchost.exe
3536 C:\WINDOWS\ehome\ehmsas.exe
1280 C:\WINDOWS\explorer.exe
2868 C:\Dokumente und Einstellungen\sebastian\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000044`3d1e6000 (FAT32)
PhysicalDrive0 Model Number: ST3300822AS, Rev: 3.AAE
Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
