Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner VB.AGJN in C:\aa.exe (https://www.trojaner-board.de/90020-trojaner-vb-agjn-c-aa-exe.html)

honigbrot 29.08.2010 21:30
Ok, ist gemacht.

Hier die gmer-log:

GMER Logfile:
Code:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-29 22:29:31
Windows 5.0.2195 Service Pack 4
Running: y19bnw8u.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pxtdypod.sys


---- Kernel code sections - GMER 1.0.15 ----

?              wbvr.sys                                                                                    Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW]          [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW]            [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress]          [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary]              [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA]            [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA]  [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW]  [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary]    [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW]    [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary]        [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]    [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW]    [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA]  [760B78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA]  [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW]  [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]    [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]    [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]  [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary]        [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW]    [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW]    [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary]    [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW]  [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]  [760B78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[1228] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----[/QUOTE]
--- --- ---
und hier der MBRCheck:

Zitat:
BRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 2000 Professional
Windows Information: Service Pack 4 (build 2195)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 109):
0x80400000 \WINNT\System32\ntoskrnl.exe
0x80062000 \WINNT\System32\hal.dll
0xED410000 \WINNT\System32\BOOTVID.dll
0xED000000 wbvr.sys
0xBFFD8000 ACPI.sys
0xED5C8000 \WINNT\System32\DRIVERS\WMILIB.SYS
0xED010000 pci.sys
0xED020000 isapnp.sys
0xED5C9000 pciide.sys
0xED280000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
0xED288000 MountMgr.sys
0xBFFBB000 ftdisk.sys
0xED500000 Diskperf.sys
0xED502000 dmload.sys
0xBFF99000 dmio.sys
0xED414000 PartMgr.sys
0xBFF83000 atapi.sys
0xED290000 disk.sys
0xED030000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
0xBFF61000 fltmgr.sys
0xED298000 PxHelp20.sys
0xBFF3E000 Fastfat.sys
0xBFF2C000 KSecDD.sys
0xBFF02000 NDIS.sys
0xBFEEC000 Mup.sys
0xED060000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xBFE16000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xED070000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xED2C0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xED2D0000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xED2E0000 \SystemRoot\System32\DRIVERS\fdc.sys
0xED080000 \SystemRoot\System32\DRIVERS\serial.sys
0xED484000 \SystemRoot\System32\DRIVERS\serenum.sys
0xED2F8000 \SystemRoot\System32\DRIVERS\parport.sys
0xED48C000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xBFDD1000 \SystemRoot\system32\drivers\KS.SYS
0xBFDF1000 \SystemRoot\system32\drivers\portcls.sys
0xED5DF000 \SystemRoot\system32\drivers\msmpu401.sys
0xED330000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xED318000 \SystemRoot\System32\DRIVERS\openhci.sys
0xED090000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
0xED348000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xED358000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xED0A0000 \SystemRoot\system32\drivers\sis7012.sys
0xED0B0000 \SystemRoot\System32\DRIVERS\rksample.sys
0xBFD6A000 \SystemRoot\System32\DRIVERS\winachsf.sys
0xED380000 \SystemRoot\System32\Drivers\Modem.SYS
0xED5ED000 \SystemRoot\System32\DRIVERS\audstub.sys
0xED0C0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xED49C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xBFD53000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xED4AC000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xED0D0000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xED3B0000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xED3C0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xED0E0000 \SystemRoot\System32\DRIVERS\parallel.sys
0xED5F7000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBFD00000 \SystemRoot\System32\DRIVERS\update.sys
0xED3D8000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xED110000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xED4B8000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xED130000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xED3E8000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xED514000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xED604000 \SystemRoot\System32\Drivers\Null.SYS
0xED606000 \SystemRoot\System32\Drivers\Beep.SYS
0xED4D4000 \SystemRoot\System32\drivers\vga.sys
0xED609000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xED408000 \SystemRoot\System32\Drivers\Msfs.SYS
0xED140000 \SystemRoot\System32\Drivers\Npfs.SYS
0xED51C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBEC91000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xED150000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xED2B8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBEBB7000 \SystemRoot\System32\Drivers\avgtdix.sys
0xBEB8C000 \SystemRoot\System32\DRIVERS\netbt.sys
0xED160000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBEB62000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xBEAC2000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xED2E8000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xBEA8E000 \SystemRoot\System32\Drivers\avgldx86.sys
0xED638000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBEA78000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA0000000 \??\C:\WINNT\system32\win32k.sys
0xBC86A000 \SystemRoot\System32\nv4_disp.dll
0xBC4B3000 \SystemRoot\System32\drivers\afd.sys
0xED308000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xED2D8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xED53C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBC440000 \SystemRoot\System32\DRIVERS\amosnt.sys
0xED540000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xBEC01000 \SystemRoot\System32\DRIVERS\basic2.sys
0xBC3FA000 \SystemRoot\System32\DRIVERS\fallback.sys
0xED190000 \SystemRoot\System32\Drivers\Fips.SYS
0xBC343000 \SystemRoot\System32\DRIVERS\fsksnt.sys
0xBC331000 \SystemRoot\system32\drivers\wdmaud.sys
0xBC2AA000 \SystemRoot\System32\DRIVERS\k56nt.sys
0xBC581000 \SystemRoot\system32\drivers\sysaudio.sys
0xBC111000 \SystemRoot\System32\DRIVERS\faxnt.sys
0xBC0D3000 \SystemRoot\System32\DRIVERS\srv.sys
0xBC3AA000 \SystemRoot\System32\DRIVERS\tonesnt.sys
0xBBFEE000 \SystemRoot\System32\DRIVERS\v124nt.sys
0xBC36A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBBD0D000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBBC59000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBB862000 \??\C:\DOKUME~1\***\LOKALE~1\Temp\pxtdypod.sys
0xBB83D000 \SystemRoot\system32\drivers\kmixer.sys
0xED3F8000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0x77880000 \WINNT\System32\ntdll.dll

Processes (total 29):
0 System Idle Process
8 System
144 \SystemRoot\System32\smss.exe
172 csrss.exe
168 \??\C:\WINNT\system32\winlogon.exe
220 C:\WINNT\system32\services.exe
232 C:\WINNT\system32\lsass.exe
412 C:\WINNT\system32\svchost.exe
436 C:\WINNT\system32\spoolsv.exe
464 C:\Programme\AVG\AVG9\avgwdsvc.exe
484 C:\WINNT\System32\svchost.exe
512 C:\Programme\Java\jre6\bin\jqs.exe
568 C:\WINNT\system32\regsvc.exe
684 C:\Programme\AVG\AVG9\avgnsx.exe
780 C:\WINNT\system32\stisvc.exe
868 C:\WINNT\System32\WBEM\WinMgmt.exe
916 C:\WINNT\System32\mspmspsv.exe
928 C:\WINNT\system32\svchost.exe
1268 C:\Programme\AVG\AVG9\avgchsvx.exe
1276 C:\Programme\AVG\AVG9\avgrsx.exe
1344 C:\Programme\AVG\AVG9\avgcsrvx.exe
1228 C:\WINNT\Explorer.EXE
1716 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1744 C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
1748 C:\PROGRA~1\AVG\AVG9\avgtray.exe
840 C:\WINNT\system32\internat.exe
1828 C:\Programme\Rainlendar\Rainlendar.exe
1704 C:\Programme\Mozilla Firefox\firefox.exe
492 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe

WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000002`7116f400 (FAT32)

PhysicalDrive0 Model Number: IC35L040AVVA07-0, Rev: VA2OA52A

Size Device Name MBR Status
--------------------------------------------
38 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F0D1E7BBDB86653AE096A20454A3BB8450519069


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
was meinst du?

MFG honig

cosinus 29.08.2010 22:16
Oh, Windows 2000 wird garnicht mehr unterstützt :stirn:

Hast Du eine Windows-2000-CD griffbereit da liegen? Ohne die wirds sehr schwierig den MBR zu fixen.

honigbrot 30.08.2010 07:28
Hm, da müsst ich mal schauen. Watt muss denn beim MBR gefixed werden?

Ne alte XP-CD hätt ich noch rumliegen. Ist nur die Frage, ob die auch auf dem alten Rechner läuft.

grüsse honig

cosinus 30.08.2010 13:37
Naja, das Problem ist, dass in letzter Zeit die Schädlinge massiv den MBR vergewaltigen. Dazu muss man dann einen neuen schreiben, geht unter Windows 2000 und XP nur mit der Recovery-Konsole. Dazu braucht man aber idR die Windows-CD für. Eine Windows-XP-CD müsste auch für Windows 2000 gehen.

Starte davon den Windows2000 Rechner mal. Im ersten Menü R für Wiederherstellungskonsole drücken. Ist Kommandozeilen basiert. Da musst Du die Befehle fixmbr eintippen (danach Enter) anschließend fixboot (und wieder Enter) - beide Warnungen mit j bestätigen. Da passiert kein Datenverlust, auch wenn Die Warnung da kommt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:33 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131