| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLLWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.07.2011, 09:10
| #14 |
 |  TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hallo Cosinus, anbei die gewünschten Daten. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:05:21 on 12.07.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\Windows\system32\BACSCPL.cpl "DMdm32.cpl" - ? - C:\Windows\system32\DMdm32.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\ms\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{3F6A8B78-EC003E00-05040104}) - "PC-Doctor, Inc." - C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {42B57B62-BC0A-47F0-A3E9-79D461D255A3} "MuVo Series Media Explorer" - "Creative Technology Ltd" - C:\Program Files\Creative\MuVo Series Media Explorer\CTMVNSu.Dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "BitDefender QuickScan Control" - "BitDefender LLC" - C:\Windows\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} "WMI Class" - ? - C:\Windows\system32\Dell\SYSTEM~1\SysPro.exe / hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "Exec" - ? - C:\Windows\bdoscandel.exe (File found, but it contains no detailed information) {CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {C0C86BBE-9509-4296-8459-FDBFDAF4B673} "SplitButtonBHO Class" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s "dellsupportcenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NVHotkey" - "NVIDIA Corporation" - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start "PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "AVSKey-Lock" (AvskeyService) - ? - C:\Program Files\AVSKey-Lock\AVSKey.exe (File found, but it contains no detailed information) "Creative Service for CDROM Access" (Creative Service for CDROM Access) - "Creative Technology Ltd" - C:\Windows\system32\CTsvcCDA.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "maxdome Download Manager" (Prosieben) - "Entriq, Inc." - C:\Program Files\maxdome\DCBin\DCService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "SupportSoft Sprocket Service (DellSupportCenter)" (sprtsvc_DellSupportCenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck, version 1.2.3(c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Inspiron 1720 Logical Drives Mask: 0x0000001c Kernel Drivers (total 160): 0x8201C000 \SystemRoot\system32\ntkrnlpa.exe 0x823D6000 \SystemRoot\system32\hal.dll 0x80603000 \SystemRoot\system32\kdcom.dll 0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8067A000 \SystemRoot\system32\PSHED.dll 0x8068B000 \SystemRoot\system32\BOOTVID.dll 0x80693000 \SystemRoot\system32\CLFS.SYS 0x806D4000 \SystemRoot\system32\CI.dll 0x82601000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8267D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8268A000 \SystemRoot\system32\drivers\acpi.sys 0x826D0000 \SystemRoot\system32\drivers\WMILIB.SYS 0x826D9000 \SystemRoot\system32\drivers\msisadrv.sys 0x826E1000 \SystemRoot\system32\drivers\pci.sys 0x82708000 \SystemRoot\System32\drivers\partmgr.sys 0x82717000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8271A000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82724000 \SystemRoot\system32\drivers\volmgr.sys 0x82733000 \SystemRoot\System32\drivers\volmgrx.sys 0x8277D000 \SystemRoot\system32\DRIVERS\intelide.sys 0x82784000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x82792000 \SystemRoot\system32\drivers\pciide.sys 0x82799000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B60C000 \SystemRoot\system32\drivers\iastorv.sys 0x8B6AC000 \SystemRoot\system32\drivers\iastor.sys 0x8B76A000 \SystemRoot\system32\drivers\atapi.sys 0x8B772000 \SystemRoot\system32\drivers\ataport.SYS 0x8B790000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B7C2000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B7D2000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8B80E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B87F000 \SystemRoot\system32\drivers\ndis.sys 0x8B98A000 \SystemRoot\system32\drivers\msrpc.sys 0x8B9B5000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BA0A000 \SystemRoot\System32\drivers\tcpip.sys 0x8BAF4000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BC04000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD14000 \SystemRoot\system32\drivers\volsnap.sys 0x8BD4D000 \SystemRoot\System32\Drivers\spldr.sys 0x8BD55000 \SystemRoot\System32\Drivers\mup.sys 0x8BD64000 \SystemRoot\System32\drivers\ecache.sys 0x8BD8B000 \SystemRoot\system32\drivers\disk.sys 0x8BD9C000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8BDBD000 \SystemRoot\system32\drivers\crcdisk.sys 0x8BDD3000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8BDDE000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8BDE7000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F80F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90240000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x90242000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x902E2000 \SystemRoot\System32\drivers\watchdog.sys 0x902EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x902F9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x90337000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90346000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x9040E000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x9063D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x9064D000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x9065D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x9066B000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x90685000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x90693000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x906A7000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x906F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9070B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x90737000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90742000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9074D000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x90766000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x9077E000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x90782000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x9078B000 \SystemRoot\system32\DRIVERS\avmaudio.sys 0x907A4000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x907AF000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x827A9000 \SystemRoot\system32\DRIVERS\storport.sys 0x907DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x907F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x903D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8F800000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8BBCD000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8BBE1000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8B9F0000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90400000 \SystemRoot\system32\DRIVERS\swenum.sys 0x807B4000 \SystemRoot\system32\DRIVERS\ks.sys 0x90402000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8B800000 \SystemRoot\system32\DRIVERS\umbus.sys 0x90A08000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x90A3D000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90A4E000 \SystemRoot\system32\drivers\stwrt.sys 0x90AA3000 \SystemRoot\system32\drivers\portcls.sys 0x90AD0000 \SystemRoot\system32\drivers\drmk.sys 0x90AF5000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x90C01000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x90D04000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x90DB8000 \SystemRoot\system32\drivers\modem.sys 0x90DC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90DCE000 \SystemRoot\System32\Drivers\Null.SYS 0x90DD5000 \SystemRoot\System32\Drivers\Beep.SYS 0x90DE5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90DEC000 \SystemRoot\System32\drivers\vga.sys 0x90B32000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90DF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90DDC000 \SystemRoot\system32\drivers\rdpencdd.sys 0x90B53000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90B5E000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90B6C000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x90B75000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90B8B000 \SystemRoot\system32\DRIVERS\smb.sys 0x90B9F000 \SystemRoot\system32\drivers\afd.sys 0x91202000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91234000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9124A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x91258000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9126B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x91271000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x912AD000 \SystemRoot\system32\drivers\nsiproxy.sys 0x912B7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x912C1000 \SystemRoot\System32\Drivers\dfsc.sys 0x912D8000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x91318000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91325000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x913E3000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x913FA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8BB0F000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys 0x913FC000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys 0x93A30000 \SystemRoot\System32\win32k.sys 0x912FF000 \SystemRoot\System32\drivers\Dxapi.sys 0x8BB49000 \SystemRoot\system32\DRIVERS\fwlanusbn.sys 0x91309000 \SystemRoot\system32\DRIVERS\monitor.sys 0x93C50000 \SystemRoot\System32\TSDDD.dll 0x93C70000 \SystemRoot\System32\cdd.dll 0x90BE7000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8B7DB000 \SystemRoot\system32\drivers\luafv.sys 0xA1A03000 \SystemRoot\system32\drivers\spsys.sys 0xA1AB3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA1AC3000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA1AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA1AF7000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA1B0A000 \SystemRoot\system32\drivers\HTTP.sys 0xA1B77000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA1B94000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA1BAD000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA1BC2000 \SystemRoot\system32\drivers\mrxdav.sys 0x807DE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA2E0A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA2E43000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA2E5B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA2E83000 \SystemRoot\System32\DRIVERS\srv.sys 0xA2EEA000 \SystemRoot\System32\Drivers\fastfat.SYS 0xA2F12000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA2F16000 \SystemRoot\system32\drivers\peauth.sys 0xA2FF4000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA2ED2000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA2EDE000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA1BE3000 \SystemRoot\system32\drivers\tdtcp.sys 0xA1BEE000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0xA4E0E000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xA4E7D000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA4E93000 \??\C:\Windows\system32\drivers\mbam.sys 0x778F0000 \Windows\System32\ntdll.dll Processes (total 81): 0 System Idle Process 4 System 492 C:\Windows\System32\smss.exe 624 csrss.exe 688 C:\Windows\System32\wininit.exe 700 csrss.exe 732 C:\Windows\System32\services.exe 748 C:\Windows\System32\lsass.exe 756 C:\Windows\System32\lsm.exe 908 C:\Windows\System32\svchost.exe 948 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 988 C:\Windows\System32\winlogon.exe 1024 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1152 C:\Windows\System32\nvvsvc.exe 1180 C:\Windows\System32\svchost.exe 1220 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\svchost.exe 1368 C:\Windows\System32\svchost.exe 1484 C:\Windows\System32\audiodg.exe 1520 C:\Windows\System32\svchost.exe 1536 C:\Windows\System32\SLsvc.exe 1604 C:\Windows\System32\svchost.exe 1744 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1764 C:\Windows\System32\nvvsvc.exe 1808 C:\Windows\System32\svchost.exe 2012 C:\Windows\System32\wlanext.exe 332 C:\Windows\System32\spoolsv.exe 428 C:\Program Files\Avira\AntiVir Desktop\sched.exe 512 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\AEstSrv.exe 1364 C:\Program Files\avmwlanstick\WLanNetService.exe 2052 C:\Program Files\AVSKey-Lock\AVSKey.EXE 2072 C:\Windows\System32\svchost.exe 2092 C:\Windows\System32\CTSVCCDA.EXE 2212 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 2276 C:\Windows\System32\svchost.exe 2308 C:\Program Files\maxdome\DCBin\DCService.exe 2416 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2444 C:\Windows\System32\stacsv.exe 2648 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 2668 C:\Windows\System32\svchost.exe 2704 C:\Windows\System32\svchost.exe 2740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2824 C:\Windows\System32\SearchIndexer.exe 2876 C:\Windows\System32\drivers\XAudio.exe 3416 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3436 C:\Windows\System32\taskeng.exe 3980 C:\Windows\System32\dwm.exe 4044 C:\Windows\explorer.exe 4060 C:\Windows\System32\taskeng.exe 3880 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 4076 C:\Program Files\DellTPad\Apoint.exe 3536 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3016 C:\Program Files\avmwlanstick\WLanGUI.exe 4028 C:\Windows\OEM02Mon.exe 2628 C:\Program Files\Dell\MediaDirect\PCMService.exe 1864 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1556 C:\Program Files\Dell Support Center\bin\sprtcmd.exe 2964 C:\Windows\ehome\ehtray.exe 3124 C:\Program Files\Windows Media Player\wmpnscfg.exe 2248 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 896 C:\Windows\ehome\ehmsas.exe 3900 C:\Program Files\Windows Media Player\wmpnetwk.exe 4448 C:\Program Files\DellTPad\ApMsgFwd.exe 4472 C:\Program Files\DellTPad\hidfind.exe 4480 C:\Program Files\DellTPad\ApntEx.exe 4576 C:\Windows\System32\svchost.exe 6068 C:\Windows\System32\svchost.exe 3172 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 3712 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 5756 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 5532 C:\Program Files\Internet Explorer\iexplore.exe 684 C:\Program Files\Internet Explorer\iexplore.exe 2228 C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe 5760 C:\Windows\System32\SearchProtocolHost.exe 4800 C:\Windows\System32\SearchFilterHost.exe 5700 dllhost.exe 5828 dllhost.exe 4984 C:\Users\ms\Desktop\MBRCheck.exe 5632 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT1, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
| Themen zu TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL |
| .dll, 32 bit, anti-malware, appdata, datei, dateien, ergebnis, excel, explorer, forum, gegenmaßnahmen, homebanking, internet, malwarebytes, maßnahme, microsoft, neu, nicht mehr, office, programme, quarantäne, rechner, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojan.avkiller.gen, trojan.dropper.pgen, trojaner, trojaner?, trojanische pferd, vista, vista 32, vista 32 bit |
Baum-Darstellung