| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir-Fund: (1) lpl.exe auf USB-Stick = WORM/Autorun.bqls (2) Prozess: ApplicationUpdater.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.12.2010, 21:49
| #12 | |
 |  Antivir-Fund: (1) lpl.exe auf USB-Stick = WORM/Autorun.bqls (2) Prozess: ApplicationUpdater.exeZitat:
GMER Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-28 21:34:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00ETA0 rev.77.07W77
Running: 54fcvcio.exe; Driver: D:\DOKUME~1\Jens\LOKALE~1\Temp\awacakod.sys
---- System - GMER 1.0.15 ----
Code \??\D:\DOKUME~1\Zensiert\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
init D:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF757EB8D]
.text D:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB790E000, 0x1C5D38, 0xE8000020]
? D:\DOKUME~1\Jens\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? D:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:46:13 on 28.12.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AudioHQU.cpl" - "Creative Technology Ltd." - D:\WINDOWS\system32\AudioHQU.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - D:\WINDOWS\system32\DivXControlPanelApplet.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - ? - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) "NokiaConnectionManager" - "Nokia" - E:\01_REC~1\01_PRO~1\03_OFF~1\Nokia\NOKIAP~1\CONNEC~1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ati2mtag" (ati2mtag) - "ATI Technologies Inc." - D:\WINDOWS\System32\DRIVERS\ati2mtag.sys "awacakod" (awacakod) - ? - D:\DOKUME~1\Zensiert\LOKALE~1\Temp\awacakod.sys (Hidden registry entry, rootkit activity | File not found) "BrPar" (BrPar) - "Brother Industries Ltd." - D:\WINDOWS\System32\drivers\BrPar.sys "catchme" (catchme) - ? - D:\DOKUME~1\Zensiert\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - D:\DOKUME~1\Zensiert\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - D:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - E:\01_Rechner\01_Programme\03_Office\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - D:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - D:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - D:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - D:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - D:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "AutoStart IR.lnk" - "Hauppauge Computer Works" - E:\01_Rechner\01_Programme\02_Multimedia\WinTV\Ir.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - D:\Dokumente und Einstellungen\Zensiert\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "BrStsWnd.exe" - "brother" - D:\Programme\Brownie\BrStsWnd.exe WindowsStartUpModel [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\mdimon.dll "PDFCreator" - ? - D:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AAV UpdateService" (AAV UpdateService) - ? - E:\01_Rechner\01_Programme\03_Office\Steuer\AAVUpdateManager\aavus.exe "Application Updater" (Application Updater) - "Spigot, Inc." - D:\Programme\Application Updater\ApplicationUpdater.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - D:\WINDOWS\system32\Ati2evxx.exe "ATI Smart" (ATI Smart) - ? - D:\WINDOWS\system32\ati2sgag.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jqs.exe "Office Source Engine" (ose) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - D:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "RichiStudios Shutdown" (RSShutdown) - "RichiStudios" - E:\01_Rechner\01_Programme\02_Multimedia\shutdown\service.exe "ServiceLayer" (ServiceLayer) - "Nokia" - D:\Programme\PC Connectivity Solution\ServiceLayer.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AtiExtEvent" - "ATI Technologies Inc." - D:\WINDOWS\system32\Ati2evxx.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001bd
Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D7000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B1000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF7499000 atapi.sys
0xF747F000 SI3112r.sys
0xF7467000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7447000 fltmgr.sys
0xF7435000 sr.sys
0xF789B000 SiWinAcc.sys
0xF741E000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF786A000 NDIS.sys
0xF7717000 nv_agp.sys
0xF7404000 Mup.sys
0xBA748000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7586000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF7807000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9994000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB997D000 \SystemRoot\system32\DRIVERS\NVENET.sys
0xF7576000 \SystemRoot\system32\drivers\nvax.sys
0xB9905000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB98E1000 \SystemRoot\system32\drivers\portcls.sys
0xF7566000 \SystemRoot\system32\drivers\drmk.sys
0xB98BE000 \SystemRoot\system32\drivers\ks.sys
0xB98A5000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF79B1000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xBA7EC000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7536000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7526000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7516000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB790D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB787B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF777F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF74F6000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7E4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB7867000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7AB3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA7C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7850000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA7A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA798000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB99F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB77A5000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA788000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB99E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB99E0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7725000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA758000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB99D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB99C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7670000 \SystemRoot\system32\DRIVERS\update.sys
0xBA720000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7687000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79C9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76B7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB60F8000 \SystemRoot\system32\drivers\nvapu.sys
0xB600D000 \SystemRoot\system32\drivers\nvmcp.sys
0xB5FFC000 \SystemRoot\system32\drivers\nvarm.sys
0xAFFBC000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xAFFA7000 \SystemRoot\System32\drivers\ctac32k.sys
0xAFF8E000 \SystemRoot\System32\drivers\emupia2k.sys
0xAFF6F000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xF7817000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79C5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA3C4000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C7000 \SystemRoot\System32\Drivers\Beep.SYS
0xB99D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB99C0000 \SystemRoot\System32\drivers\vga.sys
0xF79CB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79CD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF781F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB5C76000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB76D6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9FF1A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9FEC1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9FE99000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9FE77000 \SystemRoot\System32\drivers\afd.sys
0xBA738000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9FE4C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9FDDC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7697000 \SystemRoot\System32\Drivers\Fips.SYS
0x9FDB6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA778000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF773F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9FD92000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7917000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB7D53000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF794B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA7F4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x9FD78000 \SystemRoot\System32\Drivers\dump_Si3112r.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7933000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7767000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB7197000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0x9D525000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D3E4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB5CB6000 \SystemRoot\System32\drivers\BrPar.sys
0xB5FF6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x9D2A2000 \SystemRoot\system32\DRIVERS\srv.sys
0x9D215000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2FFC000 \SystemRoot\system32\drivers\sysaudio.sys
0xF77BF000 \??\D:\DOKUME~1\Zensiert\LOKALE~1\Temp\catchme.sys
0xF79BD000 \??\D:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB701C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9CE67000 \??\D:\DOKUME~1\Zensiert\LOKALE~1\Temp\awacakod.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 25):
0 System Idle Process
4 System
584 D:\WINDOWS\system32\smss.exe
648 csrss.exe
688 D:\WINDOWS\system32\winlogon.exe
732 D:\WINDOWS\system32\services.exe
744 D:\WINDOWS\system32\lsass.exe
900 D:\WINDOWS\system32\ati2evxx.exe
912 D:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1144 D:\WINDOWS\system32\svchost.exe
1192 D:\WINDOWS\system32\ati2evxx.exe
1244 svchost.exe
1368 svchost.exe
1500 D:\WINDOWS\system32\spoolsv.exe
1760 E:\01_Rechner\01_Programme\03_Office\Steuer\AAVUpdateManager\aavus.exe
1772 D:\Programme\Application Updater\ApplicationUpdater.exe
1828 D:\Programme\Java\jre6\bin\jqs.exe
1872 D:\WINDOWS\system32\PnkBstrA.exe
2004 E:\01_Rechner\01_Programme\02_Multimedia\shutdown\Service.exe
476 D:\WINDOWS\system32\svchost.exe
1416 D:\WINDOWS\system32\wscntfy.exe
1428 alg.exe
1048 D:\WINDOWS\explorer.exe
304 D:\Dokumente und Einstellungen\Zensiert\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000003`e8246e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000006`e4f49e00 (FAT32)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x00000001`dd079800 (FAT32)
PhysicalDrive0 Model Number: WDCWD800JB-00ETA0, Rev: 77.07W77
PhysicalDrive1 Model Number: WDCWD6401AALS-00L3B2, Rev: 01.03B01
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
596 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
Wie werden externe Speichermedien behandelt? USB-Sticks einstecken während der Scans? Geändert von El Toco (28.12.2010 um 21:53 Uhr) Grund: zusätzliche Frage |
| Themen zu Antivir-Fund: (1) lpl.exe auf USB-Stick = WORM/Autorun.bqls (2) Prozess: ApplicationUpdater.exe |
| 0x00000001, 0xc0000001, abschalten, adware.widgitoolbar, anleitung, anti-malware, avgntflt.sys, browser, canon, datei, detected, explorer, folge, folgende, helper, infected, internet browser, location, log-file, microsoft, modus, nicht sicher, oldtimer, opera.exe, otl.exe, pdfforge, pdfforge toolbar, plug-in, problem, programme, prozess, quarantäne, saver, sched.exe, service, shell32.dll, software, spigot, startet, system restore, updater.exe, version, vlc media player, woche |
Baum-Darstellung