| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2011, 21:43
| #16 |
 |  AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Ok hier der Scan von dem Kaspersky-tool: 2011/03/24 21:37:10.0437 3440 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/24 21:37:12.0453 3440 ================================================================================ 2011/03/24 21:37:12.0453 3440 SystemInfo: 2011/03/24 21:37:12.0453 3440 2011/03/24 21:37:12.0453 3440 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/24 21:37:12.0453 3440 Product type: Workstation 2011/03/24 21:37:12.0453 3440 ComputerName: JOHANNES-LAPTOP 2011/03/24 21:37:12.0453 3440 UserName: Administrator 2011/03/24 21:37:12.0453 3440 Windows directory: C:\WINDOWS 2011/03/24 21:37:12.0453 3440 System windows directory: C:\WINDOWS 2011/03/24 21:37:12.0453 3440 Processor architecture: Intel x86 2011/03/24 21:37:12.0453 3440 Number of processors: 2 2011/03/24 21:37:12.0453 3440 Page size: 0x1000 2011/03/24 21:37:12.0453 3440 Boot type: Normal boot 2011/03/24 21:37:12.0453 3440 ================================================================================ 2011/03/24 21:37:13.0406 3440 Initialize success 2011/03/24 21:37:24.0953 8140 ================================================================================ 2011/03/24 21:37:24.0953 8140 Scan started 2011/03/24 21:37:24.0953 8140 Mode: Manual; 2011/03/24 21:37:24.0953 8140 ================================================================================ 2011/03/24 21:37:25.0812 8140 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/24 21:37:26.0015 8140 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/03/24 21:37:26.0437 8140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/24 21:37:26.0671 8140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/24 21:37:27.0890 8140 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys 2011/03/24 21:37:28.0140 8140 AR5211 (bd4a059b937a64f403e693dcaa26fe38) C:\WINDOWS\system32\DRIVERS\ar5211.sys 2011/03/24 21:37:28.0390 8140 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\asapiW2k.sys 2011/03/24 21:37:29.0203 8140 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\WINDOWS\system32\drivers\AsDsm.sys 2011/03/24 21:37:29.0312 8140 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Programme\ATKGFNEX\ASMMAP.sys 2011/03/24 21:37:29.0375 8140 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS 2011/03/24 21:37:29.0796 8140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/24 21:37:30.0031 8140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/24 21:37:30.0515 8140 ati2mtag (ed24215d4223c60989f02e196a1fff73) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/03/24 21:37:30.0921 8140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/24 21:37:31.0171 8140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/24 21:37:31.0296 8140 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 2011/03/24 21:37:31.0546 8140 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/03/24 21:37:31.0765 8140 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/03/24 21:37:32.0000 8140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/24 21:37:32.0234 8140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/24 21:37:32.0453 8140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/24 21:37:32.0875 8140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/24 21:37:33.0109 8140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/24 21:37:33.0328 8140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/24 21:37:33.0781 8140 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/03/24 21:37:34.0218 8140 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/03/24 21:37:35.0125 8140 Defrag32 (573ac4974e59a28ac5815bf56d59822c) C:\WINDOWS\system32\drivers\Defrag32.sys 2011/03/24 21:37:35.0328 8140 Defrag32b (739fd63e6ac4f3940ada9b31b8b5de14) C:\WINDOWS\system32\drivers\Defrag32b.sys 2011/03/24 21:37:35.0531 8140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/24 21:37:35.0781 8140 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/24 21:37:36.0062 8140 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/24 21:37:36.0437 8140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/24 21:37:36.0687 8140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/24 21:37:37.0312 8140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/24 21:37:37.0531 8140 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 2011/03/24 21:37:37.0750 8140 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 2011/03/24 21:37:37.0984 8140 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 2011/03/24 21:37:38.0203 8140 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys 2011/03/24 21:37:38.0468 8140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/24 21:37:38.0703 8140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/03/24 21:37:38.0921 8140 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/24 21:37:39.0156 8140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/03/24 21:37:39.0375 8140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/24 21:37:39.0578 8140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/24 21:37:39.0828 8140 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/24 21:37:40.0031 8140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/24 21:37:40.0281 8140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/03/24 21:37:40.0546 8140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/24 21:37:40.0984 8140 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/03/24 21:37:41.0218 8140 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/03/24 21:37:41.0437 8140 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/03/24 21:37:41.0671 8140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/24 21:37:42.0328 8140 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/24 21:37:42.0578 8140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/24 21:37:43.0140 8140 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/03/24 21:37:43.0781 8140 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/24 21:37:44.0031 8140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/24 21:37:44.0265 8140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/24 21:37:44.0484 8140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/24 21:37:44.0734 8140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/24 21:37:45.0015 8140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/24 21:37:45.0250 8140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/24 21:37:45.0484 8140 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/24 21:37:45.0687 8140 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/24 21:37:45.0921 8140 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys 2011/03/24 21:37:46.0140 8140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/24 21:37:46.0406 8140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/24 21:37:46.0859 8140 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys 2011/03/24 21:37:47.0093 8140 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 2011/03/24 21:37:47.0328 8140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/24 21:37:47.0578 8140 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/24 21:37:47.0843 8140 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/03/24 21:37:48.0062 8140 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/24 21:37:48.0312 8140 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/24 21:37:48.0546 8140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/24 21:37:49.0046 8140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/24 21:37:49.0281 8140 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/24 21:37:49.0515 8140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/24 21:37:49.0734 8140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/24 21:37:50.0000 8140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/24 21:37:50.0250 8140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/24 21:37:50.0453 8140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/24 21:37:50.0687 8140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/24 21:37:50.0953 8140 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 2011/03/24 21:37:51.0171 8140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/24 21:37:51.0531 8140 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/24 21:37:51.0796 8140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/24 21:37:52.0015 8140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/24 21:37:52.0250 8140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/24 21:37:52.0484 8140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/24 21:37:52.0718 8140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/24 21:37:52.0937 8140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/24 21:37:53.0218 8140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/24 21:37:53.0453 8140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/24 21:37:53.0734 8140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/24 21:37:53.0968 8140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/24 21:37:54.0187 8140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/24 21:37:54.0406 8140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/24 21:37:54.0656 8140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/24 21:37:54.0906 8140 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys 2011/03/24 21:37:55.0140 8140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/24 21:37:55.0343 8140 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/24 21:37:55.0578 8140 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/24 21:37:56.0000 8140 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/24 21:37:56.0234 8140 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys 2011/03/24 21:37:56.0468 8140 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/24 21:37:57.0921 8140 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2011/03/24 21:37:58.0203 8140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/24 21:37:58.0453 8140 PQNTDrv (590f057b19488420f720bf6423388775) C:\WINDOWS\system32\drivers\PQNTDrv.sys 2011/03/24 21:37:58.0671 8140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/24 21:37:58.0906 8140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/24 21:37:59.0156 8140 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/24 21:38:00.0359 8140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/24 21:38:00.0578 8140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/24 21:38:00.0828 8140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/24 21:38:01.0046 8140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/24 21:38:01.0281 8140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/24 21:38:01.0515 8140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/24 21:38:01.0750 8140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/24 21:38:02.0000 8140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/24 21:38:02.0234 8140 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/24 21:38:02.0468 8140 RTSTOR (b1c9626c5089a85de411c1bedbc5620e) C:\WINDOWS\system32\drivers\RTSTOR.SYS 2011/03/24 21:38:02.0703 8140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/24 21:38:02.0968 8140 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys 2011/03/24 21:38:03.0250 8140 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys 2011/03/24 21:38:03.0468 8140 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys 2011/03/24 21:38:03.0703 8140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/24 21:38:03.0937 8140 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys 2011/03/24 21:38:04.0140 8140 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys 2011/03/24 21:38:04.0593 8140 SiSGbeXP (a86e52c55de3488b3fc0ff2b8ad711bf) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys 2011/03/24 21:38:04.0828 8140 siside (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys 2011/03/24 21:38:05.0031 8140 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/24 21:38:05.0281 8140 smserial (b8c571fbf5a4b341a95cdf0de74d7b11) C:\WINDOWS\system32\DRIVERS\smserial.sys 2011/03/24 21:38:05.0796 8140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/24 21:38:06.0078 8140 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/03/24 21:38:06.0078 8140 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/03/24 21:38:06.0093 8140 sptd - detected Locked file (1) 2011/03/24 21:38:06.0328 8140 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/24 21:38:06.0656 8140 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/24 21:38:07.0062 8140 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/03/24 21:38:07.0343 8140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/24 21:38:07.0578 8140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/24 21:38:07.0812 8140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/24 21:38:08.0859 8140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/24 21:38:09.0109 8140 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys 2011/03/24 21:38:09.0343 8140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/24 21:38:09.0609 8140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/24 21:38:09.0859 8140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/24 21:38:10.0093 8140 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys 2011/03/24 21:38:10.0296 8140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/24 21:38:10.0765 8140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/24 21:38:11.0203 8140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/24 21:38:11.0515 8140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/24 21:38:11.0734 8140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/24 21:38:11.0953 8140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/24 21:38:12.0203 8140 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/03/24 21:38:12.0468 8140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/24 21:38:12.0703 8140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/24 21:38:12.0968 8140 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/24 21:38:13.0250 8140 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/03/24 21:38:13.0484 8140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/24 21:38:13.0921 8140 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/24 21:38:14.0375 8140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/24 21:38:14.0812 8140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/24 21:38:15.0062 8140 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys 2011/03/24 21:38:15.0328 8140 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys 2011/03/24 21:38:15.0578 8140 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys 2011/03/24 21:38:15.0796 8140 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys 2011/03/24 21:38:16.0078 8140 WpdUsb (d4162c1d8fe1de8f1e6ef9ba4323d520) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/03/24 21:38:16.0296 8140 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2011/03/24 21:38:16.0578 8140 WSIMD (2ea107f535b0b7bfb1d8d6bd79325dbb) C:\WINDOWS\system32\DRIVERS\wsimd.sys 2011/03/24 21:38:16.0781 8140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/24 21:38:17.0031 8140 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/24 21:38:17.0250 8140 WudfRd (e12d4c486d7eb4e0961c27558dc25af7) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/24 21:38:17.0515 8140 ================================================================================ 2011/03/24 21:38:17.0515 8140 Scan finished 2011/03/24 21:38:17.0515 8140 ================================================================================ 2011/03/24 21:38:17.0546 7412 Detected object count: 1 2011/03/24 21:40:42.0453 7412 Locked file(sptd) - User select action: Skip und hier das Log von dem "NormanTDSS Cleaner": Norman TDSS Cleaner Version 2.0.2 Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24 Scan started: 2011/03/24 21:44:50 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Logged on user: JOHANNES-LAPTOP\Administrator Scanning kernel... Scan complete |
|
24.03.2011, 22:12
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
25.03.2011, 01:44
| #18 |
| | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen GMER:
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-25 01:40:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e ST9250827AS rev.3.AAA
Running: sic9x5lp.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xBA30AB30]
SSDT BA6902A6 ZwCreateKey
SSDT BA69029C ZwCreateThread
SSDT BA6902AB ZwDeleteKey
SSDT BA6902B5 ZwDeleteValueKey
SSDT spiy.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spiy.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT BA6902BA ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBA30A470]
SSDT spiy.sys ZwOpenKey [0xB9EB50C0]
SSDT BA690288 ZwOpenProcess
SSDT BA69028D ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xBA30AC50]
SSDT spiy.sys ZwQueryKey [0xB9ECE20A]
SSDT spiy.sys ZwQueryValueKey [0xB9ECE08A]
SSDT BA6902C4 ZwReplaceKey
SSDT BA6902BF ZwRestoreKey
SSDT BA6902B0 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBA30A990]
SSDT BA690297 ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xBA30AD60]
INT 0x62 ? 8A3DABF8
INT 0x63 ? 8A1D1BF8
INT 0x83 ? 8A3DABF8
INT 0x94 ? 8A1D1BF8
INT 0xB1 ? 8A44CBF8
INT 0xB1 ? 8A44CBF8
INT 0xB4 ? 8A1D1BF8
---- Kernel code sections - GMER 1.0.15 ----
? spiy.sys Das System kann die angegebene Datei nicht finden. !
.sfrelocÿÿÿÿsfsync04unknown last section [0xB9E5B000, 0xBC6, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xB9E5B000, 0xBC6, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB980C000, 0x1894F8, 0xE8000020]
.text USBPORT.SYS!DllUnload B97A08AC 5 Bytes JMP 8A1D11D8
.text a9qxhjfg.SYS B96A2386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a9qxhjfg.SYS B96A23AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a9qxhjfg.SYS B96A23C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a9qxhjfg.SYS B96A23C9 1 Byte [2E]
.text a9qxhjfg.SYS B96A23C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text apaszghy.SYS B9669386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text apaszghy.SYS B96693AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text apaszghy.SYS B96693C4 3 Bytes [00, 80, 02]
.text apaszghy.SYS B96693C9 1 Byte [30]
.text apaszghy.SYS B96693C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text tcpip.sys!IPTransmit + 10FC ACE1ED3A 6 Bytes CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 ACE20690 6 Bytes CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 ACE36454 6 Bytes CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys B96163FD 7 Bytes CALL B9CC0FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
? C:\cofi.exe\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Tunngle\TnglCtrl.exe[3116] ntdll.dll!DbgBreakPoint 7C91120E 1 Byte [90]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spiy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spiy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spiy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spiy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spiy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spiy.sys
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A3D91F8
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \FileSystem\Fastfat \FatCdrom 890831F8
Device \FileSystem\Udfs \UdfsCdRom 890601F8
Device \FileSystem\Udfs \UdfsDisk 890601F8
Device \Driver\usbstor \Device\0000009b 8909D500
Device \Driver\usbstor \Device\0000009b sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\RTSTOR \Device\0000009d sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbohci \Device\USBPDO-0 8A14D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A44A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A44A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A44A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A44A1F8
Device \Driver\usbohci \Device\USBPDO-1 8A14D1F8
Device \Driver\usbehci \Device\USBPDO-2 8A1361F8
Device \Driver\sptd \Device\4006500198 spiy.sys
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3DB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3DB1F8
Device \Driver\Cdrom \Device\CdRom0 8A333500
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort0 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort1 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort2 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort3 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\Cdrom \Device\CdRom1 8A333500
Device \Driver\PCI_PNP6448 \Device\00000067 spiy.sys
Device \Driver\PCI_PNP6448 \Device\00000068 spiy.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 890DA500
Device \Driver\NetBT \Device\NetbiosSmb 890DA500
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbstor \Device\00000097 8909D500
Device \Driver\usbstor \Device\00000097 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbohci \Device\USBFDO-0 8A14D1F8
Device \Driver\RTSTOR \Device\00000099 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbohci \Device\USBFDO-1 8A14D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890D8500
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbehci \Device\USBFDO-2 8A1361F8
Device \Driver\sptd \Device\4006656448 spiy.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890D8500
Device \Driver\Ftdisk \Device\FtControl 8A3DB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F523AD6C-1A8C-45BE-8A26-6E123EA63FF7} 890DA500
Device \Driver\a9qxhjfg \Device\Scsi\a9qxhjfg1 8A1281F8
Device \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0 8A1231F8
Device \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\apaszghy \Device\Scsi\apaszghy1 8A1231F8
Device \Driver\apaszghy \Device\Scsi\apaszghy1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \FileSystem\Fastfat \Fat 890831F8
AttachedDevice \FileSystem\Fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 890611F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0D 0x6B 0xD9 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x5D 0x1C 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB6 0x2F 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x6C 0xB7 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0D 0x6B 0xD9 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x60 0xD9 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB6 0x2F 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x6C 0xB7 0x50 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- Files - GMER 1.0.15 ----
File C:\Programme\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 22:43:11 on 24.03.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\PDBoot.exe "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl "Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a9qxhjfg" (a9qxhjfg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a9qxhjfg.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "apaszghy" (apaszghy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\apaszghy.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys "ASMMAP" (ASMMAP) - ? - C:\Programme\ATKGFNEX\ASMMAP.sys "ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS "ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\AsDsm.sys "ddxgb" (ddxgb) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ddxgb.sys (File not found) "Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys "Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys "SyGate for NT, wg4n" (wg4n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys "SyGate for NT, wg5n" (wg5n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys "SyGate for NT, wg6n" (wg6n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys "TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys "Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {0cab0400-7395-11d0-a5e5-0020afe2fdd9} "Quick View Plus - ShellExecute Hook" - "Stellent, Inc." - C:\WINDOWS\qvphook.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0F08737-0C36-101B-B086-0020AF07D0F4} "Quick View Plus - Shell Extension object" - "Stellent, Inc." - C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll (File found, but it contains no detailed information) {2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? - (File not found | COM-object registry key not found) {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "CCC.lnk" - "ATI Technologies Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "FlashPlayerUpdate" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ASUS Camera ScreenSaver" - ? - C:\WINDOWS\ASScrProlog.exe (File found, but it contains no detailed information) "ASUS Screen Saver Protector" - ? - C:\WINDOWS\ASScrPro.exe "ATKHOTKEY" - "ATK0100" - "C:\Programme\ATK Hotkey\Hcontrol.exe" "ATKOSD2" - ? - "C:\Programme\ATKOSD2\ATKOSD2.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "HControlUser" - ? - "C:\Programme\ATK Hotkey\HcontrolUser.exe" "MsgTranAgt" - ? - "C:\Programme\ATK Hotkey\MsgTranAgt.exe" "Power_Gear" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 "SmcService" - "Sygate Technologies, Inc." - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "Wireless Console 2" - ? - "C:\Programme\Wireless Console 2\wcourier.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Atheros Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "ADSM Service" (ADSMService) - ? - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Atheros-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\ATKGFNEX\GFNEXSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe "PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe "Sygate Personal Firewall" (SmcService) - "Sygate Technologies, Inc." - C:\Programme\Sygate\SPF\smc.exe "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe "TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBR Check: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000000fc Kernel Drivers (total 166): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E6000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9EB4000 spiy.sys 0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xB9E6D000 ACPI.sys 0xBA0A8000 isapnp.sys 0xB9E5C000 pci.sys 0xB9E4A000 sfsync04.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9E2B000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9E05000 dmio.sys 0xBA671000 siside.sys 0xBA4C4000 ACPIEC.sys 0xBA672000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xBA330000 PartMgr.sys 0xBA0C8000 VolSnap.sys 0xB9DED000 atapi.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9DCD000 fltmgr.sys 0xB9DBB000 sr.sys 0xBA0F8000 AsDsm.sys 0xBA108000 PxHelp20.sys 0xB9DA4000 KSecDD.sys 0xB9D8F000 WudfPf.sys 0xBA118000 Defrag32b.sys 0xB9D02000 Ntfs.sys 0xB9CD5000 NDIS.sys 0xB9CB8000 Teefer.sys 0xB9CA5000 sfvfs02.sys 0xBA338000 sfhlp02.sys 0xB9C93000 sfdrv01.sys 0xB9C79000 Mup.sys 0xBA390000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB980B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB97CF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA5B2000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0xBA3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA3B0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA3B8000 \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys 0xBA5B4000 \SystemRoot\System32\Drivers\ElbyDelay.sys 0xBA3C8000 \SystemRoot\System32\Drivers\ElbyCDFL.sys 0xBA564000 \SystemRoot\system32\drivers\pfc.sys 0xBA3D8000 \SystemRoot\System32\Drivers\AnyDVD.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB97AC000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA3F0000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xB9788000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9701000 \SystemRoot\system32\DRIVERS\ar5211.sys 0xB96D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB96A2000 \SystemRoot\System32\Drivers\a9qxhjfg.SYS 0xB9669000 \SystemRoot\System32\Drivers\apaszghy.SYS 0xBA590000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xBA398000 \SystemRoot\system32\DRIVERS\ManyCam.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xBA79B000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9652000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9641000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB9571000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5C2000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9513000 \SystemRoot\system32\DRIVERS\update.sys 0xB9C41000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB94BD000 \SystemRoot\system32\DRIVERS\MarvinBus.sys 0xBA248000 \SystemRoot\system32\DRIVERS\wsimd.sys 0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA2A8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5C6000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xACFCD000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xACFA9000 \SystemRoot\system32\drivers\portcls.sys 0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys 0xACECF000 \SystemRoot\system32\DRIVERS\smserial.sys 0xBA460000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA5A0000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xBA5D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7F3000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5D4000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA490000 \SystemRoot\System32\drivers\vga.sys 0xBA5D8000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA4A0000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB94FB000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xACE74000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xACE1B000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xACDCD000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA308000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys 0xACD05000 \SystemRoot\system32\DRIVERS\netbt.sys 0xACCE3000 \SystemRoot\System32\drivers\afd.sys 0xBA148000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA3A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB94EF000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xACCB8000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xBA693000 \SystemRoot\System32\Drivers\PQNTDrv.SYS 0xB94A9000 \??\C:\WINDOWS\system32\drivers\pclepci.sys 0xACC48000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA168000 \SystemRoot\System32\Drivers\Fips.SYS 0xACBDC000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xBA5E4000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xB9611000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xBA438000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xB95F1000 \SystemRoot\system32\drivers\RTSTOR.SYS 0xACEAF000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xACB96000 \SystemRoot\System32\Drivers\usbvideo.sys 0xB95C1000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xACB85000 \SystemRoot\System32\Drivers\Udfs.SYS 0xACB61000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xACB49000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xACE0F000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA478000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA757000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF05F000 \SystemRoot\System32\ati2cqag.dll 0xBF0DE000 \SystemRoot\System32\atikvmag.dll 0xBF14E000 \SystemRoot\System32\atiok3x2.dll 0xBF17C000 \SystemRoot\System32\ati3duag.dll 0xBF484000 \SystemRoot\System32\ativvaxx.dll 0xBF633000 \SystemRoot\System32\ATMFD.DLL 0xAA7E4000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xAA79C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAA5FC000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys 0xAA5F4000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys 0xAA5EC000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys 0xAA5DC000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys 0xBA450000 \??\C:\Programme\ATKGFNEX\ASMMAP.sys 0xAA31F000 \SystemRoot\system32\drivers\wdmaud.sys 0xAA5BC000 \SystemRoot\system32\drivers\sysaudio.sys 0xAA18A000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xAA0F2000 \SystemRoot\System32\Drivers\Defrag32.SYS 0xBA5D2000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xA9F52000 \SystemRoot\system32\DRIVERS\srv.sys 0xA9A17000 \SystemRoot\System32\Drivers\HTTP.sys 0xA97BE000 \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS 0xBA468000 \??\C:\cofi.exe\catchme.sys 0xBA5E2000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xA9096000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys 0xA9EC0000 \SystemRoot\system32\DRIVERS\SiSGbeXP.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Programme\Alcohol Soft\Alcohol 52\Alcoholx.dll Processes (total 55): 0 System Idle Process 4 System 632 C:\WINDOWS\system32\smss.exe 1108 csrss.exe 1140 C:\WINDOWS\system32\winlogon.exe 1184 C:\WINDOWS\system32\services.exe 1196 C:\WINDOWS\system32\lsass.exe 1384 C:\WINDOWS\system32\ati2evxx.exe 1416 C:\WINDOWS\system32\svchost.exe 1528 svchost.exe 1744 C:\WINDOWS\system32\svchost.exe 1788 C:\WINDOWS\system32\svchost.exe 1820 C:\WINDOWS\system32\ati2evxx.exe 280 svchost.exe 512 svchost.exe 808 C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe 824 C:\Programme\ATKGFNEX\GFNEXSrv.exe 1008 C:\WINDOWS\system32\spoolsv.exe 660 C:\WINDOWS\system32\acs.exe 1576 C:\Programme\Avira\AntiVir Desktop\sched.exe 1712 svchost.exe 712 C:\Programme\Avira\AntiVir Desktop\avguard.exe 628 C:\WINDOWS\system32\svchost.exe 456 C:\Programme\Java\jre6\bin\jqs.exe 1080 C:\WINDOWS\system32\svchost.exe 1596 C:\WINDOWS\system32\oodag.exe 2848 C:\WINDOWS\system32\svchost.exe 2936 C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe 3076 C:\WINDOWS\system32\svchost.exe 3116 C:\Programme\Tunngle\TnglCtrl.exe 1088 C:\Programme\ATK Hotkey\HControlUser.exe 524 C:\Programme\ATK Hotkey\HControl.exe 2300 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2440 C:\Programme\ATK Hotkey\MsgTranAgt.exe 2608 C:\Programme\ATKOSD2\ATKOSD2.exe 2760 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3032 C:\Programme\Wireless Console 2\wcourier.exe 3356 C:\WINDOWS\ASScrPro.exe 3532 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 3540 alg.exe 3696 C:\Programme\ATK Hotkey\ATKOSD.exe 4056 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe 1964 C:\Programme\ATK Hotkey\KBFiltr.exe 1980 C:\Programme\DAEMON Tools Lite\DTLite.exe 2568 C:\Programme\ATK Hotkey\WDC.exe 3952 C:\WINDOWS\system32\svchost.exe 4000 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3232 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 7040 C:\WINDOWS\explorer.exe 7004 C:\Programme\Mozilla Firefox\firefox.exe 1168 C:\Programme\Sygate\SPF\Smc.exe 6348 wmiprvse.exe 4760 C:\Programme\Avira\AntiVir Desktop\avcenter.exe 8140 C:\Programme\Mozilla Firefox\plugin-container.exe 6520 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`499f7e00 (NTFS) PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
|
25.03.2011, 01:44
| #19 |
| | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-25 01:40:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-e ST9250827AS rev.3.AAA
Running: sic9x5lp.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xBA30AB30]
SSDT BA6902A6 ZwCreateKey
SSDT BA69029C ZwCreateThread
SSDT BA6902AB ZwDeleteKey
SSDT BA6902B5 ZwDeleteValueKey
SSDT spiy.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spiy.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT BA6902BA ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBA30A470]
SSDT spiy.sys ZwOpenKey [0xB9EB50C0]
SSDT BA690288 ZwOpenProcess
SSDT BA69028D ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xBA30AC50]
SSDT spiy.sys ZwQueryKey [0xB9ECE20A]
SSDT spiy.sys ZwQueryValueKey [0xB9ECE08A]
SSDT BA6902C4 ZwReplaceKey
SSDT BA6902BF ZwRestoreKey
SSDT BA6902B0 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBA30A990]
SSDT BA690297 ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xBA30AD60]
INT 0x62 ? 8A3DABF8
INT 0x63 ? 8A1D1BF8
INT 0x83 ? 8A3DABF8
INT 0x94 ? 8A1D1BF8
INT 0xB1 ? 8A44CBF8
INT 0xB1 ? 8A44CBF8
INT 0xB4 ? 8A1D1BF8
---- Kernel code sections - GMER 1.0.15 ----
? spiy.sys Das System kann die angegebene Datei nicht finden. !
.sfrelocÿÿÿÿsfsync04unknown last section [0xB9E5B000, 0xBC6, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xB9E5B000, 0xBC6, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB980C000, 0x1894F8, 0xE8000020]
.text USBPORT.SYS!DllUnload B97A08AC 5 Bytes JMP 8A1D11D8
.text a9qxhjfg.SYS B96A2386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a9qxhjfg.SYS B96A23AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a9qxhjfg.SYS B96A23C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a9qxhjfg.SYS B96A23C9 1 Byte [2E]
.text a9qxhjfg.SYS B96A23C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text apaszghy.SYS B9669386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text apaszghy.SYS B96693AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text apaszghy.SYS B96693C4 3 Bytes [00, 80, 02]
.text apaszghy.SYS B96693C9 1 Byte [30]
.text apaszghy.SYS B96693C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text tcpip.sys!IPTransmit + 10FC ACE1ED3A 6 Bytes CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 ACE20690 6 Bytes CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 ACE36454 6 Bytes CALL B9CC0E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys B96163FD 7 Bytes CALL B9CC0FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
? C:\cofi.exe\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Tunngle\TnglCtrl.exe[3116] ntdll.dll!DbgBreakPoint 7C91120E 1 Byte [90]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spiy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spiy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spiy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spiy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spiy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spiy.sys
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a9qxhjfg.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\apaszghy.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9CC18E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CC1B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9CC1C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9CC1BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A3D91F8
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \FileSystem\Fastfat \FatCdrom 890831F8
Device \FileSystem\Udfs \UdfsCdRom 890601F8
Device \FileSystem\Udfs \UdfsDisk 890601F8
Device \Driver\usbstor \Device\0000009b 8909D500
Device \Driver\usbstor \Device\0000009b sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\RTSTOR \Device\0000009d sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbohci \Device\USBPDO-0 8A14D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A44A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A44A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A44A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A44A1F8
Device \Driver\usbohci \Device\USBPDO-1 8A14D1F8
Device \Driver\usbehci \Device\USBPDO-2 8A1361F8
Device \Driver\sptd \Device\4006500198 spiy.sys
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3DB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3DB1F8
Device \Driver\Cdrom \Device\CdRom0 8A333500
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort0 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort1 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort2 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdePort3 [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e [B9DF6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-e sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\Cdrom \Device\CdRom1 8A333500
Device \Driver\PCI_PNP6448 \Device\00000067 spiy.sys
Device \Driver\PCI_PNP6448 \Device\00000068 spiy.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 890DA500
Device \Driver\NetBT \Device\NetbiosSmb 890DA500
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbstor \Device\00000097 8909D500
Device \Driver\usbstor \Device\00000097 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbohci \Device\USBFDO-0 8A14D1F8
Device \Driver\RTSTOR \Device\00000099 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\usbohci \Device\USBFDO-1 8A14D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890D8500
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbehci \Device\USBFDO-2 8A1361F8
Device \Driver\sptd \Device\4006656448 spiy.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890D8500
Device \Driver\Ftdisk \Device\FtControl 8A3DB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F523AD6C-1A8C-45BE-8A26-6E123EA63FF7} 890DA500
Device \Driver\a9qxhjfg \Device\Scsi\a9qxhjfg1 8A1281F8
Device \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0 8A1231F8
Device \Driver\apaszghy \Device\Scsi\apaszghy1Port4Path0Target0Lun0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\apaszghy \Device\Scsi\apaszghy1 8A1231F8
Device \Driver\apaszghy \Device\Scsi\apaszghy1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \FileSystem\Fastfat \Fat 890831F8
AttachedDevice \FileSystem\Fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 890611F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0D 0x6B 0xD9 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0x5D 0x1C 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB6 0x2F 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x6C 0xB7 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0D 0x6B 0xD9 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x60 0xD9 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB6 0x2F 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x6C 0xB7 0x50 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- Files - GMER 1.0.15 ----
File C:\Programme\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Programme\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 22:43:11 on 24.03.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\PDBoot.exe "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl "Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a9qxhjfg" (a9qxhjfg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a9qxhjfg.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "apaszghy" (apaszghy) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\apaszghy.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys "ASMMAP" (ASMMAP) - ? - C:\Programme\ATKGFNEX\ASMMAP.sys "ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS "ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\AsDsm.sys "ddxgb" (ddxgb) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ddxgb.sys (File not found) "Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys "Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys "SyGate for NT, wg4n" (wg4n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys "SyGate for NT, wg5n" (wg5n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys "SyGate for NT, wg6n" (wg6n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys "TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys "Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {0cab0400-7395-11d0-a5e5-0020afe2fdd9} "Quick View Plus - ShellExecute Hook" - "Stellent, Inc." - C:\WINDOWS\qvphook.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0F08737-0C36-101B-B086-0020AF07D0F4} "Quick View Plus - Shell Extension object" - "Stellent, Inc." - C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll (File found, but it contains no detailed information) {2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? - (File not found | COM-object registry key not found) {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "CCC.lnk" - "ATI Technologies Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "FlashPlayerUpdate" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ASUS Camera ScreenSaver" - ? - C:\WINDOWS\ASScrProlog.exe (File found, but it contains no detailed information) "ASUS Screen Saver Protector" - ? - C:\WINDOWS\ASScrPro.exe "ATKHOTKEY" - "ATK0100" - "C:\Programme\ATK Hotkey\Hcontrol.exe" "ATKOSD2" - ? - "C:\Programme\ATKOSD2\ATKOSD2.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "HControlUser" - ? - "C:\Programme\ATK Hotkey\HcontrolUser.exe" "MsgTranAgt" - ? - "C:\Programme\ATK Hotkey\MsgTranAgt.exe" "Power_Gear" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 "SmcService" - "Sygate Technologies, Inc." - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "Wireless Console 2" - ? - "C:\Programme\Wireless Console 2\wcourier.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Atheros Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "ADSM Service" (ADSMService) - ? - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Atheros-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\ATKGFNEX\GFNEXSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe "PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe "Sygate Personal Firewall" (SmcService) - "Sygate Technologies, Inc." - C:\Programme\Sygate\SPF\smc.exe "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe "TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBR Check: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000000fc Kernel Drivers (total 166): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E6000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9EB4000 spiy.sys 0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xB9E6D000 ACPI.sys 0xBA0A8000 isapnp.sys 0xB9E5C000 pci.sys 0xB9E4A000 sfsync04.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9E2B000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9E05000 dmio.sys 0xBA671000 siside.sys 0xBA4C4000 ACPIEC.sys 0xBA672000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xBA330000 PartMgr.sys 0xBA0C8000 VolSnap.sys 0xB9DED000 atapi.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9DCD000 fltmgr.sys 0xB9DBB000 sr.sys 0xBA0F8000 AsDsm.sys 0xBA108000 PxHelp20.sys 0xB9DA4000 KSecDD.sys 0xB9D8F000 WudfPf.sys 0xBA118000 Defrag32b.sys 0xB9D02000 Ntfs.sys 0xB9CD5000 NDIS.sys 0xB9CB8000 Teefer.sys 0xB9CA5000 sfvfs02.sys 0xBA338000 sfhlp02.sys 0xB9C93000 sfdrv01.sys 0xB9C79000 Mup.sys 0xBA390000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB980B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB97CF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA5B2000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0xBA3A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA3B0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA3B8000 \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys 0xBA5B4000 \SystemRoot\System32\Drivers\ElbyDelay.sys 0xBA3C8000 \SystemRoot\System32\Drivers\ElbyCDFL.sys 0xBA564000 \SystemRoot\system32\drivers\pfc.sys 0xBA3D8000 \SystemRoot\System32\Drivers\AnyDVD.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB97AC000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA3F0000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xB9788000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9701000 \SystemRoot\system32\DRIVERS\ar5211.sys 0xB96D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB96A2000 \SystemRoot\System32\Drivers\a9qxhjfg.SYS 0xB9669000 \SystemRoot\System32\Drivers\apaszghy.SYS 0xBA590000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xBA398000 \SystemRoot\system32\DRIVERS\ManyCam.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xBA79B000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9652000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9641000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB9571000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5C2000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9513000 \SystemRoot\system32\DRIVERS\update.sys 0xB9C41000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB94BD000 \SystemRoot\system32\DRIVERS\MarvinBus.sys 0xBA248000 \SystemRoot\system32\DRIVERS\wsimd.sys 0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA2A8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5C6000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xACFCD000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xACFA9000 \SystemRoot\system32\drivers\portcls.sys 0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys 0xACECF000 \SystemRoot\system32\DRIVERS\smserial.sys 0xBA460000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA5A0000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xBA5D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7F3000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5D4000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA490000 \SystemRoot\System32\drivers\vga.sys 0xBA5D8000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA4A0000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB94FB000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xACE74000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xACE1B000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xACDCD000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA308000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys 0xACD05000 \SystemRoot\system32\DRIVERS\netbt.sys 0xACCE3000 \SystemRoot\System32\drivers\afd.sys 0xBA148000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA3A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB94EF000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xACCB8000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xBA693000 \SystemRoot\System32\Drivers\PQNTDrv.SYS 0xB94A9000 \??\C:\WINDOWS\system32\drivers\pclepci.sys 0xACC48000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA168000 \SystemRoot\System32\Drivers\Fips.SYS 0xACBDC000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xBA5E4000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xB9611000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xBA438000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xB95F1000 \SystemRoot\system32\drivers\RTSTOR.SYS 0xACEAF000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xACB96000 \SystemRoot\System32\Drivers\usbvideo.sys 0xB95C1000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xACB85000 \SystemRoot\System32\Drivers\Udfs.SYS 0xACB61000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xACB49000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA5EA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xACE0F000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA478000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA757000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF05F000 \SystemRoot\System32\ati2cqag.dll 0xBF0DE000 \SystemRoot\System32\atikvmag.dll 0xBF14E000 \SystemRoot\System32\atiok3x2.dll 0xBF17C000 \SystemRoot\System32\ati3duag.dll 0xBF484000 \SystemRoot\System32\ativvaxx.dll 0xBF633000 \SystemRoot\System32\ATMFD.DLL 0xAA7E4000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xAA79C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAA5FC000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys 0xAA5F4000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys 0xAA5EC000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys 0xAA5DC000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys 0xBA450000 \??\C:\Programme\ATKGFNEX\ASMMAP.sys 0xAA31F000 \SystemRoot\system32\drivers\wdmaud.sys 0xAA5BC000 \SystemRoot\system32\drivers\sysaudio.sys 0xAA18A000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xAA0F2000 \SystemRoot\System32\Drivers\Defrag32.SYS 0xBA5D2000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xA9F52000 \SystemRoot\system32\DRIVERS\srv.sys 0xA9A17000 \SystemRoot\System32\Drivers\HTTP.sys 0xA97BE000 \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS 0xBA468000 \??\C:\cofi.exe\catchme.sys 0xBA5E2000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xA9096000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\agkyruob.sys 0xA9EC0000 \SystemRoot\system32\DRIVERS\SiSGbeXP.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Programme\Alcohol Soft\Alcohol 52\Alcoholx.dll Processes (total 55): 0 System Idle Process 4 System 632 C:\WINDOWS\system32\smss.exe 1108 csrss.exe 1140 C:\WINDOWS\system32\winlogon.exe 1184 C:\WINDOWS\system32\services.exe 1196 C:\WINDOWS\system32\lsass.exe 1384 C:\WINDOWS\system32\ati2evxx.exe 1416 C:\WINDOWS\system32\svchost.exe 1528 svchost.exe 1744 C:\WINDOWS\system32\svchost.exe 1788 C:\WINDOWS\system32\svchost.exe 1820 C:\WINDOWS\system32\ati2evxx.exe 280 svchost.exe 512 svchost.exe 808 C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe 824 C:\Programme\ATKGFNEX\GFNEXSrv.exe 1008 C:\WINDOWS\system32\spoolsv.exe 660 C:\WINDOWS\system32\acs.exe 1576 C:\Programme\Avira\AntiVir Desktop\sched.exe 1712 svchost.exe 712 C:\Programme\Avira\AntiVir Desktop\avguard.exe 628 C:\WINDOWS\system32\svchost.exe 456 C:\Programme\Java\jre6\bin\jqs.exe 1080 C:\WINDOWS\system32\svchost.exe 1596 C:\WINDOWS\system32\oodag.exe 2848 C:\WINDOWS\system32\svchost.exe 2936 C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe 3076 C:\WINDOWS\system32\svchost.exe 3116 C:\Programme\Tunngle\TnglCtrl.exe 1088 C:\Programme\ATK Hotkey\HControlUser.exe 524 C:\Programme\ATK Hotkey\HControl.exe 2300 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2440 C:\Programme\ATK Hotkey\MsgTranAgt.exe 2608 C:\Programme\ATKOSD2\ATKOSD2.exe 2760 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3032 C:\Programme\Wireless Console 2\wcourier.exe 3356 C:\WINDOWS\ASScrPro.exe 3532 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 3540 alg.exe 3696 C:\Programme\ATK Hotkey\ATKOSD.exe 4056 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe 1964 C:\Programme\ATK Hotkey\KBFiltr.exe 1980 C:\Programme\DAEMON Tools Lite\DTLite.exe 2568 C:\Programme\ATK Hotkey\WDC.exe 3952 C:\WINDOWS\system32\svchost.exe 4000 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3232 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 7040 C:\WINDOWS\explorer.exe 7004 C:\Programme\Mozilla Firefox\firefox.exe 1168 C:\Programme\Sygate\SPF\Smc.exe 6348 wmiprvse.exe 4760 C:\Programme\Avira\AntiVir Desktop\avcenter.exe 8140 C:\Programme\Mozilla Firefox\plugin-container.exe 6520 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`499f7e00 (NTFS) PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
|
25.03.2011, 10:54
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Hast du noch die Sygate-Firewall drauf? Bitte umgehend deinstallieren, das Teil ist kontraproduktiv und wird auch schon länger nicht mehr gepflegt/mit Updates versorgt. Bitte die Windows-Firewall verwenden!! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.03.2011, 14:30
| #21 |
| | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Sygate ist deinstalliert. Sollte ich mir ZoneAlaram zulegen, diese benutzte ich früher? Jedoch wurde mir Sygate empfohle, da es öfter zu abstürzen von Spielen mit Zonealarm kam. (Aufgrund des Hinweisfensters oder besser gesagt seiner Beschaffenheit als nicht "Windowsfenster"). "delete from storage" kann ich nicht auswählen, habe im Internet auch nichts dazu gefunden, warum das so ist. (siehe Screenshot3) Noch eine Frage zum Schluss: Wie kann ich das Doppelposting verhindern? Ich möchte wirklich nicht den Eindruck vermitteln, dass ich das absichtlich mache um mehr Aufmerksamkeit zu bekommen |
|
25.03.2011, 15:20
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.GenZitat:
Beachte zu OSAM bitte nochmal die Anleitung, bisher klappte das mit dem delte from storage immer.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2011, 17:18
| #23 |
| | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Ich hoffe ich habe alles richtig gemacht. Laut Anleitung sollte nach dem Neustart ein Logfile auftauchen, ist es aber nicht. Daraufhin habe ich einfach auf Savelog geklickt und dieses Log ier gepostet. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 16:50:55 on 25.03.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\PDBoot.exe "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl "Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "adjz2bo1" (adjz2bo1) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\adjz2bo1.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "ASAPIW2K" (ASAPIW2K) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\Drivers\asapiW2k.sys "ASMMAP" (ASMMAP) - ? - C:\Programme\ATKGFNEX\ASMMAP.sys "ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS "ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "ayaqa7ud" (ayaqa7ud) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ayaqa7ud.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "catchme" (catchme) - ? - C:\cofi.exe\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\AsDsm.sys "Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys "Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) (Disabled) "ddxgb" (ddxgb) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ddxgb.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {0cab0400-7395-11d0-a5e5-0020afe2fdd9} "Quick View Plus - ShellExecute Hook" - "Stellent, Inc." - C:\WINDOWS\qvphook.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0F08737-0C36-101B-B086-0020AF07D0F4} "Quick View Plus - Shell Extension object" - "Stellent, Inc." - C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {79BC0345-1015-11D2-A299-006008312725} "Studio.Project" - ? - C:\Programme\Pinnacle\Studio 10\programs\BlueShellExt.dll (File found, but it contains no detailed information) {2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? - (File not found | COM-object registry key not found) {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "CCC.lnk" - "ATI Technologies Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ASUS Camera ScreenSaver" - ? - C:\WINDOWS\ASScrProlog.exe (File found, but it contains no detailed information) "ASUS Screen Saver Protector" - ? - C:\WINDOWS\ASScrPro.exe "ATKHOTKEY" - "ATK0100" - "C:\Programme\ATK Hotkey\Hcontrol.exe" "ATKOSD2" - ? - "C:\Programme\ATKOSD2\ATKOSD2.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "HControlUser" - ? - "C:\Programme\ATK Hotkey\HcontrolUser.exe" "MsgTranAgt" - ? - "C:\Programme\ATK Hotkey\MsgTranAgt.exe" "Power_Gear" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "Wireless Console 2" - ? - "C:\Programme\Wireless Console 2\wcourier.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Atheros Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "ADSM Service" (ADSMService) - ? - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Atheros-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Programme\ATKGFNEX\GFNEXSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe "PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe "TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
25.03.2011, 18:27
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2011, 21:48
| #25 |
| | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen hier von Malewarebytes Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6137 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 25.03.2011 21:40:38 mbam-log-2011-03-25 (21-40-38).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 151440 Laufzeit: 4 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und der SUPERAntiSpyware log SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 03/25/2011 at 09:14 PM Application Version : 4.50.1002 Core Rules Database Version : 6674 Trace Rules Database Version: 4486 Scan type : Complete Scan Total Scan Time : 02:02:55 Memory items scanned : 683 Memory threats detected : 0 Registry items scanned : 8178 Registry threats detected : 0 File items scanned : 163449 File threats detected : 5 Adware.Tracking Cookie C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt media.mtvnservices.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VKWG2G2N ] secure-us.imrworldwide.com [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VKWG2G2N ] Free Porn Videos & Sex Movies - Porno, XXX, Porn Tube and Pussy Porn [ C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VKWG2G2N ] Unclassified.Monitor/ActualSpy C:\PROGRAMME\MG11\SUPPORT\MGGSTR32.DLL |
|
26.03.2011, 18:14
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.GenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2011, 21:24
| #27 |
| | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Oh ich dachte weil ich das vor ein paar Tagen aktualiesiert hätte wäre eh nichts neues dazu gekommen. Hier das Log der aktualisierten Version: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6176 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 26.03.2011 20:19:16 mbam-log-2011-03-26 (20-19-16).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 151776 Laufzeit: 4 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
26.03.2011, 21:57
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.GenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2011, 00:08
| #29 |
| | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Ich glaube das ist das Programm :"MapandGuide". Muss schon vorinstalliert gewesen sein, da ich es nicht installiert habe. Benötige es auch nicht, also kann es von meiner Seite aus im Zweifelsfall gelöscht werden. |
|
27.03.2011, 19:42
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen Machst du bitte noch einen Vollscan mit Malwarebytes? Ich hab immer einen Vollscan sehen wollen, du hast aber immer nur Quickscans gemacht! Und vor jedem Scan musst du Malwarebytes updaten!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu AntiVir zeigt Fund des Trojaners TR/Crypt.XPACK.Gen |
| anti-malware, antivir, chronik, computer, datei, dateien, ergebnis, explorer, fehlermeldungen, folge, forum, fund, laptop, load.exe, löschen, malwarebytes, microsoft, neuinstallation, nicht mehr, programme, pup.hacktool.loic, scan, software, system volume information, tipps, tr/crypt.xpack.ge, tr/crypt.xpack.gen, zugriff |
Linear-Darstellung
