| |
| |||||||
Log-Analyse und Auswertung: System Defragmenter: Daten verschwunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.04.2011, 12:59
| #11 |
| |  System Defragmenter: Daten verschwunden. Ok, Hier GMER-log: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-15 13:42:40
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 3yibmmgo.exe; Driver: C:\Users\mike\AppData\Local\Temp\kxtdypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A75339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:55:08 on 15.04.2011 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000Core.job" - "Google Inc." - C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000UA.job" - "Google Inc." - C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\mike\AppData\Local\Temp\catchme.sys (File not found) "Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\Program Files\Launch Manager\DPortIO.sys "kxtdypow" (kxtdypow) - ? - C:\Users\mike\AppData\Local\Temp\kxtdypow.sys (Hidden registry entry, rootkit activity | File not found) "Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt (File found, but it contains no detailed information) "nvlddmkm" (nvlddmkm) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvlddmkm.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} "IVB Shl Ext" - ? - (File not found | COM-object registry key not found) {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "Google Update" - "Google Inc." - "C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 "ManyCam" - "ManyCam LLC" - "C:\Program Files\ManyCam\Bin\ManyCam.exe" /silent "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\herrbert.exe" /runcleanupscript "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe (File found, but it contains no detailed information) "Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe "Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (File found, but it contains no detailed information) "Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (File found, but it contains no detailed information) "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck-log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5520
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 206):
0x82A37000 \SystemRoot\system32\ntkrnlpa.exe
0x82A00000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x88606000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x88611000 \SystemRoot\system32\PSHED.dll
0x88622000 \SystemRoot\system32\BOOTVID.dll
0x8862A000 \SystemRoot\system32\CLFS.SYS
0x8866C000 \SystemRoot\system32\CI.dll
0x88717000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88788000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88796000 \SystemRoot\system32\drivers\ACPI.sys
0x887DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x887E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x88828000 \SystemRoot\system32\drivers\pci.sys
0x88852000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8885D000 \SystemRoot\System32\drivers\partmgr.sys
0x8886E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88876000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88881000 \SystemRoot\system32\drivers\volmgr.sys
0x88891000 \SystemRoot\System32\drivers\volmgrx.sys
0x888DC000 \SystemRoot\system32\drivers\pciide.sys
0x888E3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x888F1000 \SystemRoot\System32\drivers\mountmgr.sys
0x88907000 \SystemRoot\system32\drivers\vmbus.sys
0x88931000 \SystemRoot\system32\drivers\winhv.sys
0x88943000 \SystemRoot\system32\drivers\atapi.sys
0x8894C000 \SystemRoot\system32\drivers\ataport.SYS
0x8896F000 \SystemRoot\system32\drivers\amdxata.sys
0x88978000 \SystemRoot\system32\drivers\fltmgr.sys
0x889AC000 \SystemRoot\system32\drivers\fileinfo.sys
0x88A18000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B47000 \SystemRoot\System32\Drivers\msrpc.sys
0x88B72000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88B85000 \SystemRoot\System32\Drivers\cng.sys
0x88BE2000 \SystemRoot\System32\drivers\pcw.sys
0x88BF0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88C07000 \SystemRoot\system32\drivers\ndis.sys
0x88CBE000 \SystemRoot\system32\drivers\NETIO.SYS
0x88CFC000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88E04000 \SystemRoot\System32\drivers\tcpip.sys
0x88F4E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88F7F000 \SystemRoot\system32\drivers\vmstorfl.sys
0x88F88000 \SystemRoot\system32\drivers\volsnap.sys
0x88FC7000 \SystemRoot\System32\Drivers\spldr.sys
0x88FCF000 \SystemRoot\System32\drivers\rdyboost.sys
0x88D21000 \SystemRoot\System32\Drivers\mup.sys
0x88D31000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88D39000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88D6B000 \SystemRoot\system32\DRIVERS\disk.sys
0x88D7C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88DD3000 \SystemRoot\system32\drivers\cdrom.sys
0x88DF2000 \SystemRoot\System32\Drivers\Null.SYS
0x88DF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x88A00000 \SystemRoot\System32\drivers\vga.sys
0x889BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x889DE000 \SystemRoot\System32\drivers\watchdog.sys
0x88A0C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x889EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x889F3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88800000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8880B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DA14000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DA2B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DA37000 \SystemRoot\system32\drivers\afd.sys
0x8DA91000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DAC3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8DACA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DAE9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8DAFA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DB08000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x8DB43000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DB56000 \SystemRoot\system32\drivers\termdd.sys
0x8DB67000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8DB6D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DBAE000 \??\C:\Program Files\Launch Manager\DPortIO.sys
0x8DBB2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DBBC000 \SystemRoot\system32\drivers\mssmbios.sys
0x8DBC6000 \SystemRoot\System32\drivers\discache.sys
0x90617000 \SystemRoot\system32\drivers\csc.sys
0x9067B000 \SystemRoot\System32\Drivers\dfsc.sys
0x90693000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x906A1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x906C7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x906E8000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x906FA000 \SystemRoot\system32\drivers\wmiacpi.sys
0x90703000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90707000 \SystemRoot\system32\DRIVERS\enecir.sys
0x90719000 \SystemRoot\system32\drivers\i8042prt.sys
0x90731000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x9073B000 \SystemRoot\system32\drivers\kbdclass.sys
0x90748000 \SystemRoot\system32\drivers\mouclass.sys
0x90755000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x90758000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90762000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x907AD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x907BC000 \SystemRoot\system32\drivers\HDAudBus.sys
0x8DBD2000 \SystemRoot\system32\drivers\1394ohci.sys
0x907DB000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x907EA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x93A0F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x93A60000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x95023000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x95984000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9483D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x948F4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95A26000 \SystemRoot\system32\DRIVERS\athr.sys
0x95B36000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x95B40000 \SystemRoot\system32\drivers\CompositeBus.sys
0x95B4D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x95B5F000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x95B6F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x95B87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95B92000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x95BB4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x95BCC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x95BE3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x95A00000 \SystemRoot\system32\DRIVERS\taphss.sys
0x95A07000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x95A11000 \SystemRoot\system32\drivers\swenum.sys
0x9492D000 \SystemRoot\system32\drivers\ks.sys
0x95A13000 \SystemRoot\system32\DRIVERS\circlass.sys
0x94961000 \SystemRoot\system32\drivers\umbus.sys
0x9496F000 \SystemRoot\system32\drivers\usbhub.sys
0x949B3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x95986000 \SystemRoot\system32\drivers\HdAudio.sys
0x949C4000 \SystemRoot\system32\drivers\portcls.sys
0x94800000 \SystemRoot\system32\drivers\drmk.sys
0x94819000 \SystemRoot\system32\DRIVERS\hidir.sys
0x94828000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x949F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x959D6000 \SystemRoot\system32\drivers\kbdhid.sys
0x959E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97650000 \SystemRoot\System32\win32k.sys
0x959ED000 \SystemRoot\System32\drivers\Dxapi.sys
0x95000000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9500D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95018000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93B5D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93B6E000 \SystemRoot\system32\drivers\usbccgp.sys
0x95A21000 \SystemRoot\system32\drivers\USBD.SYS
0x93B85000 \SystemRoot\system32\drivers\usbaudio.sys
0x93B99000 \SystemRoot\system32\drivers\hidusb.sys
0x93BA4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93BBB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93BC6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x978B0000 \SystemRoot\System32\TSDDD.dll
0x978E0000 \SystemRoot\System32\cdd.dll
0x88DA1000 \SystemRoot\system32\drivers\luafv.sys
0x93BEA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8D031000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D04B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D05B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D0A1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D0B1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D0C4000 \SystemRoot\system32\drivers\HTTP.sys
0x8D149000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8D162000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D174000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D197000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D1D2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B026000 \SystemRoot\system32\drivers\peauth.sys
0x9B0BD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B0C7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B0E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B15F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B62D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B683000 \??\C:\Users\mike\AppData\Local\Temp\kxtdypow.sys
0x76ED0000 \Windows\System32\ntdll.dll
0x48020000 \Windows\System32\smss.exe
0x77110000 \Windows\System32\apisetschema.dll
0x000C0000 \Windows\System32\autochk.exe
0x77060000 \Windows\System32\advapi32.dll
0x77040000 \Windows\System32\sechost.dll
0x77030000 \Windows\System32\nsi.dll
0x77020000 \Windows\System32\lpk.dll
0x76E40000 \Windows\System32\oleaut32.dll
0x76DE0000 \Windows\System32\difxapi.dll
0x76DC0000 \Windows\System32\imm32.dll
0x76D60000 \Windows\System32\shlwapi.dll
0x76B60000 \Windows\System32\iertutil.dll
0x769C0000 \Windows\System32\setupapi.dll
0x76940000 \Windows\System32\comdlg32.dll
0x76890000 \Windows\System32\rpcrt4.dll
0x77010000 \Windows\System32\normaliz.dll
0x75C40000 \Windows\System32\shell32.dll
0x75BB0000 \Windows\System32\clbcatq.dll
0x75B70000 \Windows\System32\ws2_32.dll
0x75AA0000 \Windows\System32\user32.dll
0x75960000 \Windows\System32\urlmon.dll
0x75800000 \Windows\System32\ole32.dll
0x75760000 \Windows\System32\usp10.dll
0x75730000 \Windows\System32\imagehlp.dll
0x75720000 \Windows\System32\psapi.dll
0x75620000 \Windows\System32\wininet.dll
0x755D0000 \Windows\System32\gdi32.dll
0x754F0000 \Windows\System32\kernel32.dll
0x754A0000 \Windows\System32\Wldap32.dll
0x753F0000 \Windows\System32\msvcrt.dll
0x75320000 \Windows\System32\msctf.dll
0x75290000 \Windows\System32\comctl32.dll
0x75260000 \Windows\System32\cfgmgr32.dll
0x75210000 \Windows\System32\KernelBase.dll
0x751F0000 \Windows\System32\devobj.dll
0x751C0000 \Windows\System32\wintrust.dll
0x750A0000 \Windows\System32\crypt32.dll
0x75090000 \Windows\System32\msasn1.dll
Processes (total 57):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
396 csrss.exe
464 C:\Windows\System32\wininit.exe
476 csrss.exe
512 C:\Windows\System32\services.exe
528 C:\Windows\System32\lsass.exe
536 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\nvvsvc.exe
788 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\winlogon.exe
1384 C:\Windows\System32\spoolsv.exe
1424 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1516 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\nvvsvc.exe
1748 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1824 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
1856 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
1888 C:\Program Files\Hotspot Shield\bin\hsswd.exe
1972 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
240 C:\Windows\System32\conhost.exe
416 C:\Windows\System32\svchost.exe
932 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1456 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2336 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\taskhost.exe
2732 C:\Windows\System32\dwm.exe
2776 C:\Windows\explorer.exe
3156 C:\Program Files\Launch Manager\LManager.exe
3204 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3232 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3252 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3300 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4024 C:\Windows\System32\SearchIndexer.exe
3004 C:\Program Files\Windows Media Player\wmpnetwk.exe
1636 C:\Windows\System32\svchost.exe
4264 dllhost.exe
4468 C:\Program Files\Hotspot Shield\bin\openvpntray.exe
4920 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
4948 C:\Windows\System32\svchost.exe
712 C:\Users\mike\Downloads\3yibmmgo.exe
1588 C:\Program Files\Mozilla Firefox\firefox.exe
3472 C:\Windows\System32\audiodg.exe
5808 C:\Windows\System32\SearchProtocolHost.exe
4904 C:\Windows\System32\SearchFilterHost.exe
2604 C:\Windows\explorer.exe
1648 C:\Users\mike\Downloads\MBRCheck.exe
2912 C:\Windows\System32\conhost.exe
3656 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`35100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
PhysicalDrive1 Model Number: WDC WD1600BEVE-00UYT0, Rev:
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
149 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
| Themen zu System Defragmenter: Daten verschwunden. |
| adobe, antivir, autorun, avg, avgntflt.sys, avira, bho, dateien verschwunden, daten verschwunden, defender, explorer, firefox, flash player, format, ftp, google, helper, home, hotspot, hotspot shield, install.exe, langs, launch, location, logfile, mozilla, nexus, nicht gefunden, nvlddmkm.sys, oldtimer, openvpn, otl.exe, plug-in, rarsfx0, registry, rundll, saver, sched.exe, searchplugins, security, shell32.dll, software, start menu, studio, system, taskhost.exe, teamspeak, temp, trojan.agent.u, viren, webcheck |
Baum-Darstellung