| |
| |||||||
Log-Analyse und Auswertung: Windows recovery trojaner weg?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
27.04.2011, 07:55
| #1 |
 |  Windows recovery trojaner weg? Hallo cosinus, vielen Dank für Deine Mühen und Respekt, dass Du für die Laien im Forum Deine Freizeit opferst. Hier die unterschiedlichen logs: Nach zwei Fehlversuchen ist er beim dritten Mal durchgekommen (Windows Firewall und Antivir-Guard waren dabei aus): GMER: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-27 08:37:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: x25y5w5z.exe; Driver: C:\Users\julsch\AppData\Local\Temp\pfliqpoc.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 8706BBF8
INT 0x82 ? 8706BBF8
INT 0x92 ? 8706BBF8
INT 0xA2 ? 8532BBF8
INT 0xA2 ? 8532BBF8
INT 0xA2 ? 8532BBF8
INT 0xA2 ? 8706BBF8
INT 0xA2 ? 8706BBF8
INT 0xA2 ? 8532ABF8
INT 0xA2 ? 8532ABF8
INT 0xA2 ? 8532ABF8
INT 0xA2 ? 8706BBF8
INT 0xA2 ? 8532BBF8
INT 0xB2 ? 8706BBF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spfh.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8B38041B 5 Bytes JMP 8706B1D8
.text a3hba094.SYS 8B3A7000 22 Bytes [82, 13, 1C, 83, 6C, 12, 1C, ...]
.text a3hba094.SYS 8B3A7017 137 Bytes [00, 32, C7, 78, 80, 3D, C5, ...]
.text a3hba094.SYS 8B3A70A1 43 Bytes JMP E4867482
.text a3hba094.SYS 8B3A70CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a3hba094.SYS 8B3A70DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D6] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690042] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690800] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900C0] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013E] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069FB90] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortWritePortUchar] 838B3CDF
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8B3CB0
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 860EF1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys
Device \Driver\volmgr \Device\VolMgrControl 8532D1F8
Device \Driver\usbuhci \Device\USBPDO-0 870D91F8
Device \Driver\usbuhci \Device\USBPDO-1 870D91F8
Device \Driver\usbuhci \Device\USBPDO-2 870D91F8
Device \Driver\usbehci \Device\USBPDO-3 870DD1F8
Device \Driver\PCI_PNP9219 \Device\00000054 spfh.sys
Device \Driver\usbuhci \Device\USBPDO-4 870D91F8
Device \Driver\usbuhci \Device\USBPDO-5 870D91F8
Device \Driver\usbuhci \Device\USBPDO-6 870D91F8
Device \Driver\volmgr \Device\HarddiskVolume1 8532D1F8
Device \Driver\usbehci \Device\USBPDO-7 870DD1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8532D1F8
Device \Driver\cdrom \Device\CdRom0 870821F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 860ED1F8
Device \Driver\atapi \Device\Ide\IdePort0 860ED1F8
Device \Driver\atapi \Device\Ide\IdePort1 860ED1F8
Device \Driver\atapi \Device\Ide\IdePort2 860ED1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 860ED1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 860EE1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 860EE1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 860EE1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8532D1F8
Device \Driver\cdrom \Device\CdRom1 870821F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8AB8F3D0
Device \Driver\Smb \Device\NetbiosSmb 8AD851F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0A768961-F322-4E8B-9C44-CC27116F4786} 8AB8F3D0
Device \Driver\sptd \Device\426591231 spfh.sys
Device \Driver\iScsiPrt \Device\RaidPort0 8725D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{8420A3BA-D7CD-420A-AF1C-D7C06C0DC783} 8AB8F3D0
Device \Driver\usbuhci \Device\USBFDO-0 870D91F8
Device \Driver\usbuhci \Device\USBFDO-1 870D91F8
Device \Driver\usbuhci \Device\USBFDO-2 870D91F8
Device \Driver\usbehci \Device\USBFDO-3 870DD1F8
Device \Driver\usbuhci \Device\USBFDO-4 870D91F8
Device \Driver\netbt \Device\NetBT_Tcpip_{5A88F94D-5C63-4254-9338-8DE99611111A} 8AB8F3D0
Device \Driver\usbuhci \Device\USBFDO-5 870D91F8
Device \Driver\usbuhci \Device\USBFDO-6 870D91F8
Device \Driver\usbehci \Device\USBFDO-7 870DD1F8
Device \Driver\a3hba094 \Device\Scsi\a3hba0941 87343500
Device \Driver\a3hba094 \Device\Scsi\a3hba0941Port7Path0Target0Lun0 87343500
Device \Driver\JMCR \Device\Scsi\JMCR1 870C71F8
Device \Driver\JMCR \Device\Scsi\JMCR2 870C71F8
Device \Driver\JMCR \Device\Scsi\JMCR3 870C71F8
Device \FileSystem\cdfs \Cdfs 90C211F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fcc8ae
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fcc8ae@0018af6e0087 0xF1 0xEB 0xFA 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fcc8ae@00265f4856d4 0xCF 0xDD 0xE1 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE3 0xF3 0xC4 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0x68 0x82 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x23 0x73 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x5B 0xAC 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6Iaid 268441322
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6Iaid 386007124
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6Iaid 352327236
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6Iaid 218104589
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\BTHPORT\Parameters\Keys\001644fcc8ae
Reg HKLM\SYSTEM\ControlSet107\Services\BTHPORT\Parameters\Keys\001644fcc8ae@0018af6e0087 0xF1 0xEB 0xFA 0x35 ...
Reg HKLM\SYSTEM\ControlSet107\Services\BTHPORT\Parameters\Keys\001644fcc8ae@00265f4856d4 0xCF 0xDD 0xE1 0xCB ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE3 0xF3 0xC4 0x59 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0x68 0x82 0x23 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x23 0x73 0x73 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x5B 0xAC 0x54 ...
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6Iaid 268441322
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6Iaid 386007124
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6Iaid 352327236
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6Iaid 218104589
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
---- EOF - GMER 1.0.15 ----
Hier das OSAM-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 08:45:16 on 27.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Norton Security Scan for julsch.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a3hba094" (a3hba094) - "Microsoft Corporation" - C:\Windows\system32\drivers\a3hba094.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\julsch\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "ECS ECDeject Port I/O" (ECDejectPortIO) - "Dritek System Inc." - C:\PROGRA~1\ECDeject\ECDejectIO.sys "GpdDevDPort" (GpdDevDPort) - ? - C:\Windows\system32\directport.sys (File found, but it contains no detailed information) "GpdKbFilter" (GpdKbFilter) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\kbfiltr.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pfliqpoc" (pfliqpoc) - ? - C:\Users\julsch\AppData\Local\Temp\pfliqpoc.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "USB to Serial Bridge Controller" (usb2vcom) - ? - C:\Windows\System32\Drivers\usb2vcom.sys "zlportio" (zlportio) - ? - C:\Program Files\UltraStar Deluxe\zlportio.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Julsch Programme\Word 2002\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\JULSCH~1\WORD20~1\OFFICE11\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\julsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - D:\Julsch Programme\Word 2002\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe" - "TomTom" - "C:\programme\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "ECDeject" - "Dritek System Inc." - C:\PROGRA~1\ECDeject\CDeject.exe "FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe "OSD" - "ODM" - C:\Program Files\OEM\OSD_1.16\osd.exe "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "UIExec" - ? - "C:\Program Files\Join Air\UIExec.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9c7585d398cd5)" (gupdate1c9c7585d398cd5) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "OSD Service" (OsdService) - "TODO: <公司名稱>" - C:\Program Files\OEM\OSD_1.16\OsdService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\programme\TomTom HOME 2\TomTomHOMEService.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\Join Air\AssistantServices.exe (File found, but it contains no detailed information) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Si 3655
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 153):
0x82E00000 \SystemRoot\system32\ntkrnlpa.exe
0x831BA000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spfh.sys
0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B0000 \SystemRoot\system32\drivers\acpi.sys
0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys
0x805B6000 \SystemRoot\system32\drivers\pci.sys
0x805DD000 \SystemRoot\System32\drivers\partmgr.sys
0x80600000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805EC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AE0C000 \SystemRoot\system32\drivers\volmgr.sys
0x8AE1B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AE65000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AE75000 \SystemRoot\system32\drivers\atapi.sys
0x8AE7D000 \SystemRoot\system32\drivers\ataport.SYS
0x8AE9B000 \SystemRoot\system32\drivers\msahci.sys
0x8AEA5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AEB3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AEE5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AEF5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8AEFE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B003000 \SystemRoot\system32\drivers\ndis.sys
0x8B10E000 \SystemRoot\system32\drivers\msrpc.sys
0x8B139000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B20E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B2FB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B405000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B515000 \SystemRoot\system32\drivers\volsnap.sys
0x8B54E000 \SystemRoot\System32\Drivers\spldr.sys
0x8B556000 \SystemRoot\System32\Drivers\mup.sys
0x8B565000 \SystemRoot\System32\drivers\ecache.sys
0x8B58C000 \SystemRoot\system32\drivers\disk.sys
0x8B59D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B5E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FB2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FBCA000 \SystemRoot\System32\drivers\watchdog.sys
0x8B316000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x8FBD6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B350000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FBE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AF6F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE08000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x9018F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9019F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x901AD000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x901C2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x901DC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x901E0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x901F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FBF0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B38E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B3A6000 \SystemRoot\System32\Drivers\a3hba094.SYS
0x8B3DF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B174000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8B192000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9040A000 \SystemRoot\system32\DRIVERS\storport.sys
0x9044B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90456000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9046D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90478000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9049B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x904AA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x904BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x904D3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x904E3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x904E5000 \SystemRoot\system32\DRIVERS\ks.sys
0x9050F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90519000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90526000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9055B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90603000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9088C000 \SystemRoot\system32\drivers\portcls.sys
0x908B9000 \SystemRoot\system32\drivers\drmk.sys
0x908DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x908E7000 \SystemRoot\System32\Drivers\Null.SYS
0x908EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x908FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90905000 \SystemRoot\System32\drivers\vga.sys
0x90911000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90932000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9093A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90942000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9094D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9095B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90964000 \SystemRoot\system32\DRIVERS\tdx.sys
0x905EC000 \SystemRoot\system32\DRIVERS\smb.sys
0x90E0D000 \SystemRoot\system32\drivers\afd.sys
0x90E55000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90E87000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90E9D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EAB000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x90EAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90EC0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90EC6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F02000 \??\C:\PROGRA~1\ECDeject\ECDejectIO.sys
0x90F06000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F10000 \SystemRoot\System32\Drivers\dfsc.sys
0x90F27000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90F4D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90F4F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90F5C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90F67000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x98CF0000 \SystemRoot\System32\win32k.sys
0x90F71000 \SystemRoot\System32\drivers\Dxapi.sys
0x90F7B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98F10000 \SystemRoot\System32\TSDDD.dll
0x98F30000 \SystemRoot\System32\cdd.dll
0x90F8A000 \SystemRoot\system32\drivers\luafv.sys
0x90FA5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x81609000 \SystemRoot\system32\drivers\spsys.sys
0x816B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x816C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x816F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x816FD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81710000 \SystemRoot\system32\drivers\HTTP.sys
0x8177D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8179A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x817B3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x817C8000 \SystemRoot\system32\drivers\mrxdav.sys
0x90FBA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B1C1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x90FD9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD80C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD834000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD883000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xAD913000 \SystemRoot\system32\drivers\peauth.sys
0xAD9F1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD800000 \SystemRoot\System32\drivers\tcpipreg.sys
0x817E9000 \??\C:\Windows\system32\directport.sys
0x817F1000 \??\C:\Windows\system32\kbfiltr.sys
0x8B5C7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9097A000 \??\C:\Users\julsch\AppData\Local\Temp\pfliqpoc.sys
0x90FF1000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9056C000 \SystemRoot\System32\Drivers\bthport.sys
0xAD9FB000 \SystemRoot\System32\Drivers\USBD.SYS
0x90993000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x90E00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x909BC000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x909D6000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x909E5000 \SystemRoot\system32\drivers\modem.sys
0x77460000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
Processes (total 62):
0 System Idle Process
4 System
540 C:\Windows\System32\smss.exe
608 csrss.exe
652 C:\Windows\System32\wininit.exe
660 csrss.exe
696 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\winlogon.exe
928 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\svchost.exe
1796 C:\Windows\System32\spoolsv.exe
1828 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1840 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\dwm.exe
392 C:\Windows\explorer.exe
484 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
588 C:\Windows\System32\svchost.exe
724 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
936 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1544 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
792 C:\Program Files\OEM\OSD_1.16\OsdService.exe
2120 C:\Windows\System32\IoctlSvc.exe
2180 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\svchost.exe
2276 C:\Windows\System32\taskeng.exe
2288 C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
2304 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2384 C:\Program Files\Join Air\AssistantServices.exe
2400 C:\Windows\System32\svchost.exe
2424 C:\Windows\System32\SearchIndexer.exe
2764 C:\Windows\System32\taskeng.exe
3228 C:\Program Files\ECDeject\CDeject.exe
3244 C:\Program Files\OEM\OSD_1.16\osd.exe
3252 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3276 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3448 C:\Windows\System32\hkcmd.exe
3472 C:\Windows\System32\igfxsrvc.exe
3500 C:\Windows\System32\igfxpers.exe
3556 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3584 C:\Program Files\Join Air\UIExec.exe
3596 C:\Windows\ehome\ehtray.exe
3624 C:\Program Files\Windows Media Player\wmpnscfg.exe
3736 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3792 C:\Windows\ehome\ehmsas.exe
3864 C:\Program Files\Windows Media Player\wmpnetwk.exe
712 C:\Program Files\ECDeject\Mngrecd.exe
2100 C:\Windows\System32\svchost.exe
4064 C:\Windows\System32\SearchProtocolHost.exe
3900 C:\Windows\System32\SearchFilterHost.exe
1344 C:\Users\julsch\Desktop\MBRCheck.exe
3604 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`3fc00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
 |
|
| Themen zu Windows recovery trojaner weg? |
| .dll, 0x00000001, adobe, antivir, avgntflt.sys, avira, bho, ccsetup, defender, desktop, downloader, error, excel, excel.exe, explorer, firefox, frage, helper, home, intranet, location, log-file, logfile, mozilla, nicht sicher, oldtimer, otl.exe, pdf, plug-in, registry, scan, sched.exe, searchplugins, software, sptd.sys, staropen, start menu, system wiederherstellung, trojaner, vista, windows |
Hybrid-Darstellung
