| |
| |||||||
Log-Analyse und Auswertung: Befall mit MS Removal ToolWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
18.04.2011, 21:48
| #1 |
 |  Befall mit MS Removal Tool Hallo Cosinus, hier einmal das GMER Protokoll GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 22:45:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD3000JS-60PDB0 rev.21.00M21
Running: xtbmh6xx.exe; Driver: C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys
---- System - GMER 1.0.15 ----
SSDT F7C91256 ZwCreateKey
SSDT F7C9124C ZwCreateThread
SSDT F7C9125B ZwDeleteKey
SSDT F7C91265 ZwDeleteValueKey
SSDT spkg.sys ZwEnumerateKey [0xF7381DA4]
SSDT spkg.sys ZwEnumerateValueKey [0xF7382132]
SSDT F7C9126A ZwLoadKey
SSDT spkg.sys ZwOpenKey [0xF73690C0]
SSDT F7C91238 ZwOpenProcess
SSDT F7C9123D ZwOpenThread
SSDT spkg.sys ZwQueryKey [0xF738220A]
SSDT spkg.sys ZwQueryValueKey [0xF738208A]
SSDT F7C91274 ZwReplaceKey
SSDT F7C9126F ZwRestoreKey
SSDT F7C91260 ZwSetValueKey
INT 0x73 ? 873D8BF8
INT 0x73 ? 873D8BF8
INT 0x73 ? 873D8BF8
INT 0x82 ? 873D8BF8
INT 0x83 ? 873D8BF8
INT 0x83 ? 873D8BF8
INT 0xB4 ? 870A9BF8
INT 0xB4 ? 870A9BF8
INT 0xB4 ? 870A9BF8
INT 0xB4 ? 870A9BF8
---- Kernel code sections - GMER 1.0.15 ----
? spkg.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF60F93A0, 0x5CC259, 0xE8000020]
.text USBPORT.SYS!DllUnload F60DA62C 5 Bytes JMP 870A91D8
.text adrqkzvc.SYS F5F9B386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text adrqkzvc.SYS F5F9B3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text adrqkzvc.SYS F5F9B3C4 3 Bytes [00, 80, 02]
.text adrqkzvc.SYS F5F9B3C9 1 Byte [30]
.text adrqkzvc.SYS F5F9B3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F736A042] spkg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F736A13E] spkg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F736A0C0] spkg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F736A800] spkg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F736A6D6] spkg.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7379B90] spkg.sys
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\adrqkzvc.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 873D71F8
Device \FileSystem\Fastfat \FatCdrom 86CD5500
Device \Driver\usbohci \Device\USBPDO-0 871661F8
Device \Driver\usbohci \Device\USBPDO-1 871661F8
Device \Driver\usbehci \Device\USBPDO-2 8709D1F8
Device \Driver\PCI_PNP5502 \Device\00000049 spkg.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 873681F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Ftdisk \Device\HarddiskVolume2 873681F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Cdrom \Device\CdRom0 8714F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-1d 873D81F8
Device \Driver\atapi \Device\Ide\IdePort0 873D81F8
Device \Driver\atapi \Device\Ide\IdePort1 873D81F8
Device \Driver\atapi \Device\Ide\IdePort2 873D81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 873D81F8
Device \Driver\atapi \Device\Ide\IdePort3 873D81F8
Device \Driver\atapi \Device\Ide\IdePort4 873D81F8
Device \Driver\atapi \Device\Ide\IdePort5 873D81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-15 873D81F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 873681F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Cdrom \Device\CdRom1 8714F1F8
Device \Driver\Cdrom \Device\CdRom2 8714F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D2E109DD-DF7F-452A-A8B2-B2839DB0668E} 8712B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 873681F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Ftdisk \Device\HarddiskVolume5 873681F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8712B1F8
Device \Driver\usbstor \Device\00000077 86DBE500
Device \Driver\sbp2port \Device\Sbp2Port0 873661F8
Device \Driver\usbstor \Device\00000079 86DBE500
Device \Driver\NetBT \Device\NetbiosSmb 8712B1F8
Device \Driver\usbohci \Device\USBFDO-0 871661F8
Device \Driver\usbstor \Device\0000007a 86DBE500
Device \Driver\sbp2port \Device\Sbp2\Maxtor&OneTouch&0&0010b902_1143a57e_Instance00 873661F8
Device \Driver\usbohci \Device\USBFDO-1 871661F8
Device \Driver\sptd \Device\578995502 spkg.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 870201F8
Device \Driver\usbstor \Device\0000007b 86DBE500
Device \Driver\usbehci \Device\USBFDO-2 8709D1F8
Device \Driver\usbstor \Device\0000007c 86DBE500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 870201F8
Device \Driver\Ftdisk \Device\FtControl 873681F8
Device \Driver\adrqkzvc \Device\Scsi\adrqkzvc1 8704E1F8
Device \Driver\adrqkzvc \Device\Scsi\adrqkzvc1Port6Path0Target0Lun0 8704E1F8
Device \FileSystem\Fastfat \Fat 86CD5500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86B60500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xB3 0x7A 0x8D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x49 0x80 0xDA 0xBE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x04 0x62 0xB2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBC 0xEF 0xAE 0x01 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1E 0x5D 0xD1 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xB3 0x7A 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x49 0x80 0xDA 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x04 0x62 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBC 0xEF 0xAE 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x07 0x51 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x43 0x53 0x60 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0x87 0xE4 0x31 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD2 0xB4 0xEF 0x98 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xB3 0x7A 0x8D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x49 0x80 0xDA 0xBE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x04 0x62 0xB2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBC 0xEF 0xAE 0x01 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x07 0x51 0x70 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xB3 0x7A 0x8D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x49 0x80 0xDA 0xBE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x04 0x62 0xB2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBC 0xEF 0xAE 0x01 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2A 0xFA 0x33 0x6D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xB3 0x7A 0x8D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x49 0x80 0xDA 0xBE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x04 0x62 0xB2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBC 0xEF 0xAE 0x01 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x07 0x51 0x70 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xB3 0x7A 0x8D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x49 0x80 0xDA 0xBE ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x04 0x62 0xB2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBC 0xEF 0xAE 0x01 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA6 0x0A 0x34 0x51 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xB3 0x7A 0x8D ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x49 0x80 0xDA 0xBE ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDA 0x04 0x62 0xB2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xBC 0xEF 0xAE 0x01 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x07 0x51 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1066491580
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1405549899
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x43 0x3A 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0xB8 0xFE 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x2D 0x7B 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0x70 0x39 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x07 0x51 0x70 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEA 0x43 0x3A 0x8C ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0xB8 0xFE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x2D 0x7B 0x75 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0x70 0x39 0x36 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xD8 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5B 0xE0 0x86 0xE1 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x07 0x51 0x70 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 8131FEED8ADE7770EA81CE007E7FAECCE424F058BA0BAC533658E52C7169C07760FDE1E9C20055A8017131834D18BD6E80FBEBD6FCD05392954FFE9CBEAADCD6139877EEEC9D55458A19B1571FB9EA8A3859C4F3C567695A4BE6CD2786A4DBF1702180FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A6171C11EC38DE3DA9C6AECB7A5D1407375677568B63E0E7F24DF3B03D8110D6E4989672B4AF782D8193B197BAD230D2F873CBFB4BC53F7A69B2728990E864B7234A082D6A06F762F7B731AD10FEDB4AA159C2BD30CBF53B3010CFF0B6D1435610403D738C7A722E9A92E797FBAE15C4B913DDB3928EDBC696949ECBA107E529656D7993C62E21842BFAEC3303F937D2AAFDA4E8EEB90B6AD24377F467EA475BBF1A055664D8020ECF9DD8D34D0CE039C6CCA1DD638DE2A7FAF276B7BEF2A8CC21622FF3D84253A514FB4941A224F272BE03630835DD09370E4DB95507278E916E36459AB9CB1DDEE46A6035F415152CAC7C7B4DCC136081EAD1E404BF27BFF0F2599EED4265277B969144DF55C731C80AE6040B34AA1827D55422EB0D2249E559631282CD967FF55DEF9CE37B3574DAB64213111DB39D79F7F89929B95E7A21343FFD6260F8767954D318D6C06ED0AEF566C923D953A27EDBBD7ECE3
Reg HKLM\SOFTWARE\Classes\Interface\[1B56252A-1BB6-4970-B0FB-31B24AA9C1D0}@ ILicHelper
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57473AFE-2DF8-4343-006E-1C3B1560CD34}
---- EOF - GMER 1.0.15 ----
|
|
18.04.2011, 21:52
| #2 |
| | Befall mit MS Removal Tool Dann haben wir OSAM
__________________OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:01:02 on 17.04.2011 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BDEADMIN.CPL" - ? - C:\WINDOWS\system32\BDEADMIN.CPL "cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl "Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "pcdhdm.cpl" - ? - C:\WINDOWS\system32\pcdhdm.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a8e8xgzf" (a8e8xgzf) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a8e8xgzf.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DatSecNT" (DatSecNT) - ? - C:\WINDOWS\system32\drivers\DatSecNT.sys (File not found) "DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - ? - C:\WINDOWS\System32\Drivers\dsltestSp5.sys (File not found) "Hauppauge WinTV 848/9 WDM Video Driver" (HCWBT8XX) - "Hauppauge Computer Works" - C:\WINDOWS\System32\drivers\HCWBT8XX.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kxtcifob" (kxtcifob) - ? - C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{8A863ACB-F5F6CC6A-05010003}) - "PC-Doctor, Inc." - C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Revoflt" (Revoflt) - "VS Revo Group" - C:\WINDOWS\System32\DRIVERS\revoflt.sys "SASKUTIL" (SASKUTIL) - ? - C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys "vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\system32\erasext.dll {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\DOKUME~1\ALLUSE~1\ANWEND~1\AllDup\FEShlExt.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {E6AE80F1-1D7E-11d1-931A-00C0F01AA56D} "Kremlin Shell Extension" - ? - C:\Programme\Mach5 Software\Kremlin\KremShl.dll (File found, but it contains no detailed information) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} "RUShellExt Class" - "VS Revo Group" - C:\Programme\VS Revo Group\Revo Uninstaller Pro\RUExt.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - ? - (File not found | COM-object registry key not found) {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\system32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found) ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "{00000000-5736-4205-0008-F7ED0776FB27}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - ? - C:\Programme\Java\jre6\bin\npjpi160_16.dll (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {6E718D87-6909-4FCE-92D4-EDCB2F725727} "Navigram Control" - "Navigram" - C:\Programme\Navigram\NavigramEngine\navigram.ocx / hxxp://www.navigram.com/engine/v1025/Navigram.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} "{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}" - ? - (File not found | COM-object registry key not found) / hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Hilfe zu Verbindungen" - ? - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet "PCDrSmartMonitor" - ? - "C:\Programme\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r (File found, but it contains no detailed information) "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "AVerRemote" (AVerRemote) - "AVerMedia" - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe "AVerScheduleService" (AVerScheduleService) - ? - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Personal – Free Antivirus Planer" (AntiVirScheduler) - ? - "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe" (File not found) "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "getPlus(R) Helper 3004" (nosGetPlusHelper) - ? - C:\Programme\NOS\bin\getPlus_Helper_3004.dll (File not found) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "WISO Börse 2011 Watchdog" (WB11WatchDog) - "market maker Software AG" - C:\Programme\Buhl\WISO Börse 2011\bin\watchdog.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "UIHost" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
18.04.2011, 21:54
| #3 |
| | Befall mit MS Removal Tool Und MBR
__________________MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x00003efc Kernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E3000 \WINDOWS\system32\hal.dll 0xF7A5C000 \WINDOWS\system32\KDCOM.DLL 0xF796C000 \WINDOWS\system32\BOOTVID.dll 0xF7368000 spkg.sys 0xF7A5E000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF7350000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF7321000 ACPI.sys 0xF7310000 pci.sys 0xF755C000 isapnp.sys 0xF756C000 ohci1394.sys 0xF757C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7B24000 pciide.sys 0xF77DC000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7A60000 viaide.sys 0xF7A62000 intelide.sys 0xF758C000 MountMgr.sys 0xF72F1000 ftdisk.sys 0xF77E4000 PartMgr.sys 0xF759C000 VolSnap.sys 0xF72D9000 atapi.sys 0xF75AC000 disk.sys 0xF75BC000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF72B9000 fltMgr.sys 0xF72A7000 sr.sys 0xF75CC000 PxHelp20.sys 0xF7290000 KSecDD.sys 0xF7203000 Ntfs.sys 0xF71D6000 NDIS.sys 0xF7177000 timntr.sys 0xF715E000 snapman.sys 0xF75DC000 sbp2port.sys 0xF7143000 Mup.sys 0xF767C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF60F9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF60E5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF790C000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF60C2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7914000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF768C000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF70E3000 \SystemRoot\system32\drivers\pfc.sys 0xF769C000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76AC000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF609F000 \SystemRoot\system32\DRIVERS\ks.sys 0xF607A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF6066000 \SystemRoot\system32\DRIVERS\parport.sys 0xF76BC000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF791C000 \SystemRoot\system32\DRIVERS\PS2.sys 0xF7924000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF792C000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF5FE8000 \SystemRoot\system32\drivers\HCWBT8XX.sys 0xF76CC000 \SystemRoot\system32\drivers\STREAM.SYS 0xF5FD4000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0xF76DC000 \SystemRoot\system32\DRIVERS\mxopswd.sys 0xF76EC000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF5F9B000 \SystemRoot\System32\Drivers\adrqkzvc.SYS 0xF7BCB000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76FC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF70CB000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5F84000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF770C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF771C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF785C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF5F73000 \SystemRoot\system32\DRIVERS\psched.sys 0xF772C000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7864000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF786C000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF774C000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A86000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5DDE000 \SystemRoot\system32\DRIVERS\update.sys 0xF70BB000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF70B7000 \SystemRoot\system32\DRIVERS\tsmpkt.sys 0xF775C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF777C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A90000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF3102000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xF30E0000 \SystemRoot\system32\drivers\portcls.sys 0xF3766000 \SystemRoot\system32\drivers\drmk.sys 0xF7A98000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C70000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A9A000 \SystemRoot\System32\Drivers\Beep.SYS 0xF78F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF78FC000 \SystemRoot\System32\drivers\vga.sys 0xF7A9E000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7AA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7904000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7934000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF5F57000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF3085000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF302D000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF3005000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF2FBC000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF2F9A000 \SystemRoot\System32\drivers\afd.sys 0xF3756000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF3746000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF2F65000 \SystemRoot\System32\drivers\truecrypt.sys 0xF3736000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF793C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xF2F3A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF2ECB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF3726000 \SystemRoot\System32\Drivers\Fips.SYS 0xF2EA5000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7AA8000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xF7954000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF795C000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF2E5A000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF2DE5000 \SystemRoot\system32\DRIVERS\AVerPola.sys 0xF5F5B000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0xF3625000 \SystemRoot\system32\DRIVERS\AVPolCIR.sys 0xF3615000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF3605000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF2E7D000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF2D7D000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7ADE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF2DE1000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7884000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B55000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB7F31000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xF36AD000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0xB7F56000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB7C5D000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB7C20000 \SystemRoot\system32\drivers\wdmaud.sys 0xF3585000 \SystemRoot\system32\drivers\sysaudio.sys 0xB78D3000 \SystemRoot\system32\DRIVERS\srv.sys 0xF36B5000 \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms 0xB6E4C000 \??\C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys 0xB6DE1000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Programme\DAEMON Tools Lite\Engine.dll Processes (total 37): 0 System Idle Process 4 System 860 C:\WINDOWS\system32\smss.exe 1064 csrss.exe 1092 C:\WINDOWS\system32\winlogon.exe 1136 C:\WINDOWS\system32\services.exe 1148 C:\WINDOWS\system32\lsass.exe 1348 C:\WINDOWS\system32\nvsvc32.exe 1380 C:\WINDOWS\system32\svchost.exe 1428 svchost.exe 1528 C:\WINDOWS\system32\svchost.exe 1612 svchost.exe 1764 svchost.exe 2024 C:\WINDOWS\system32\spoolsv.exe 352 C:\Programme\Avira\AntiVir Desktop\sched.exe 364 C:\WINDOWS\explorer.exe 696 C:\WINDOWS\system32\rundll32.exe 752 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 776 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 788 C:\WINDOWS\system32\ctfmon.exe 832 C:\Programme\PC-Doctor 5 for Windows\PcdSmartMonitor.exe 1372 C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 1468 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe 1484 C:\Programme\Avira\AntiVir Desktop\avguard.exe 1504 C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe 1520 C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe 1740 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 1752 C:\Programme\Java\jre6\bin\jqs.exe 1824 C:\WINDOWS\system32\oodag.exe 1940 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE 2044 C:\WINDOWS\system32\svchost.exe 2088 C:\Programme\Buhl\WISO Börse 2011\bin\watchdog.exe 2388 C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe 3296 alg.exe 3020 C:\Programme\Mozilla Firefox\firefox.exe 3532 C:\Programme\Mozilla Firefox\plugin-container.exe 1056 C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`0d284e00 (NTFS) \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000005`895b1600 (FAT32) \\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21 PhysicalDrive1 Model Number: MaxtorOneTouch, Rev: 0121 Size Device Name MBR Status -------------------------------------------- 279 GB \\.\PhysicalDrive0 Legit MBR code detected SHA1: E68294B13179B1693F581515E9DF034C786D5AEE 931 GB \\.\PhysicalDrive1 |
|
| Themen zu Befall mit MS Removal Tool |
| ander, anleitung, befall, leitung, miteinander, ms removal tool, nicht sicher, profis, removal, rootkits, schei, tool |
Hybrid-Darstellung
