| |
| |||||||
Log-Analyse und Auswertung: Windows Recovery MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
01.05.2011, 16:50
| #17 |
 |  Windows Recovery Malware GMER wollte auch nach 3 Versuchen nicht.
__________________OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:31:32 on 01.05.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) "SetupExecute" - ? - poqexec.exe \SystemRoot\WinSxS\cleanup.xml (File not found) [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "prefscpl.cpl" - "RealNetworks, Inc." - C:\Windows\system32\prefscpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\7\AppData\Local\Temp\catchme.sys (File not found) "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - ? - C:\Windows\System32\Drivers\dsltestSp5.sys (File not found) "gmer" (gmer) - "GMER" - C:\Windows\System32\DRIVERS\gmer.sys "igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys (File not found) "int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys "psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Speedport W 100 Stick" (PRISM_A02) - ? - C:\Windows\System32\DRIVERS\PRISMA02.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} "PixiePack Codec Pack 0.10.6.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information) -----( HKLM\Software\Classes\Protocols\Handler )----- {9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll {7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" - ? - (File not found | COM-object registry key not found) <binary data> "{DE9C389F-3316-41A7-809B-AA305ED9D922}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "YInstStarter Class" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Common\yinsthelper.dll / C:\Program Files\Yahoo!\Common\yinsthelper.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - ? - (File not found | COM-object registry key not found) {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Sitecom Wireless Utility.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk (Shortcut exists | File not found) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer Empowering Technology Monitor" - ? - C:\Acer\Empowering Technology\SysMonitor.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe "HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "PCMMediaSharing" - ? - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe (File found, but it contains no detailed information) "WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL hpz3l5ha" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5ha.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe "Ad-Aware 2007 Service" (aawservice) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe "ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c986012b27565f)" (gupdate1c986012b27565f) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\MATRIX~1.SCR (File found, but it contains no detailed information) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "igfxcui" - ? - igfxdev.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru --------------------------------------------------------------------------- MBR Check Log: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: ACER BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ACER System Product Name: Aspire M3630 Logical Drives Mask: 0x000003dc Kernel Drivers (total 158): 0x8204E000 \SystemRoot\system32\ntoskrnl.exe 0x8201B000 \SystemRoot\system32\hal.dll 0x87C09000 \SystemRoot\system32\kdcom.dll 0x87C10000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x87C80000 \SystemRoot\system32\PSHED.dll 0x87C91000 \SystemRoot\system32\BOOTVID.dll 0x87C99000 \SystemRoot\system32\CLFS.SYS 0x87CDA000 \SystemRoot\system32\CI.dll 0x87DBA000 \SystemRoot\system32\drivers\Wdf01000.sys 0x87E36000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x87E43000 \SystemRoot\system32\drivers\acpi.sys 0x87E89000 \SystemRoot\system32\drivers\WMILIB.SYS 0x87E92000 \SystemRoot\system32\drivers\msisadrv.sys 0x87E9A000 \SystemRoot\system32\drivers\pci.sys 0x87EC1000 \SystemRoot\System32\drivers\partmgr.sys 0x87ED0000 \SystemRoot\system32\drivers\volmgr.sys 0x87EDF000 \SystemRoot\System32\drivers\volmgrx.sys 0x87F29000 \SystemRoot\system32\drivers\intelide.sys 0x87F30000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x87F3E000 \SystemRoot\System32\drivers\mountmgr.sys 0x87F4E000 \SystemRoot\system32\drivers\atapi.sys 0x87F56000 \SystemRoot\system32\drivers\ataport.SYS 0x87F74000 \SystemRoot\system32\drivers\fltmgr.sys 0x87FA6000 \SystemRoot\system32\drivers\fileinfo.sys 0x87FB6000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x87FBF000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8800A000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8807B000 \SystemRoot\system32\drivers\ndis.sys 0x88186000 \SystemRoot\system32\drivers\msrpc.sys 0x881B1000 \SystemRoot\system32\drivers\NETIO.SYS 0x881EC000 \SystemRoot\System32\drivers\tcpip.sys 0x882D6000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8840E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8851E000 \SystemRoot\system32\drivers\volsnap.sys 0x88557000 \SystemRoot\System32\Drivers\spldr.sys 0x8855F000 \SystemRoot\system32\drivers\psdvdisk.sys 0x88571000 \SystemRoot\system32\drivers\PSDNServ.sys 0x8857A000 \SystemRoot\System32\Drivers\mup.sys 0x88589000 \SystemRoot\System32\drivers\ecache.sys 0x885B0000 \SystemRoot\system32\drivers\disk.sys 0x885C1000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x885E2000 \SystemRoot\system32\drivers\crcdisk.sys 0x8860B000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x88616000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8861F000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8CC09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8D66A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8D66C000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D70C000 \SystemRoot\System32\drivers\watchdog.sys 0x8D718000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8D7A5000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8D7E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8862E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8D7EB000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8866C000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8867C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8868A000 \SystemRoot\system32\DRIVERS\parport.sys 0x886A2000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x886B5000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x886C0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x886CB000 \SystemRoot\system32\DRIVERS\serial.sys 0x886E5000 \SystemRoot\system32\DRIVERS\serenum.sys 0x886EF000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8D7FA000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x88707000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x88736000 \SystemRoot\system32\DRIVERS\storport.sys 0x88777000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x882F1000 \SystemRoot\system32\DRIVERS\smserial.sys 0x8878F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x887A6000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x887B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x887D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x887E3000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x87FC8000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x87FDD000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8CC00000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x8CC06000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8DC04000 \SystemRoot\system32\DRIVERS\ks.sys 0x8DC2E000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8DC38000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8DC45000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8DC85000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8DE39000 \SystemRoot\system32\drivers\portcls.sys 0x8DE66000 \SystemRoot\system32\drivers\drmk.sys 0x8DE8B000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8DE9C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8DEA5000 \SystemRoot\System32\Drivers\Null.SYS 0x8DEAC000 \SystemRoot\System32\Drivers\Beep.SYS 0x8DEBC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8DEC3000 \SystemRoot\System32\drivers\vga.sys 0x8DECF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8DEF0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8DEF8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8DF00000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8DF0B000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8DF19000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8DF22000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8DF38000 \SystemRoot\system32\DRIVERS\smb.sys 0x8DF4C000 \SystemRoot\system32\drivers\afd.sys 0x8DF94000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8DFC6000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8DFCF000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8DFE5000 \SystemRoot\system32\DRIVERS\netbios.sys 0x87FED000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DFF3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8E003000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8E03F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8E049000 \SystemRoot\System32\Drivers\dfsc.sys 0x8E060000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8E086000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8E088000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8E095000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8E0A0000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8E0A8000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys 0x8E0B1000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8E0BA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8E0CA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8E0CC000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8E0D4000 \SystemRoot\system32\DRIVERS\netr73.sys 0x970A0000 \SystemRoot\System32\win32k.sys 0x8E12A000 \SystemRoot\System32\drivers\Dxapi.sys 0x8E134000 \SystemRoot\system32\DRIVERS\monitor.sys 0x8E143000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x972C0000 \SystemRoot\System32\TSDDD.dll 0x972E0000 \SystemRoot\System32\cdd.dll 0x8E158000 \SystemRoot\system32\drivers\luafv.sys 0x8E173000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8E188000 \??\C:\Windows\system32\drivers\ACEDRV07.sys 0x8E1FB000 \SystemRoot\system32\drivers\spsys.sys 0x8E2AB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8E2BB000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8E2E5000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8E2EF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8E302000 \SystemRoot\system32\drivers\HTTP.sys 0x8E36F000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x8E38C000 \SystemRoot\system32\DRIVERS\bowser.sys 0x8E3A5000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8E3BA000 \SystemRoot\system32\drivers\mrxdav.sys 0x8E3DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9EC0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9EC44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9EC5C000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9EC84000 \SystemRoot\System32\DRIVERS\srv.sys 0x9ECD3000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x9ECDA000 \??\C:\Windows\system32\drivers\acedrv11.sys 0x9ED1D000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x9ED60000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys 0x9ED67000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x9ED6C000 \SystemRoot\system32\drivers\peauth.sys 0x9EE4A000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9EE54000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9EE60000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl 0x9EE62000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x9EE77000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x9EE89000 \SystemRoot\system32\Drivers\LVPr2Mon.sys 0x9EE8E000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x9EEA4000 \??\C:\Users\7\AppData\Local\Temp\ugtdqpod.sys 0x77270000 \Windows\System32\ntdll.dll Processes (total 74): 0 System Idle Process 4 System 452 C:\Windows\System32\smss.exe 528 csrss.exe 592 C:\Windows\System32\wininit.exe 600 csrss.exe 636 C:\Windows\System32\services.exe 672 C:\Windows\System32\lsass.exe 680 C:\Windows\System32\lsm.exe 696 C:\Windows\System32\winlogon.exe 848 C:\Windows\System32\svchost.exe 912 C:\Windows\System32\nvvsvc.exe 940 C:\Windows\System32\svchost.exe 1056 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1156 C:\Windows\System32\svchost.exe 1236 C:\Windows\System32\audiodg.exe 1260 C:\Windows\System32\svchost.exe 1276 C:\Windows\System32\SLsvc.exe 1312 C:\Windows\System32\svchost.exe 1440 C:\Windows\System32\nvvsvc.exe 1544 C:\Windows\System32\svchost.exe 1712 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 1824 C:\Windows\System32\dwm.exe 1856 C:\Windows\explorer.exe 1912 C:\Windows\System32\spoolsv.exe 1936 C:\Windows\System32\taskeng.exe 1948 C:\Program Files\Avira\AntiVir Desktop\sched.exe 2020 C:\Windows\System32\svchost.exe 536 C:\Windows\RtHDVCpl.exe 288 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe 936 C:\Windows\System32\taskeng.exe 2328 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 2404 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 2428 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 2488 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2516 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2544 C:\Acer\Empowering Technology\SysMonitor.exe 2556 C:\Windows\ehome\ehtray.exe 2568 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2596 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 2680 C:\Windows\ehome\ehmsas.exe 2912 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2948 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 3064 C:\Windows\System32\svchost.exe 3180 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3192 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 3232 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 3256 C:\Windows\System32\svchost.exe 3284 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe 3380 C:\Windows\System32\svchost.exe 3392 C:\Windows\System32\svchost.exe 3404 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 3436 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 3480 C:\Windows\System32\svchost.exe 3580 C:\Windows\System32\svchost.exe 3604 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 3632 C:\Windows\System32\SearchIndexer.exe 3672 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 3704 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3840 WUDFHost.exe 3936 WmiPrvSE.exe 2288 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 2236 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe 3328 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 1632 C:\Windows\System32\svchost.exe 5080 C:\Program Files\Windows Defender\MSASCui.exe 5256 C:\Windows\System32\svchost.exe 2716 C:\Program Files\Mozilla Firefox\firefox.exe 5664 C:\Windows\System32\SearchProtocolHost.exe 3832 C:\Windows\System32\SearchFilterHost.exe 5544 C:\Users\7\Downloads\MBRCheck.exe 5308 C:\Windows\System32\conime.exe 5336 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`83700000 (NTFS) PhysicalDrive0 Model Number: HitachiHDT725032VLA380, Rev: V54OA73A Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
| Themen zu Windows Recovery Malware |
| anti-malware, appdata, dateien, desktop, entfernt, explorer, heute, infizierte, install, malwar, malware, malwarebytes, microsoft, recovery, richtig, roaming, scan, service, software, start, start menu, temp, trojan.fakealert, trojaner, version, windows, wirklich |
Baum-Darstellung