Soooo, bin jetzt mit allem durch. Habe gmer einmal in c und einmal in d durchsuchen lassen.
GMER C Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-10 14:46:12
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1a SAMSUNG_SP2504C rev.VT100-52
Running: ih4599ym.exe; Driver: C:\DOKUME~1\k\LOKALE~1\Temp\afniipog.sys
---- System - GMER 1.0.15 ----
SSDT spve.sys ZwCreateKey [0xB7EA70E0]
SSDT spve.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spve.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT spve.sys ZwOpenKey [0xB7EA70C0]
SSDT spve.sys ZwQueryKey [0xB7EC610A]
SSDT spve.sys ZwQueryValueKey [0xB7EC5F8A]
SSDT spve.sys ZwSetValueKey [0xB7EC619C]
INT 0x63 ? 8A54ABF8
INT 0x63 ? 8A54ABF8
INT 0x73 ? 8A36FF00
INT 0x73 ? 8A36FF00
INT 0x73 ? 8A36FF00
INT 0x73 ? 8A36FF00
INT 0x82 ? 8A54ABF8
INT 0x83 ? 8A36FF00
INT 0x83 ? 8A36FF00
INT 0xA4 ? 8A36FF00
INT 0xB4 ? 8A36FF00
---- Kernel code sections - GMER 1.0.15 ----
? spve.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB331B3A0, 0x5FE082, 0xE8000020]
.text USBPORT.SYS!DllUnload B32A18AC 5 Bytes JMP 8A36F4E0
.text aj1tyqgr.SYS B3150386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aj1tyqgr.SYS B31503AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aj1tyqgr.SYS B31503C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aj1tyqgr.SYS B31503C9 1 Byte [30]
.text aj1tyqgr.SYS B31503C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spve.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spve.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spve.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spve.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spve.sys
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spve.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5491F8
Device \FileSystem\Fastfat \FatCdrom 88972500
Device \Driver\PCI_PNP8876 \Device\00000050 spve.sys
Device \Driver\usbohci \Device\USBPDO-0 8A390500
Device \Driver\usbohci \Device\USBPDO-1 8A390500
Device \Driver\usbehci \Device\USBPDO-2 8A3E31F8
Device \Driver\usbohci \Device\USBPDO-3 8A390500
Device \Driver\usbohci \Device\USBPDO-4 8A390500
Device \Driver\usbehci \Device\USBPDO-5 8A3E31F8
Device \Driver\usbohci \Device\USBPDO-6 8A390500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4D71F8
Device \Driver\Cdrom \Device\CdRom0 8A370500
Device \Driver\atapi \Device\Ide\IdePort0 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A370500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A4D71F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88C641F8
Device \Driver\NetBT \Device\NetbiosSmb 88C641F8
Device \Driver\USBSTOR \Device\00000085 88BFB500
Device \Driver\USBSTOR \Device\00000086 88BFB500
Device \Driver\sptd \Device\1758955126 spve.sys
Device \Driver\usbohci \Device\USBFDO-0 8A390500
Device \Driver\usbohci \Device\USBFDO-1 8A390500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88C2C1F8
Device \Driver\usbehci \Device\USBFDO-2 8A3E31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88C2C1F8
Device \Driver\usbohci \Device\USBFDO-3 8A390500
Device \Driver\usbohci \Device\USBFDO-4 8A390500
Device \Driver\Ftdisk \Device\FtControl 8A4D71F8
Device \Driver\usbehci \Device\USBFDO-5 8A3E31F8
Device \Driver\usbohci \Device\USBFDO-6 8A390500
Device \Driver\aj1tyqgr \Device\Scsi\aj1tyqgr1 8A4091F8
Device \FileSystem\Fastfat \Fat 88972500
Device \FileSystem\Cdfs \Cdfs 88C00500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x3C 0x66 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0x7B 0x6A 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x01 0x37 0x5E 0x6F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x3C 0x66 0x72 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0x7B 0x6A 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x01 0x37 0x5E 0x6F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- EOF - GMER 1.0.15 ----
GMER D Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-10 14:54:01
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1a SAMSUNG_SP2504C rev.VT100-52
Running: ih4599ym.exe; Driver: C:\DOKUME~1\k\LOKALE~1\Temp\afniipog.sys
---- System - GMER 1.0.15 ----
SSDT spve.sys ZwCreateKey [0xB7EA70E0]
SSDT spve.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spve.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT spve.sys ZwOpenKey [0xB7EA70C0]
SSDT spve.sys ZwQueryKey [0xB7EC610A]
SSDT spve.sys ZwQueryValueKey [0xB7EC5F8A]
SSDT spve.sys ZwSetValueKey [0xB7EC619C]
INT 0x63 ? 8A54ABF8
INT 0x63 ? 8A54ABF8
INT 0x73 ? 8A36FF00
INT 0x73 ? 8A36FF00
INT 0x73 ? 8A36FF00
INT 0x73 ? 8A36FF00
INT 0x82 ? 8A54ABF8
INT 0x83 ? 8A36FF00
INT 0x83 ? 8A36FF00
INT 0xA4 ? 8A36FF00
INT 0xB4 ? 8A36FF00
---- Kernel code sections - GMER 1.0.15 ----
? spve.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB331B3A0, 0x5FE082, 0xE8000020]
.text USBPORT.SYS!DllUnload B32A18AC 5 Bytes JMP 8A36F4E0
.text aj1tyqgr.SYS B3150386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aj1tyqgr.SYS B31503AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aj1tyqgr.SYS B31503C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aj1tyqgr.SYS B31503C9 1 Byte [30]
.text aj1tyqgr.SYS B31503C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spve.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spve.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spve.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spve.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spve.sys
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aj1tyqgr.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spve.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5491F8
Device \FileSystem\Fastfat \FatCdrom 88972500
Device \Driver\PCI_PNP8876 \Device\00000050 spve.sys
Device \Driver\usbohci \Device\USBPDO-0 8A390500
Device \Driver\usbohci \Device\USBPDO-1 8A390500
Device \Driver\usbehci \Device\USBPDO-2 8A3E31F8
Device \Driver\usbohci \Device\USBPDO-3 8A390500
Device \Driver\usbohci \Device\USBPDO-4 8A390500
Device \Driver\usbehci \Device\USBPDO-5 8A3E31F8
Device \Driver\usbohci \Device\USBPDO-6 8A390500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4D71F8
Device \Driver\Cdrom \Device\CdRom0 8A370500
Device \Driver\atapi \Device\Ide\IdePort0 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A370500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A4D71F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88C641F8
Device \Driver\USBSTOR \Device\00000085 88BFB500
Device \Driver\NetBT \Device\NetbiosSmb 88C641F8
Device \Driver\USBSTOR \Device\00000086 88BFB500
Device \Driver\sptd \Device\1758955126 spve.sys
Device \Driver\usbohci \Device\USBFDO-0 8A390500
Device \Driver\usbohci \Device\USBFDO-1 8A390500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88C2C1F8
Device \Driver\usbehci \Device\USBFDO-2 8A3E31F8
Device \Driver\usbohci \Device\USBFDO-3 8A390500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88C2C1F8
Device \Driver\Ftdisk \Device\FtControl 8A4D71F8
Device \Driver\usbohci \Device\USBFDO-4 8A390500
Device \Driver\usbehci \Device\USBFDO-5 8A3E31F8
Device \Driver\usbohci \Device\USBFDO-6 8A390500
Device \Driver\aj1tyqgr \Device\Scsi\aj1tyqgr1 8A4091F8
Device \FileSystem\Fastfat \Fat 88972500
Device \FileSystem\Cdfs \Cdfs 88C00500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x3C 0x66 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0x7B 0x6A 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x01 0x37 0x5E 0x6F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x3C 0x66 0x72 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0x7B 0x6A 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x01 0x37 0x5E 0x6F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- EOF - GMER 1.0.15 ----
OSAM Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:08:32 on 10.03.2011
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Google Inc. Google Chrome 0.0.0.0
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2025429265-2000478354-839522115-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Programme\Creative\AudioCS\CTAudCS.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aba63rq6" (aba63rq6) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aba63rq6.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"adfs" (adfs) - ? - C:\WINDOWS\system32\drivers\adfs.sys (File not found)
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"C-Media USB Sound Interface" (cmudau) - ? - C:\WINDOWS\System32\drivers\cmudau.sys (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\k\LOKALE~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"DNINDIS5 NDIS Protocol Driver" (DNINDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\DNINDIS5.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"pwdrvio" (pwdrvio) - ? - C:\WINDOWS\system32\pwdrvio.sys (File found, but it contains no detailed information)
"pwdspio" (pwdspio) - ? - C:\WINDOWS\system32\pwdspio.sys (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\WINDOWS\system32\Drivers\vmm.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"Wireless USB 2.0 Adapter with RangeMax Service" (WPN111) - ? - C:\WINDOWS\System32\DRIVERS\WPN111.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{621FCD24-4498-4324-A81E-07D331376EDF} "PixiePack Codec Pack 0.10.4" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information)
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Programme\Microsoft Virtual PC\VPCShExH.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\k\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Programme\Creative\Shared Files\CTAudSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCHECK Code:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d
Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EA6000 spdr.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E8E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E5F000 ACPI.sys
0xB7E4E000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E2F000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7E17000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB7DF7000 fltmgr.sys
0xB7DE5000 sr.sys
0xB8118000 PxHelp20.sys
0xB7DCE000 KSecDD.sys
0xB7D41000 Ntfs.sys
0xB7D14000 NDIS.sys
0xB7CFA000 Mup.sys
0xB8158000 \SystemRoot\System32\DRIVERS\processr.sys
0xB855C000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
0xB331B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB3307000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB32D0000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8168000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB8178000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB8188000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB32AD000 \SystemRoot\System32\DRIVERS\ks.sys
0xB83A0000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB3289000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xB83A8000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB3261000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xB31E1000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB31BD000 \SystemRoot\system32\drivers\portcls.sys
0xB8198000 \SystemRoot\system32\drivers\drmk.sys
0xB3188000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB83C0000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xB81A8000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB3150000 \SystemRoot\System32\Drivers\aba63rq6.SYS
0xB8438000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB81B8000 \SystemRoot\System32\DRIVERS\serial.sys
0xB858C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB313C000 \SystemRoot\System32\DRIVERS\parport.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8450000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB312B000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0xB87EF000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB81D8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB8598000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB3114000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB81E8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB81F8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8478000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB3063000 \SystemRoot\System32\DRIVERS\psched.sys
0xB8208000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8488000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB8498000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8218000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB84A0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB85B6000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB3005000 \SystemRoot\System32\DRIVERS\update.sys
0xB7CD6000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB8228000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8248000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xB85C2000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xACB92000 \SystemRoot\system32\drivers\ha20x2k.sys
0xACB62000 \SystemRoot\system32\drivers\emupia2k.sys
0xACB39000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xACA9D000 \SystemRoot\system32\drivers\ctac32k.sys
0xACA88000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0xACA5C000 \SystemRoot\System32\drivers\CT20XUT.SYS
0xAC915000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0xB83B0000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB85CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8700000 \SystemRoot\System32\Drivers\Null.SYS
0xB85D0000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83D8000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xB83E0000 \SystemRoot\System32\drivers\vga.sys
0xB85D4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8400000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB857C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xAC8E2000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xAC889000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xAC839000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAC813000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB8278000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAC7F1000 \SystemRoot\System32\drivers\afd.sys
0xB8288000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB8298000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAC7B6000 \??\C:\WINDOWS\system32\Drivers\vmm.sys
0xAC78B000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAC71B000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB82A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8430000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB2FE1000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB82E8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB8448000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB0ED9000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB82F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAC63B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85DE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB0EC1000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8480000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87F6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAB9D9000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAB9C9000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAB841000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAB6AC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB863A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAB5F7000 \SystemRoot\system32\drivers\wdmaud.sys
0xAC6DB000 \SystemRoot\system32\drivers\sysaudio.sys
0xAB48F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB0DE000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 30):
0 System Idle Process
4 System
804 C:\WINDOWS\system32\smss.exe
868 csrss.exe
892 C:\WINDOWS\system32\winlogon.exe
952 C:\WINDOWS\system32\services.exe
964 C:\WINDOWS\system32\lsass.exe
1136 C:\WINDOWS\system32\nvsvc32.exe
1212 C:\WINDOWS\system32\svchost.exe
1300 svchost.exe
1424 C:\WINDOWS\system32\svchost.exe
1544 svchost.exe
1668 svchost.exe
1828 C:\WINDOWS\system32\spoolsv.exe
1920 C:\Programme\Creative\Shared Files\CTAudSvc.exe
2008 C:\WINDOWS\explorer.exe
144 C:\Programme\Java\jre6\bin\jqs.exe
192 C:\WINDOWS\system32\svchost.exe
228 wdfmgr.exe
1936 C:\WINDOWS\system32\Ctxfihlp.exe
332 C:\WINDOWS\system32\rundll32.exe
392 C:\WINDOWS\system32\ctfmon.exe
680 C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
1840 alg.exe
1716 C:\WINDOWS\system32\wbem\wmiapsrv.exe
776 wmiprvse.exe
1564 C:\WINDOWS\system32\CTxfispi.exe
2328 C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
2444 C:\Dokumente und Einstellungen\k\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
2496 C:\Dokumente und Einstellungen\k\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-52
PhysicalDrive0 Model Number: SAMSUNGHD321KJ, Rev: CP100-12
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: A2807BA7FD4C206EFECA81EE5D8474BD4DCD1035
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1F7D73C9E899CA12D634A5E0AF164DF7877E62ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Danke!:applaus: |
