Trojaner-Board - Virus 'Spy.SpyEyes.SC1' gefunden

Jou, hab ich. Dies ist die ComboFix- Log- Datei:
Combofix Logfile:

Code:

ComboFix 11-04-26.05 - *** 27.04.2011  18:32:47.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.1791.1330 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\blyadstvoeb

c:\dokumente und einstellungen\***\Anwendungsdaten\TrusteerHelp

c:\dokumente und einstellungen\***\Anwendungsdaten\TrusteerHelp\spuninst.exe

c:\dokumente und einstellungen\***\Anwendungsdaten\TrusteerHelp\spuninst.inf

c:\windows\system32\rnaph.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-27 bis 2011-04-27  ))))))))))))))))))))))))))))))

.

.

2011-04-27 16:19 . 2011-04-27 16:19        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google

2011-04-27 16:16 . 2011-04-27 16:16        --------        d-----w-        c:\programme\CCleaner

2011-04-27 16:14 . 2011-04-27 16:20        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp

2011-04-27 16:14 . 2011-04-27 16:14        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google

2011-04-27 16:14 . 2011-04-27 16:21        --------        d-----w-        c:\programme\Google

2011-04-27 16:14 . 2011-04-27 16:14        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google

2011-04-23 21:17 . 2011-04-23 21:17        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\IETldCache

2011-04-23 07:53 . 2011-04-23 07:53        --------        d-sh--w-        c:\dokumente und einstellungen\NetworkService\IETldCache

2011-04-23 07:53 . 2011-04-23 07:53        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten

2011-04-23 07:53 . 2011-04-23 07:53        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Eigene Dateien

2011-04-23 07:53 . 2011-04-23 07:53        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Startmenü

2011-04-14 12:02 . 2011-04-14 12:02        --------        d-----w-        C:\_OTL

2011-04-11 10:42 . 2011-04-11 10:42        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Uniblue

2011-04-11 10:42 . 2011-04-11 10:42        --------        d-----w-        c:\programme\Uniblue

2011-04-11 10:42 . 2011-04-11 10:42        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PackageAware

2011-04-09 11:50 . 2011-04-09 11:51        --------        d-----w-        c:\dokumente und einstellungen\Administrator

2011-04-08 22:30 . 2011-04-24 11:39        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Comms

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-18 13:34 . 2010-12-28 23:34        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"pdfSaver3"="c:\programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe" [2004-06-09 385024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"nwiz"="nwiz.exe" [2008-05-02 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"WinampAgent"="c:\programme\Winamp\winampa.exe" [2010-12-06 74752]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

.

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\

Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-31 110592]

OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Adobe Gamma Loader.exe.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-31 110592]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

WinZip Quick Pick.lnk - c:\programme\WinZip\WZQKPICK.EXE [2010-12-31 106560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Macromedia\\FreeHand MX\\FreeHand MX.exe"=

"c:\\Programme\\Winamp\\winamp.exe"=

"c:\\Programme\\Opera\\opera.exe"=

"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 PDDSLHND;PDDSLHND;c:\windows\system32\drivers\PDDSLHND.SYS [29.12.2010 00:32 15187]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.12.2010 01:34 135336]

R2 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [31.12.2010 13:16 8768]

R3 PDDSLADP;ProDyne DSL Adapter;c:\windows\system32\drivers\PDDSLADP.SYS [29.12.2010 00:32 15571]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [27.04.2011 18:14 136176]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - GUPDATE

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-27 16:14]

.

2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-27 16:14]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.alice-dsl.de/

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: {23178DFF-6001-42B0-A90E-DFD213F20290} = 62.109.123.6 213.191.92.87

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\fbwy9sr7.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-ActiveX Cache Browser - c:\dokumente und einstellungen\***\anwendungsdaten\trusteerhelp\spuninst.exe

HKLM-Run-NWEReboot - (no file)

HKLM-Run-pdfSaver3 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-27 18:35

Windows 5.1.2600 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Zeit der Fertigstellung: 2011-04-27  18:35:51

ComboFix-quarantined-files.txt  2011-04-27 16:35

.

Vor Suchlauf: 8 Verzeichnis(se), 138.251.411.456 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 138.214.825.984 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - FDE11FF7E27114B5B405DDF8AB324A9D

--- --- ---

(Ich hab vor'm Scan den >Bildschirmschoner ausgestellt. Wusste nicht, ob der möglicherweise auch das Projekt gefährden kann?)

Gruß
Sandero

Ookay- hoffentlich hab ich alles richtig verstanden:
1. Gmer

GMER Logfile:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-27 23:26:45

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 Hitachi_ rev.GM2O

Running: exbhitil.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\ugtdipoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            AB11A13E                                                                    ZwCreateKey

SSDT            AB11A134                                                                    ZwCreateThread

SSDT            AB11A143                                                                    ZwDeleteKey

SSDT            AB11A14D                                                                    ZwDeleteValueKey

SSDT            AB11A152                                                                    ZwLoadKey

SSDT            AB11A120                                                                    ZwOpenProcess

SSDT            AB11A125                                                                    ZwOpenThread

SSDT            AB11A15C                                                                    ZwReplaceKey

SSDT            AB11A157                                                                    ZwRestoreKey

SSDT            AB11A148                                                                    ZwSetValueKey
 

Code            \??\C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys                            pIofCallDriver
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                    section is writeable [0xB95AB360, 0x372FAD, 0xE8000020]

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                  Das System kann die angegebene Datei nicht finden. !

?               C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys                                Das System kann die angegebene Datei nicht finden. !
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRequest]              [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]         [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]          [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]   [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]     [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]    [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRequest]             [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]         [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]        [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]  [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRequest]               [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]    [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]      [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]           [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]          [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]     [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]         [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest]              [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]          [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]   [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]           [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest]                [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]            [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]       [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]    [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]      [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]           [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]          [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest]               [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]     [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]   [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest]              [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]         [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]          [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                    fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

2.Osam

Code:

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 00:00:48 on 28.04.2011
 

OS: Windows XP Home Edition Service Pack 2 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl

"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Asapi" (Asapi) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\drivers\Asapi.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDDSLHND" (PDDSLHND) - "ProDyne" - C:\WINDOWS\system32\drivers\PDDSLHND.sys

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"ProDyne DSL Adapter" (PDDSLADP) - "ProDyne" - C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"ugtdipoc" (ugtdipoc) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\ugtdipoc.sys  (Hidden registry entry, rootkit activity | File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Wcesview.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)

"WinZip Quick Pick.lnk" - "WinZip Computing, Inc." - C:\Programme\WinZip\WZQKPICK.EXE  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini

"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"

"pdfSaver3" - "Tracker Software Products Ltd." - "C:\Programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"WinampAgent" - "Nullsoft, Inc." - C:\Programme\Winamp\winampa.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

3.MBRCheck

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Home Edition

Windows Information:                Service Pack 2 (build 2600)

Logical Drives Mask:                0x000000fc
 

Kernel Drivers (total 119):

  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

  0x806E3000 \WINDOWS\system32\hal.dll

  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

  0xB9F78000 ACPI.sys

  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

  0xB9F67000 pci.sys

  0xBA0A8000 isapnp.sys

  0xBA670000 pciide.sys

  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

  0xBA0B8000 MountMgr.sys

  0xB9F48000 ftdisk.sys

  0xBA330000 PartMgr.sys

  0xBA0C8000 VolSnap.sys

  0xB9F30000 atapi.sys

  0xB9F0C000 nvgts.sys

  0xB9EF4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

  0xBA0D8000 disk.sys

  0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

  0xB9ED5000 fltMgr.sys

  0xB9EC3000 sr.sys

  0xBA0F8000 PxHelp20.sys

  0xB9EAC000 KSecDD.sys

  0xB9E1F000 Ntfs.sys

  0xB9DF2000 NDIS.sys

  0xB9DD7000 Mup.sys

  0xBA4BC000 PDDSLHND.sys

  0xBA208000 \SystemRoot\system32\DRIVERS\AmdK8.sys

  0xB9D51000 \SystemRoot\system32\DRIVERS\parport.sys

  0xBA218000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xBA3B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xBA3C0000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xB9D40000 \SystemRoot\system32\DRIVERS\serial.sys

  0xBA59C000 \SystemRoot\system32\DRIVERS\serenum.sys

  0xBA3C8000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0xB9D1D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xBA3D0000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xB9CF8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0xBA228000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

  0xB9C0F000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

  0xBA238000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xBA248000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xBA258000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xB9BEC000 \SystemRoot\system32\DRIVERS\ks.sys

  0xB95AB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

  0xB9597000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xBA6A8000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xB9DB3000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xB9580000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xBA288000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xBA298000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xB93EA000 \SystemRoot\system32\DRIVERS\psched.sys

  0xBA2A8000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xBA53C000 \SystemRoot\system32\DRIVERS\PDDSLADP.SYS

  0xBA138000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xB8A79000 \SystemRoot\system32\DRIVERS\update.sys

  0xBA540000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xB7B69000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xB938A000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xBA64C000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xBA128000 \SystemRoot\system32\DRIVERS\NVENETFD.sys

  0xAE17F000 \SystemRoot\system32\drivers\RtkHDAud.sys

  0xAE148000 \SystemRoot\system32\drivers\portcls.sys

  0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys

  0xBA636000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xAB573000 \SystemRoot\System32\Drivers\Null.SYS

  0xAC60F000 \SystemRoot\System32\Drivers\Beep.SYS

  0xAB42F000 \SystemRoot\System32\drivers\vga.sys

  0xAC60D000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xAC60B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xAB427000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xAB41F000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xAC01A000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xA9C64000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xA9C0C000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xA9BE4000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xA9BC3000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xA9BA1000 \SystemRoot\System32\drivers\afd.sys

  0xAB982000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xAB972000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xAB417000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0xA9B75000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xA9B06000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xAB952000 \SystemRoot\System32\Drivers\Fips.SYS

  0xA9AE0000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0xAC603000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys

  0xAB0AC000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xAAF78000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0xAAF70000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0xAB2BE000 \SystemRoot\system32\DRIVERS\usbscan.sys

  0xAAF68000 \SystemRoot\system32\DRIVERS\usbprint.sys

  0xAB2BA000 \SystemRoot\System32\Drivers\dump_diskdump.sys

  0xA9A92000 \SystemRoot\System32\Drivers\dump_nvgts.sys

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xAA3E1000 \SystemRoot\System32\drivers\Dxapi.sys

  0xAAF58000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xBA7B9000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBF012000 \SystemRoot\System32\nv4_disp.dll

  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

  0xA9010000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0xAD125000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xA8FAB000 \SystemRoot\system32\drivers\wdmaud.sys

  0xB7B19000 \SystemRoot\system32\drivers\sysaudio.sys

  0xA8E17000 \SystemRoot\system32\DRIVERS\mrxdav.sys

  0xA8DF4000 \SystemRoot\System32\Drivers\Fastfat.SYS

  0xBA65E000 \SystemRoot\System32\Drivers\ParVdm.SYS

  0xBA668000 \SystemRoot\System32\Drivers\Asapi.SYS

  0xA8A86000 \SystemRoot\system32\DRIVERS\srv.sys

  0xA8775000 \SystemRoot\System32\Drivers\HTTP.sys

  0xBA5EE000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

  0xBA340000 \??\C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys

  0xA7A6E000 \??\C:\DOKUME~1\***\LOKALE~1\Temp\ugtdipoc.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 36):

       0 System Idle Process

       4 System

     600 C:\WINDOWS\system32\smss.exe

     648 csrss.exe

     672 C:\WINDOWS\system32\winlogon.exe

     716 C:\WINDOWS\system32\services.exe

     728 C:\WINDOWS\system32\lsass.exe

     928 C:\WINDOWS\system32\svchost.exe

     972 svchost.exe

    1068 C:\WINDOWS\system32\svchost.exe

    1172 svchost.exe

    1232 svchost.exe

    1408 C:\WINDOWS\system32\spoolsv.exe

    1496 C:\Programme\Avira\AntiVir Desktop\sched.exe

    1736 svchost.exe

    1868 C:\WINDOWS\RTHDCPL.EXE

    1884 C:\Programme\Avira\AntiVir Desktop\avgnt.exe

    1900 C:\Programme\Winamp\winampa.exe

    1908 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

    1920 C:\WINDOWS\system32\ctfmon.exe

    1928 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

    1944 C:\Programme\Microsoft ActiveSync\wcescomm.exe

    1952 C:\Programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe

     412 C:\Programme\OpenOffice.org 3\program\soffice.exe

     448 C:\Programme\OpenOffice.org 3\program\soffice.bin

     224 C:\Programme\Avira\AntiVir Desktop\avguard.exe

     252 C:\Programme\Java\jre6\bin\jqs.exe

     492 C:\Programme\Avira\AntiVir Desktop\avshadow.exe

     516 C:\WINDOWS\system32\nvsvc32.exe

     632 C:\WINDOWS\system32\svchost.exe

    1008 wdfmgr.exe

    2380 C:\WINDOWS\system32\wscntfy.exe

    2496 alg.exe

    2196 C:\WINDOWS\explorer.exe

    2784 C:\Programme\Mozilla Firefox\firefox.exe

    3920 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000015`f8d00000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
 

PhysicalDrive0 Model Number: HitachiHDP725025GLA380, Rev: GM2OA5CA
 

      Size  Device Name          MBR Status

  --------------------------------------------

    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
 
 

Done!