Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop

chris7000 · 04.04.2011, 20:30

Bin ich jetzt durch?

cosinus · 04.04.2011, 20:34

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

chris7000 · 06.04.2011, 19:59

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-06 07:16:00
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C
Running: 06jw2e2o.exe; Driver: C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Program Files\HP\QuickPlay\000.fcl section is writeable [0xA460F000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\HP\QuickPlay\000.fcl entry point in ".vmp2" section [0xA4632050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4964] ntdll.dll!DbgUiRemoteBreakin 779DCD84 1 Byte [C3]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74797817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7479BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7478F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7478E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7479DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7478FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7478FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7481CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7478D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74786853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7478687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74792AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread SYSTEM [4:2724] 90C034C6

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021862efcad
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@00180fa86f7b 0xF7 0x15 0xDB 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@0011b107a20c 0x22 0xC3 0x67 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@00229846dd3a 0x0B 0x16 0x53 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218665f713@3c5a37b039f3 0x23 0x9D 0x23 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e9feff4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021862efcad (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@00180fa86f7b 0xF7 0x15 0xDB 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@0011b107a20c 0x22 0xC3 0x67 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@00229846dd3a 0x0B 0x16 0x53 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00218665f713@3c5a37b039f3 0x23 0x9D 0x23 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e9feff4 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x11 0x9D 0x2F 0xA0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xA8 0x93 0x04 0x3B ...

chris7000 · 06.04.2011, 20:00

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:56:22 on 06.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\cm\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys
"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\Windows\System32\DRIVERS\mcdbus.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"EraserUtilDrvI7" (EraserUtilDrvI7) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mdf15" (mdf15) - ? - C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys
"Power Control [2010/06/05 22:44:42]" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - ? - C:\Program Files\HP\QuickPlay\000.fcl
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)
"SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys
"uwtiyaoc" (uwtiyaoc) - ? - C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{3D874BD4-F636-46b0-B6B9-4D1946D72BEC} "freenet.de Dateimanager" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? -   (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{2F25CF20-C569-11D1-B94C-00608CB45480} "TextPad" - "Helios Software Solutions" - C:\ProgramFiles\TextPad 4\System\shellext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\cm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AnyDVD" - "SlySoft, Inc." - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"avira update" - "Avira GmbH" - C:\\Program Files\\Avira\\AntiVir Desktop\\update.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Win2PDF Port" - ? - C:\Windows\system32\win2pdfm.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - D:\work\xampp\apache\bin\apache.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"  (File not found)
"DirMngr" (DirMngr) - ? - C:\Program Files\GNU\GnuPG\dirmngr.exe  (File found, but it contains no detailed information)
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - D:\work\xampp\FileZillaFTP\FileZillaServer.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"mysql" (mysql) - ? - D:\work\xampp\mysql\bin\mysqld-nt.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe
"SAMSUNG AllShare Service" (AllShare) - ? - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Virtual Disk Service Manager" (MSR Service) - ? - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

chris7000 · 06.04.2011, 20:00

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:56:22 on 06.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\cm\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys
"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\Windows\System32\DRIVERS\mcdbus.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"EraserUtilDrvI7" (EraserUtilDrvI7) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mdf15" (mdf15) - ? - C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys
"Power Control [2010/06/05 22:44:42]" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - ? - C:\Program Files\HP\QuickPlay\000.fcl
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)
"SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys
"uwtiyaoc" (uwtiyaoc) - ? - C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{3D874BD4-F636-46b0-B6B9-4D1946D72BEC} "freenet.de Dateimanager" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? -   (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{2F25CF20-C569-11D1-B94C-00608CB45480} "TextPad" - "Helios Software Solutions" - C:\ProgramFiles\TextPad 4\System\shellext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\cm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AnyDVD" - "SlySoft, Inc." - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"avira update" - "Avira GmbH" - C:\\Program Files\\Avira\\AntiVir Desktop\\update.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Win2PDF Port" - ? - C:\Windows\system32\win2pdfm.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - D:\work\xampp\apache\bin\apache.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"  (File not found)
"DirMngr" (DirMngr) - ? - C:\Program Files\GNU\GnuPG\dirmngr.exe  (File found, but it contains no detailed information)
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - D:\work\xampp\FileZillaFTP\FileZillaServer.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"mysql" (mysql) - ? - D:\work\xampp\mysql\bin\mysqld-nt.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe
"SAMSUNG AllShare Service" (AllShare) - ? - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Virtual Disk Service Manager" (MSR Service) - ? - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

chris7000 · 06.04.2011, 20:09

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 219):
0x8264D000 \SystemRoot\system32\ntkrnlpa.exe
0x8261A000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\system32\drivers\isapnp.sys
0x8071D000 \SystemRoot\system32\drivers\mpio.sys
0x80739000 \SystemRoot\System32\drivers\partmgr.sys
0x80748000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8074B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80755000 \SystemRoot\system32\drivers\volmgr.sys
0x80764000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\intelide.sys
0x807B5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C3000 \SystemRoot\system32\drivers\pciide.sys
0x807CA000 \SystemRoot\system32\drivers\aliide.sys
0x807D1000 \SystemRoot\system32\drivers\amdide.sys
0x807D8000 \SystemRoot\system32\drivers\cmdide.sys
0x807E0000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B9000 \SystemRoot\system32\drivers\msdsm.sys
0x805D3000 \SystemRoot\system32\drivers\nvraid.sys
0x8AC0F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC30000 \SystemRoot\system32\drivers\viaide.sys
0x8AC38000 \SystemRoot\system32\drivers\iastorv.sys
0x8ACD9000 \SystemRoot\system32\drivers\atapi.sys
0x8ACE1000 \SystemRoot\system32\drivers\ataport.SYS
0x8ACFF000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8AD19000 \SystemRoot\system32\drivers\storport.sys
0x8AD5A000 \SystemRoot\system32\drivers\nvstor.sys
0x8AD67000 \SystemRoot\system32\drivers\msahci.sys
0x8AD71000 \SystemRoot\system32\drivers\hpcisss.sys
0x8AD7C000 \SystemRoot\system32\drivers\adp94xx.sys
0x8AE08000 \SystemRoot\system32\drivers\adpahci.sys
0x8AE54000 \SystemRoot\system32\drivers\adpu160m.sys
0x8AE6F000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AE95000 \SystemRoot\system32\drivers\adpu320.sys
0x8AEBB000 \SystemRoot\system32\drivers\djsvs.sys
0x8AECF000 \SystemRoot\system32\drivers\arc.sys
0x8AEE5000 \SystemRoot\system32\drivers\arcsas.sys
0x8AEFB000 \SystemRoot\system32\drivers\elxstor.sys
0x8AF8F000 \SystemRoot\system32\drivers\i2omp.sys
0x8AF99000 \SystemRoot\system32\drivers\iirsp.sys
0x8AFA9000 \SystemRoot\system32\drivers\iteatapi.sys
0x8AFB5000 \SystemRoot\system32\drivers\iteraid.sys
0x8AFC1000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8AFDB000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8AFF3000 \SystemRoot\system32\drivers\megasas.sys
0x8B00C000 \SystemRoot\system32\drivers\megasr.sys
0x8B0C3000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B0CE000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B200000 \SystemRoot\system32\drivers\ql2300.sys
0x8B338000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B38D000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B39A000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B3AF000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B3BB000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B3C6000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B0DC000 \SystemRoot\system32\drivers\uliahci.sys
0x8B3D1000 \SystemRoot\system32\drivers\ulsata.sys
0x8B118000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B144000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B165000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B197000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B40E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B47F000 \SystemRoot\system32\drivers\ndis.sys
0x8B58A000 \SystemRoot\system32\drivers\msrpc.sys
0x8B5B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B605000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B806000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B916000 \SystemRoot\system32\drivers\wd.sys
0x8B91E000 \SystemRoot\system32\drivers\volsnap.sys
0x8B957000 \SystemRoot\System32\Drivers\spldr.sys
0x8B95F000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B974000 \SystemRoot\System32\Drivers\mup.sys
0x8B983000 \SystemRoot\System32\drivers\ecache.sys
0x8B9AA000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8B9B3000 \SystemRoot\system32\drivers\disk.sys
0x8B9C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B9EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B70A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B713000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B9FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F001000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F958000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F95A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B722000 \SystemRoot\System32\drivers\watchdog.sys
0x8B72E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B739000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B777000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FA0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8FF89000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FFAA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FFBA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FFC8000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8FFDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FFF0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FFF5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FA9A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FACA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FACC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FAD7000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8FAF0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FB08000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8FB13000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8FB2B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FB34000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FB63000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FB6E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FB85000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FB90000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FBC2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FBD6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FBEB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B786000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8FBFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B7A3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B7CD000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B7DB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B1A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B7E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9040E000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x90476000 \SystemRoot\system32\DRIVERS\portcls.sys
0x904A3000 \SystemRoot\system32\DRIVERS\drmk.sys
0x904C8000 \SystemRoot\system32\drivers\nvhda32v.sys
0x904D6000 \SystemRoot\system32\DRIVERS\hidir.sys
0x904E1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x904F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x904F8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90501000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90509000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90512000 \SystemRoot\System32\Drivers\Null.SYS
0x90519000 \SystemRoot\System32\Drivers\Beep.SYS
0x90520000 \SystemRoot\System32\drivers\vga.sys
0x9052C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9054D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90555000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9055D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90568000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90576000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9057F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90595000 \SystemRoot\system32\DRIVERS\smb.sys
0x905A9000 \SystemRoot\system32\drivers\afd.sys
0x90600000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90632000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x9063B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90651000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90679000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9068C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90692000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x906CE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x906D8000 \??\C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
0x906E1000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x906EB000 \SystemRoot\System32\Drivers\dfsc.sys
0x90702000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x907B5000 \SystemRoot\System32\Drivers\AVerAF15.sys
0x907FA000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x90D4C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90D63000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90D84000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90D91000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90D9C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9AEC0000 \SystemRoot\System32\win32k.sys
0x90DA6000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B0E0000 \SystemRoot\System32\TSDDD.dll
0x9B100000 \SystemRoot\System32\cdd.dll
0x9B110000 \SystemRoot\System32\ATMFD.DLL
0x90DBF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x90DD4000 \SystemRoot\system32\drivers\luafv.sys
0xA1000000 \SystemRoot\system32\drivers\spsys.sys
0xA10B0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA10C0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA10EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA10F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1107000 \SystemRoot\system32\drivers\HTTP.sys
0xA1174000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1191000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA11AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA11BF000 \SystemRoot\system32\drivers\mrxdav.sys
0xA11E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2009000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2042000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA205A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2082000 \SystemRoot\System32\DRIVERS\srv.sys
0xA20E8000 \SystemRoot\System32\Drivers\adfs.SYS
0xA20F9000 \SystemRoot\system32\drivers\peauth.sys
0xA21D7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA21E1000 \??\C:\Windows\system32\SVKP.sys
0xA21E2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA460E000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0xA463A000 \??\C:\Program Files\Clarus\Samsung SecretZone\mvd20.sys
0xA4652000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA465D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4673000 \SystemRoot\system32\drivers\MSPQM.sys
0xA4675000 \??\C:\Users\cm\AppData\Local\Temp\uwtiyaoc.sys
0xA47E0000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA468E000 \SystemRoot\System32\Drivers\bthport.sys
0xA470E000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA4737000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA4741000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0xA4750000 \SystemRoot\system32\drivers\modem.sys
0xA475D000 \SystemRoot\system32\drivers\btwavdt.sys
0xA47C4000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x90C80000 \SystemRoot\system32\drivers\btwaudio.sys
0xA47D0000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0xA47ED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77950000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 SYSTEM
456 C:\Windows\System32\smss.exe
588 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
932 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
952 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1076 C:\Windows\System32\nvvsvc.exe
1104 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
1468 C:\Windows\System32\audiodg.exe
1544 C:\Windows\System32\SLsvc.exe
1564 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\hpservice.exe
1692 C:\Windows\System32\nvvsvc.exe
1724 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\spoolsv.exe
1988 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2000 C:\Windows\System32\svchost.exe
1840 D:\work\xampp\apache\bin\apache.exe
196 C:\Windows\System32\svchost.exe
576 C:\Program Files\GNU\GnuPG\dirmngr.exe
2064 C:\Windows\System32\FsUsbExService.Exe
2152 C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
2216 D:\work\xampp\mysql\bin\mysqld-nt.exe
2256 C:\Windows\System32\svchost.exe
2324 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2340 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2364 C:\Windows\SMINST\BLService.exe
2484 C:\Windows\System32\svchost.exe
2516 C:\Windows\System32\svchost.exe
2544 C:\Windows\System32\SearchIndexer.exe
2684 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2868 C:\Windows\System32\taskeng.exe
3108 D:\work\xampp\apache\bin\apache.exe
4164 C:\Windows\System32\dwm.exe
4180 C:\Windows\System32\taskeng.exe
4224 C:\Windows\explorer.exe
4460 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4472 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
4488 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4496 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4504 C:\Program Files\IDT\WDM\sttray.exe
4512 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4524 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4532 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4552 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4632 C:\Windows\ehome\ehtray.exe
4648 WmiPrvSE.exe
4808 C:\Windows\ehome\ehmsas.exe
4836 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
4964 C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
5032 C:\Windows\ehome\ehsched.exe
5100 C:\Program Files\Windows Media Player\wmpnscfg.exe
5212 C:\Program Files\Windows Media Player\wmpnetwk.exe
5372 C:\Windows\System32\wbem\unsecapp.exe
5380 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
5564 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5608 C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
5880 C:\Windows\ehome\ehrecvr.exe
4424 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
2792 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4312 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4456 C:\Windows\System32\svchost.exe
4432 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2480 C:\Program Files\Mozilla Firefox\firefox.exe
2280 C:\Windows\explorer.exe
5948 C:\Users\cm\Desktop\tdsskiller\osam.exe
532 C:\Windows\System32\notepad.exe
5760 C:\Users\cm\Desktop\MBRCheck.exe
4148 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000048`4e200000 (NTFS)

PhysicalDrive1 Model Number: TOSHIBAMK3252GSX, Rev: LV011C
PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus · 06.04.2011, 22:34

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

chris7000 · 07.04.2011, 20:46

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6304

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

07.04.2011 21:44:51
mbam-log-2011-04-07 (21-44-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175841
Laufzeit: 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 08.04.2011, 04:57

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

chris7000 · 08.04.2011, 06:23

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 04/08/2011 at 03:31 AM

Application Version : 4.50.1002

Core Rules Database Version : 6777
Trace Rules Database Version: 4589

Scan type : Complete Scan
Total Scan Time : 05:29:28

Memory items scanned : 777
Memory threats detected : 0
Registry items scanned : 11170
Registry threats detected : 0
File items scanned : 653301
File threats detected : 4

Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

Trojan.Agent/Gen-Nullo[Micro]
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SYSTEM.VIR
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\WINDOWS\SYSTEM32\SYSTEM

Adware.Jraun/WinEssential
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\PROGRAM FILES\CYBERLINK\DVD SUITE\CDSVERSION.EXE

cosinus · 08.04.2011, 06:43

Überreste und Fehlalarme.
Mach bitte noch den Vollscan mit Malwarebytes.

chris7000 · 08.04.2011, 19:38

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6304

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.04.2011 20:17:47
mbam-log-2011-04-08 (20-17-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 824266
Laufzeit: 12 Stunde(n), 43 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Viele Grüße, ich denke das wars (hoffentlich :-)

cosinus · 08.04.2011, 19:55

Keine Funde. Rechner wieder ok?

chris7000 · 11.04.2011, 20:16

Hallo Arne, der PC ist wieder OK, Spende folgt, vielen Dank für Deine Mühe ;-)

cosinus · 12.04.2011, 09:31

Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

06.04.2011, 22:34	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

08.04.2011, 06:43	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Überreste und Fehlalarme. Mach bitte noch den Vollscan mit Malwarebytes. __________________ Logfiles bitte immer in CODE-Tags posten

08.04.2011, 19:55	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Keine Funde. Rechner wieder ok? __________________ Logfiles bitte immer in CODE-Tags posten

Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop

Plagegeister aller Art und deren Bekämpfung: Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop