| Annettsche | 07.09.2012 14:19 |
GMER
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-07 14:29:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9AT00 rev.MB4OA60A
Running: fqj3ld8i.exe; Driver: C:\DOKUME~1\Droge\LOKALE~1\Temp\fgldrpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
---- EOF - GMER 1.0.15 ----
--- --- ---
OSAM Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:37:52 on 07.09.2012
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"WACntlPnl.cpl" - "Hewlett-Packard Development Company, L.P." - C:\WINDOWS\system32\WACntlPnl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found)
"eabconfg.cpl" - "Hewlett-Packard" - C:\Programme\HPQ\Quick Launch Buttons\EABCONFG.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fgldrpow" (fgldrpow) - ? - C:\DOKUME~1\Droge\LOKALE~1\Temp\fgldrpow.sys (Hidden registry entry, rootkit activity | File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"InCD File System" (InCDfs) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDfs.sys
"InCD Reader" (incdrm) - "Nero AG" - C:\WINDOWS\system32\drivers\incdrm.sys
"InCDPass" (InCDPass) - "Nero AG" - C:\WINDOWS\System32\DRIVERS\InCDPass.sys
"InCDrec" (InCDrec) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDrec.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS (File is exclusively opened, access blocked)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"T-DSL Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys
"USB to Serial Bridge Controller" (usb2vcom) - ? - C:\WINDOWS\System32\Drivers\usb2vcom.sys (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{950FF917-7A57-46BC-8017-59D9BF474000} "Shell Extension for CDRW" - "Nero AG" - C:\Programme\Ahead\InCD\incdshx.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "{C4069E3A-68F1-403E-B40E-20066696354B}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\WINDOWS\Downloaded Program Files\popcaploader.dll (File not found) / hxxp://download-spiele.de.pogo.com/online2/pogo/zuma/popcaploader_v10_de.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{A93C41D8-01F8-4F8B-B14C-DE20B117E636} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
{E763472E-A716-4CD9-89BD-DBDA6122F741} "HP Sammelmappe" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{053F9267-DC04-4294-A72C-58F732D338C0} "HP Print Clips" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists)
"HP Photosmart Premier – Schnellstart.lnk" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Droge\Startmenü\Programme\Autostart\desktop.ini
"T-DSL Manager.lnk" - "T-Systems" - C:\Programme\T-DSL Manager\DslMgr.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NBJ" - "Ahead Software AG" - "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
"SJelite3Launch" - ? - C:\Dokumente und Einstellungen\Droge\Anwendungsdaten\Transcend\SJelite3\SJelite3Launch.exe (File found, but it contains no detailed information)
"Sony Ericsson PC Companion" - "Sony Ericsson" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ATIPTA" - "ATI Technologies, Inc." - "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"Cpqset" - ? - C:\Programme\HPQ\Default Settings\cpqset.exe (File found, but it contains no detailed information)
"eabconfg.cpl" - "Hewlett-Packard " - C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
"HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QPService" - "CyberLink Corp." - "C:\Programme\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"RecGuard" - ? - C:\Windows\SMINST\RecGuard.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"T-DSL SpeedMgr" - "T-Systems Business Services" - "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information)
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET-Statusdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Hotspot Manager" (HotSpotFSvc) - "T-Systems Enterprise Services GmbH" - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InCD Helper (read only)" (InCDsrvR) - "Nero AG" - C:\Programme\Ahead\InCD\InCDsrv.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
"T-DSL Manager" (TDslMgrService) - "T-Systems" - C:\Programme\T-DSL Manager\DslMgrSvc.exe
"T-DSL SpeedManager" (TSMService) - "T-Systems Business Services" - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Goldshell Digital Media" - C:\WINDOWS\KEINOH~1.SCR
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-07 14:39:32
-----------------------------
14:39:32.093 OS Version: Windows 5.1.2600 Service Pack 3
14:39:32.093 Number of processors: 1 586 0x2402
14:39:32.093 ComputerName: ANNETTE UserName: Droge
14:39:32.609 Initialize success
14:41:32.421 AVAST engine defs: 12090700
14:42:00.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:42:00.796 Disk 0 Vendor: HTS541080G9AT00 MB4OA60A Size: 76319MB BusType: 3
14:42:00.906 Disk 0 MBR read successfully
14:42:00.906 Disk 0 MBR scan
14:42:01.015 Disk 0 unknown MBR code
14:42:01.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68511 MB offset 63
14:42:01.093 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 6769 MB offset 140327775
14:42:01.156 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870
14:42:01.250 Disk 0 scanning sectors +156296385
14:42:01.640 Disk 0 scanning C:\WINDOWS\system32\drivers
14:42:59.218 Service scanning
14:43:14.937 Service PCANDIS5 C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS **LOCKED** 5
14:43:28.109 Modules scanning
14:44:17.093 Disk 0 trace - called modules:
14:44:17.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:44:17.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855941f0]
14:44:17.156 3 CLASSPNP.SYS[f75f2fd7] -> nt!IofCallDriver -> \Device\0000007a[0x855509e8]
14:44:17.171 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x855c9d98]
14:44:17.609 AVAST engine scan C:\WINDOWS
14:45:17.250 AVAST engine scan C:\WINDOWS\system32
14:53:06.171 AVAST engine scan C:\WINDOWS\system32\drivers
14:54:14.531 AVAST engine scan C:\Dokumente und Einstellungen\Droge
15:24:46.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\MBR.dat"
15:24:46.328 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\aswMBR 2012-09-07.txt"
Danke
Annettsche
Hier noch mal aswMBR mit "Scan finished successfully" Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-07 16:25:43
-----------------------------
16:25:43.750 OS Version: Windows 5.1.2600 Service Pack 3
16:25:43.750 Number of processors: 1 586 0x2402
16:25:43.750 ComputerName: ANNETTE UserName: Droge
16:25:44.484 Initialize success
16:25:57.546 AVAST engine defs: 12090700
16:26:00.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:26:00.109 Disk 0 Vendor: HTS541080G9AT00 MB4OA60A Size: 76319MB BusType: 3
16:26:00.140 Disk 0 MBR read successfully
16:26:00.140 Disk 0 MBR scan
16:26:00.203 Disk 0 unknown MBR code
16:26:00.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68511 MB offset 63
16:26:00.218 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 6769 MB offset 140327775
16:26:00.234 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870
16:26:00.250 Disk 0 scanning sectors +156296385
16:26:00.296 Disk 0 scanning C:\WINDOWS\system32\drivers
16:26:19.937 Service scanning
16:26:35.312 Service PCANDIS5 C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS **LOCKED** 5
16:26:47.718 Modules scanning
16:26:59.312 Disk 0 trace - called modules:
16:26:59.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:26:59.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855941f0]
16:26:59.375 3 CLASSPNP.SYS[f75f2fd7] -> nt!IofCallDriver -> \Device\0000007a[0x855509e8]
16:26:59.375 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x855c9d98]
16:26:59.750 AVAST engine scan C:\WINDOWS
16:27:20.890 AVAST engine scan C:\WINDOWS\system32
16:29:56.250 AVAST engine scan C:\WINDOWS\system32\drivers
16:30:17.828 AVAST engine scan C:\Dokumente und Einstellungen\Droge
16:46:55.828 AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:48:19.203 Scan finished successfully
16:53:25.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\MBR.dat"
16:53:25.812 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\aswMBR 2012-09-07_01.txt"
Danke |
aswMBR.exe und speichere die Datei auf deinem Desktop.