horst2011 | 25.10.2011 23:02 | Hier die Logdatei von GMER: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-25 18:49:57
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C
Running: q5wphjsj.exe; Driver: C:\Users\Martin\AppData\Local\Temp\pxdiypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8327E569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832A3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spmb.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 97B2ACA0 5 Bytes JMP 85BB54E0
.text a9pzudn6.SYS 98B5A000 12 Bytes [44, 98, 20, 83, EE, 96, 20, ...]
.text a9pzudn6.SYS 98B5A00D 9 Bytes [77, 20, 83, 48, 9B, 20, 83, ...] {JA 0x22; OR DWORD [EAX-0x65], 0x20; ADD DWORD [EAX], 0x0}
.text a9pzudn6.SYS 98B5A017 20 Bytes [00, DE, 07, 9C, 8B, E6, 05, ...]
.text a9pzudn6.SYS 98B5A02C 20 Bytes [00, 00, 00, 00, A0, 91, 27, ...]
.text a9pzudn6.SYS 98B5A041 128 Bytes [36, 2A, 83, 60, 35, 2A, 83, ...]
.text ...
PAGE peauth.sys 9E50602C 102 Bytes JMP BA2B4CB9
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B8B6042] \SystemRoot\System32\Drivers\spmb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B8B66D6] \SystemRoot\System32\Drivers\spmb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B8B6800] \SystemRoot\System32\Drivers\spmb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B8B613E] \SystemRoot\System32\Drivers\spmb.sys
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a9pzudn6.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DB2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D95624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DB250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DA8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DA4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DA50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DA51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73DA66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DA82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DA8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DA907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DAE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2580] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DA4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8684D1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
Device \Driver\volmgr \Device\VolMgrControl 85B821F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7AAB0DAA-F217-43C3-8274-37883AC321C5} 871B01F8
Device \Driver\usbuhci \Device\USBPDO-0 8726F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A4931F96-242E-470B-88F1-49A416556CE8} 871B01F8
Device \Driver\usbuhci \Device\USBPDO-1 8726F1F8
Device \Driver\usbuhci \Device\USBPDO-2 8726F1F8
Device \Driver\usbehci \Device\USBPDO-3 873FD500
Device \Driver\usbuhci \Device\USBPDO-4 8726F1F8
Device \Driver\usbuhci \Device\USBPDO-5 8726F1F8
Device \Driver\sptd \Device\2719853500 spmb.sys
Device \Driver\usbuhci \Device\USBPDO-6 8726F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85B821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 873FD500
Device \Driver\volmgr \Device\HarddiskVolume2 85B821F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 870F93C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85B841F8
Device \Driver\atapi \Device\Ide\IdePort0 85B841F8
Device \Driver\atapi \Device\Ide\IdePort1 85B841F8
Device \Driver\atapi \Device\Ide\IdePort2 85B841F8
Device \Driver\atapi \Device\Ide\IdePort3 85B841F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85B841F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 85B851F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 85B851F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 85B851F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 85B851F8
Device \Driver\cdrom \Device\CdRom1 870F93C8
Device \Driver\PCI_PNP7499 \Device\00000073 spmb.sys
Device \Driver\ACPI_HAL \Device\00000066 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 871B01F8
Device \Driver\usbuhci \Device\USBFDO-0 8726F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8726F1F8
Device \Driver\usbuhci \Device\USBFDO-2 8726F1F8
Device \Driver\usbehci \Device\USBFDO-3 873FD500
Device \Driver\usbuhci \Device\USBFDO-4 8726F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8726F1F8
Device \Driver\usbuhci \Device\USBFDO-6 8726F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{83C7B35A-692F-409F-99A7-E270C64A7DE5} 871B01F8
Device \Driver\usbehci \Device\USBFDO-7 873FD500
Device \Driver\NetBT \Device\NetBT_Tcpip_{E73D388C-9E80-4060-AF7F-30D55D58DFE8} 871B01F8
Device \Driver\a9pzudn6 \Device\Scsi\a9pzudn61Port4Path0Target0Lun0 874DE500
Device \Driver\a9pzudn6 \Device\Scsi\a9pzudn61 874DE500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x17 0xC7 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0xA8 0x3C 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x7A 0x54 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x17 0xC7 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0xA8 0x3C 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x7A 0x54 0x02 ...
---- EOF - GMER 1.0.15 ---- Hier die Logdatei von Osam: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:56:08 on 25.10.2011
OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 7.0.1
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a9pzudn6" (a9pzudn6) - "Microsoft Corporation" - C:\Windows\system32\drivers\a9pzudn6.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys
"catchme" (catchme) - ? - C:\Users\Martin\AppData\Local\Temp\catchme.sys (File not found)
"Int 15" (Int15) - ? - C:\Windows\System32\drivers\int15.sys (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys (File not found)
"MpKsl52af8ab0" (MpKsl52af8ab0) - ? - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA2553AC-144C-47A5-96A1-79D28329F12A}\MpKsl52af8ab0.sys (File not found)
"MpKsl668cdd3f" (MpKsl668cdd3f) - ? - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA2553AC-144C-47A5-96A1-79D28329F12A}\MpKsl668cdd3f.sys (File not found)
"NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\NSNDIS5.SYS
"pxdiypow" (pxdiypow) - ? - C:\Users\Martin\AppData\Local\Temp\pxdiypow.sys (Hidden registry entry, rootkit activity | File not found)
"Safend Spfd Device" (Spfd) - "Safend Ltd." - C:\Windows\System32\DRIVERS\Spfd.sys
"Safend Spfd Virtual Bus" (SpfdBus) - "Safend Ltd." - C:\Windows\System32\DRIVERS\SpfdBus.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\Windows\system32\Drivers\vmci.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{4746C79A-2042-4332-8650-48966E44ABA8} "CPureGoProtoInfo Object" - "Cisco Systems, Inc." - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll
{494D4E3B-FA53-4487-8AF6-3F50FE1167A9} "gameboxchrome" - ? - (File not found | COM-object registry key not found)
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI8079~1\shellext.dll
{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\ProgramData\AllDup\FEShlExt.dll
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
"Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Anti-phishing Domain Advisor" - "Visicom Media Inc. (Powered by Panda Security)" - "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (File found, but it contains no detailed information)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"Pure Networks Platform Service" (nmservice) - "Cisco Systems, Inc." - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
"spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Workstation\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Workstation\vsocklib.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Zum Schluss die Logfile von aswMBR: Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-25 19:38:04
-----------------------------
19:38:04.037 OS Version: Windows 6.1.7600
19:38:04.037 Number of processors: 2 586 0xF0D
19:38:04.040 ComputerName: MARTIN-PC UserName: Martin
19:38:06.577 Initialize success
19:39:10.703 AVAST engine defs: 11102501
19:39:16.293 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:39:16.296 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 11
19:39:19.271 Disk 0 MBR read successfully
19:39:19.274 Disk 0 MBR scan
19:39:19.280 Disk 0 Windows 7 default MBR code
19:39:20.207 Disk 0 scanning sectors +488394752
19:39:21.057 Disk 0 scanning C:\Windows\system32\drivers
19:41:00.899 Service scanning
19:41:05.354 Service MpKsl66a93c0c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD7A9F62-C6C4-42BB-A596-67C147B7E2C0}\MpKsl66a93c0c.sys **LOCKED** 32
19:41:05.359 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:41:05.460 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:41:06.047 Modules scanning
19:43:55.886 Disk 0 trace - called modules:
19:43:55.992 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85b841f8]<<
19:43:55.998 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e49030]
19:43:56.004 3 CLASSPNP.SYS[8bf9b59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x868c7908]
19:43:56.014 \Driver\atapi[0x86911c98] -> IRP_MJ_CREATE -> 0x85b841f8
19:44:01.866 AVAST engine scan C:\Windows
19:45:21.673 AVAST engine scan C:\Windows\system32
20:02:08.388 AVAST engine scan C:\Windows\system32\drivers
20:02:41.499 AVAST engine scan C:\Users\Martin
20:52:55.890 AVAST engine scan C:\ProgramData
20:56:01.553 Scan finished successfully
21:02:12.905 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
21:02:12.989 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt" |