Kit Fisto | 31.01.2011 20:33 | GMER Logfile: Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-31 20:19:32
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-7 SAMSUNG_HD501LJ rev.CR100-11
Running: bcghf2qz.exe; Driver: C:\Users\***\AppData\Local\Temp\pxtyqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 8B83A41B 5 Bytes JMP 85E35770
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC09320, 0x3DE2A7, 0xE8000020]
.text aofvqobj.SYS 8B946000 22 Bytes [82, E3, 1C, 82, 6C, E2, 1C, ...]
.text aofvqobj.SYS 8B946017 98 Bytes [00, 32, 87, 6F, 80, 3D, 85, ...]
.text aofvqobj.SYS 8B94607A 82 Bytes [EF, 81, 18, C0, E1, 81, E7, ...]
.text aofvqobj.SYS 8B9460CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text aofvqobj.SYS 8B946118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060561E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80604AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80605748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80604B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80604C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00252F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00252D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00252CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00252CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01DA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01DA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01DA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01DA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00132F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00132D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00132CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00132CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01572F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01572D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01572CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01572CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00222F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00222D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00222CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00222CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8446F1E8
Device \Driver\volmgr \Device\VolMgrControl 8446C1E8
Device \Driver\usbohci \Device\USBPDO-0 85E3C3F8
Device \Driver\usbehci \Device\USBPDO-1 85E3D1E8
Device \Driver\volmgr \Device\HarddiskVolume1 8446C1E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 8446C1E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 860C81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort0 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort1 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort2 8446E1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort3 8446E1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-6 8446E1E8
Device \Driver\volmgr \Device\HarddiskVolume3 8446C1E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 860C81E8
Device \Driver\cdrom \Device\CdRom2 860C81E8
Device \Driver\cdrom \Device\CdRom3 860C81E8
Device \Driver\netbt \Device\NetBT_Tcpip_{4BC350F3-3323-4EF6-83F9-CD5B3360E29E} 8635C790
Device \Driver\netbt \Device\NetBt_Wins_Export 8635C790
Device \Driver\PCI_NTPNP7304 \Device\0000004b sptd.sys
Device \Driver\iScsiPrt \Device\RaidPort0 85E411E8
Device \Driver\usbohci \Device\USBFDO-0 85E3C3F8
Device \Driver\usbehci \Device\USBFDO-1 85E3D1E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1Port5Path0Target2Lun0 85E851E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1 85E851E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1Port5Path0Target1Lun0 85E851E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1Port5Path0Target0Lun0 85E851E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xF7 0xD4 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0xC2 0x85 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xF5 0x55 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0x32 0x9A 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8E 0xD4 0xC6 0xD1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xF7 0xD4 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0xC2 0x85 0x83 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xF5 0x55 0xE8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0x32 0x9A 0xBA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8E 0xD4 0xC6 0xD1 ...
---- EOF - GMER 1.0.15 ---- --- --- ---
OSAM Logfile: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:27:15 on 31.01.2011
OS: Windows Vista Ultimate Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.16
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information)
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ac3filter.cpl" - ? - C:\Windows\system32\ac3filter.cpl
"Diamondback.cpl" - "Razer Inc." - C:\Windows\system32\Diamondback.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\Windows\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Program Files\Sony Ericsson\Mobile4\Mobile Phone Monitor\ecsepm.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aofvqobj" (aofvqobj) - "Microsoft Corporation" - C:\Windows\system32\drivers\aofvqobj.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi31788c\catchme.sys (File not found)
"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\DRIVERS\PxHelp20.sys
"pxtyqpob" (pxtyqpob) - ? - C:\Users\***\AppData\Local\Temp\pxtyqpob.sys (Hidden registry entry, rootkit activity | File not found)
"Sony Digital Imaging Video2" (sonypvs1) - "Sony Corporation" - C:\Windows\System32\DRIVERS\sonypvs1.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WebCamDV DV to Webcam Converter" (WebCamDV) - ? - C:\Windows\System32\DRIVERS\WebCamDV.sys (File not found)
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll
{BBD2BACA-BEED-4307-86F7-563562FCFC13} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information)
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PHOTOfunSTUDIO HD Edition.lnk" - "Panasonic Corporation" - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools" - "DT Soft Ltd." - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Diamondback" - ? - C:\Program Files\Razer\Diamondback\razerhid.exe
"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"PC Suite for Smartphones" - ? - "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SQL Server (SONY_MEDIAMGR2)" (MSSQL$SONY_MEDIAMGR2) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
===[ Logfile end ]=========================================[ Logfile end ]=== --- --- ---
MBRCheck Code:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7369
Logical Drives Mask: 0x0000037c
Kernel Drivers (total 156):
0x81E0E000 \SystemRoot\system32\ntkrnlpa.exe
0x821C7000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\PSHED.dll
0x80421000 \SystemRoot\system32\BOOTVID.dll
0x80429000 \SystemRoot\system32\CLFS.SYS
0x8046A000 \SystemRoot\system32\CI.dll
0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\System32\Drivers\sptd.sys
0x806ED000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x806F6000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8071C000 \SystemRoot\system32\drivers\acpi.sys
0x80762000 \SystemRoot\system32\drivers\msisadrv.sys
0x8076A000 \SystemRoot\system32\drivers\pci.sys
0x80791000 \SystemRoot\System32\drivers\partmgr.sys
0x807A0000 \SystemRoot\system32\drivers\volmgr.sys
0x807AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x807F9000 \SystemRoot\system32\drivers\pciide.sys
0x805D3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805E1000 \SystemRoot\System32\drivers\mountmgr.sys
0x805F1000 \SystemRoot\system32\drivers\atapi.sys
0x82C05000 \SystemRoot\system32\drivers\ataport.SYS
0x82C23000 \SystemRoot\system32\drivers\fltmgr.sys
0x82C55000 \SystemRoot\system32\drivers\fileinfo.sys
0x82C65000 \SystemRoot\system32\DRIVERS\PxHelp20.sys
0x82C6F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82CE0000 \SystemRoot\system32\drivers\ndis.sys
0x82E07000 \SystemRoot\system32\drivers\msrpc.sys
0x82E32000 \SystemRoot\system32\drivers\NETIO.SYS
0x82E6D000 \SystemRoot\System32\drivers\tcpip.sys
0x82F57000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F15000 \SystemRoot\system32\drivers\volsnap.sys
0x87F4E000 \SystemRoot\System32\Drivers\spldr.sys
0x87F56000 \SystemRoot\system32\speedfan.sys
0x87F58000 \SystemRoot\System32\Drivers\mup.sys
0x87F67000 \SystemRoot\system32\giveio.sys
0x87F68000 \SystemRoot\System32\drivers\ecache.sys
0x87F8F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x87FB3000 \SystemRoot\system32\drivers\disk.sys
0x87FC4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FE5000 \SystemRoot\system32\drivers\crcdisk.sys
0x82F96000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82FA1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82FAA000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x82FBA000 \SystemRoot\system32\DRIVERS\serial.sys
0x82FD4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x82FDE000 \SystemRoot\system32\DRIVERS\parport.sys
0x82FF6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B80A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B848000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B857000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B8E4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B8F4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B902000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x8B90B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B923000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8BC09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C313000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C3B4000 \SystemRoot\System32\drivers\watchdog.sys
0x8B945000 \SystemRoot\System32\Drivers\aofvqobj.SYS
0x8C3C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B9AC000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C3EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C406000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C41D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C428000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C44B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C45A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C46E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C483000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8C50C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C51C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C527000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C532000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C534000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C55E000 \SystemRoot\system32\DRIVERS\zebrceb.sys
0x8C56C000 \SystemRoot\system32\DRIVERS\zebrwh.sys
0x8C56E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C578000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C585000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C5BA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C800000 \SystemRoot\system32\drivers\HdAudio.sys
0x8C83F000 \SystemRoot\system32\drivers\portcls.sys
0x8C86C000 \SystemRoot\system32\drivers\drmk.sys
0x8C891000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C89A000 \SystemRoot\System32\Drivers\Null.SYS
0x8C8A1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C8B1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C8B8000 \SystemRoot\System32\drivers\vga.sys
0x8C8C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C8E5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C8ED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C8F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C900000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C90E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C917000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C92D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C941000 \SystemRoot\system32\drivers\afd.sys
0x8C989000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C9BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C9D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C9DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C9F2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CC04000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CC40000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CC4A000 \SystemRoot\system32\drivers\csc.sys
0x8CCA5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CCBC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CCE2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CCF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CCFB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8D00A000 \SystemRoot\system32\drivers\LVUSBSta.sys
0x8D013000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0x8D14A000 \SystemRoot\system32\drivers\usbaudio.sys
0x8D15C000 \SystemRoot\System32\Drivers\Razerlow.sys
0x8D160000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D169000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D179000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D181000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D18A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D197000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D1A2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8D1AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x96A90000 \SystemRoot\System32\win32k.sys
0x8D1BB000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D1C5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96CB0000 \SystemRoot\System32\TSDDD.dll
0x96CD0000 \SystemRoot\System32\cdd.dll
0x96CE0000 \SystemRoot\System32\ATMFD.DLL
0x8D1D4000 \SystemRoot\system32\drivers\luafv.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8CE1D000 \SystemRoot\system32\drivers\spsys.sys
0x8CECD000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x8CEFD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CF0D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8CF20000 \SystemRoot\system32\drivers\HTTP.sys
0x8CF8D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8CFAA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CFC3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8CFD8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8CCFD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CD1C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CD55000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8CD6D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8CD95000 \SystemRoot\System32\DRIVERS\srv.sys
0x8CFF9000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9EA03000 \SystemRoot\system32\drivers\peauth.sys
0x9EAE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EAEB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EAF7000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9EAFC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9EB12000 \??\C:\Users\***\AppData\Local\Temp\pxtyqpob.sys
0x77080000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools\daemon.dll
Processes (total 62):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
616 csrss.exe
668 C:\Windows\System32\wininit.exe
676 csrss.exe
716 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\winlogon.exe
984 C:\Windows\System32\nvvsvc.exe
1012 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1204 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1244 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\audiodg.exe
1360 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\SLsvc.exe
1440 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\rundll32.exe
1644 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\spoolsv.exe
1872 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1892 C:\Windows\System32\svchost.exe
584 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
688 C:\Windows\System32\bgsvcgen.exe
864 C:\Program Files\Bonjour\mDNSResponder.exe
996 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1764 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2104 C:\Windows\System32\svchost.exe
2148 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2200 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2216 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2260 C:\Windows\System32\svchost.exe
2356 C:\Windows\System32\svchost.exe
2388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2484 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2492 C:\Windows\System32\taskeng.exe
2584 C:\Windows\System32\dwm.exe
2704 C:\Windows\System32\SearchIndexer.exe
2944 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3036 C:\Windows\System32\taskeng.exe
3080 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3100 C:\Program Files\Razer\Diamondback\razerhid.exe
3108 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3208 C:\Windows\System32\rundll32.exe
3220 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3328 C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
3732 C:\Program Files\Google\Update\GoogleUpdate.exe
940 C:\Windows\System32\svchost.exe
3480 C:\Program Files\Razer\Diamondback\razertra.exe
1216 C:\Program Files\Razer\Diamondback\razerofa.exe
1456 C:\Windows\System32\wuauclt.exe
5600 C:\Windows\explorer.exe
5668 C:\Program Files\Mozilla Firefox\firefox.exe
5996 C:\Windows\System32\SearchProtocolHost.exe
3948 C:\Windows\System32\SearchFilterHost.exe
3712 C:\Users\***\Desktop\MBRCheck.exe
3372 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x0000000c`80100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
PhysicalDrive1 Model Number: SAMSUNGHD501LJ, Rev: CR100-11
PhysicalDrive0 Model Number: ST3160023AS, Rev: 3.00
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done! |