Trojaner-Board - Trojaner, Festplatte beschädigt

GMER habe ich wegen PC absturz weggelassen.

OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:04:47 on 29.04.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - E:\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"802.11g Wireless LAN PCI Card Driver" (rtl8185) - ? - C:\WINDOWS\System32\DRIVERS\rtl8185.sys  (File not found)

"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys

"AEGIS Protocol (IEEE 802.1x) v3.4.5.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys

"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys

"hotcore3" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore3.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"regi" (regi) - "InterVideo" - C:\WINDOWS\System32\drivers\regi.sys

"SjyPkt" (SjyPkt) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\Drivers\SjyPkt.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll  (File not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - E:\Tunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"Unibet" - "Microgaming" - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_20\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe

"PartyPoker.com" - ? - E:\PartyPoker\PartyPoker\RunApp.exe

"PokerStars" - "PokerStars" - C:\Programme\PokerStars\PokerStarsUpdate.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? -   (File not found | COM-object registry key not found)

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Maximilian\Startmenü\Programme\Autostart\desktop.ini

"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"LtuBJrJRDEvvaD" - "WinTrust" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LtuBJrJRDEvvaD.exe

"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "E:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe

"GEST" - ? - =  (File not found)

"iTunesHelper" - "Apple Inc." - "E:\Tunes\iTunesHelper.exe"

"OSSelectorReinstall" - ? - C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe  (File found, but it contains no detailed information)

"QuickTime Task" - "Apple Inc." - "E:\QuickTime\qttask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe

"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PEVSystemStart" (PEVSystemStart) - ? - C:\cofi\PEV.cfxxe  (File found, but it contains no detailed information)

"PostgreSQL Database Server 8.3" (pgsql-8.3) - "PostgreSQL Global Development Group" - E:\Poker\PostgreSQL\8.3\bin\pg_ctl.exe

"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA338000 hotcore3.sys
0xBA340000 sfsync02.sys
0xBA0E8000 VolSnap.sys
0xB9F30000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F10000 fltMgr.sys
0xB9EFE000 sr.sys
0xBA118000 PxHelp20.sys
0xB9EE7000 KSecDD.sys
0xB9ED4000 WudfPf.sys
0xB9E47000 Ntfs.sys
0xB9E1A000 NDIS.sys
0xB9E02000 snapman.sys
0xBA348000 sfhlp02.sys
0xB9DF1000 sfdrv01.sys
0xB9DD7000 Mup.sys
0xBA288000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA588000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB5144000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB5130000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB5108000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB50EE000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA298000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA58C000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB50CB000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA590000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA418000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB50A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA594000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB5093000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB507C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA430000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB506B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA148000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA438000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA440000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA158000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA448000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB500D000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA278000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA89D8000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xA8999000 \SystemRoot\system32\drivers\portcls.sys
0xBA238000 \SystemRoot\system32\drivers\drmk.sys
0xA82E1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA612000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA6176000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xBA63A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA4350000 \SystemRoot\System32\Drivers\Null.SYS
0xBA63C000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
0xBA63E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA640000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA5D35000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA388000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA4353000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA27A2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2749000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2721000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA26FB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA26D9000 \SystemRoot\System32\drivers\afd.sys
0xA82B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB56CB000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA26AE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA5C55000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA263E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2CFE000 \SystemRoot\System32\Drivers\Fips.SYS
0xB5D6B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA2CCE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB5D67000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA2CBE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA2626000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA632000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA5BD1000 \SystemRoot\System32\drivers\Dxapi.sys
0xA309A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7EA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF062000 \SystemRoot\System32\ati2cqag.dll
0xBF0EB000 \SystemRoot\System32\atikvmag.dll
0xBF157000 \SystemRoot\System32\atiok3x2.dll
0xBF19A000 \SystemRoot\System32\ati3duag.dll
0xBF557000 \SystemRoot\System32\ativvaxx.dll
0xBF76D000 \SystemRoot\System32\ATMFD.DLL
0xA66F8000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB5DB3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0270000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA1E8000 \SystemRoot\system32\drivers\sysaudio.sys
0x9FC21000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5C8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x9FAB1000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA620000 \SystemRoot\system32\drivers\regi.sys
0x9F5BA000 \SystemRoot\System32\Drivers\HTTP.sys
0x9F1AD000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
716 C:\WINDOWS\system32\smss.exe
764 csrss.exe
800 C:\WINDOWS\system32\winlogon.exe
844 C:\WINDOWS\system32\services.exe
876 C:\WINDOWS\system32\lsass.exe
1056 C:\WINDOWS\system32\ati2evxx.exe
1076 C:\WINDOWS\system32\svchost.exe
1144 svchost.exe
1248 C:\WINDOWS\system32\svchost.exe
1288 C:\WINDOWS\system32\svchost.exe
1384 svchost.exe
1456 svchost.exe
1552 C:\WINDOWS\system32\ati2evxx.exe
1628 C:\WINDOWS\system32\spoolsv.exe
692 C:\WINDOWS\explorer.exe
1372 C:\WINDOWS\RTHDCPL.exe
1588 E:\Tunes\iTunesHelper.exe
1636 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
248 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
264 C:\Programme\FreePDF_XP\fpassist.exe
272 C:\Programme\DivX\DivX Update\DivXUpdate.exe
372 C:\WINDOWS\system32\ctfmon.exe
396 C:\Programme\Windows Live\Messenger\msnmsgr.exe
504 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LtuBJrJRDEvvaD.exe
612 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18603828.exe
1324 svchost.exe
1520 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1796 C:\Programme\Bonjour\mDNSResponder.exe
1948 C:\Programme\ICQ6Toolbar\ICQ Service.exe
2176 C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
2196 C:\Programme\Java\jre6\bin\jqs.exe
2388 C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
2552 C:\WINDOWS\system32\searchindexer.exe
4056 C:\Programme\Internet Explorer\iexplore.exe
2108 C:\Programme\iPod\bin\iPodService.exe
1276 C:\WINDOWS\system32\wscntfy.exe
2448 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2960 alg.exe
3048 wmiprvse.exe
3568 C:\Programme\Internet Explorer\iexplore.exe
3356 C:\WINDOWS\system32\searchprotocolhost.exe
236 searchfilterhost.exe
668 F:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000007`92046200 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000025`f6855e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500AAKS-00L9A0, Rev: 01.03E01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!