Mysterious virtual harddrive without access

Mysterious virtual harddrive without access

Unread postby Schubi » October 8th, 2011, 2:56 pm

I recognized a virtual harddrive which I did not create and I do not know where it comes from.
In addition I cannot access it.
I would be happy if you can help. Thx.

*********** DDS.txt ************************************************
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Hartmut at 20:33:53 on 2011-10-08
============== Running Processes ===============
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k WindowsMobile
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=smsn
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NWEReboot]
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer =
TCP: Interfaces\{56580737-D9B4-4690-8899-62B339230D1E} : DhcpNameServer =
TCP: Interfaces\{91E3CF70-F5FF-4CF5-A7B3-43D6744D0A0F} : DhcpNameServer =
TCP: Interfaces\{91E3CF70-F5FF-4CF5-A7B3-43D6744D0A0F}\75C414E4 : DhcpNameServer =
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\hartmut\appdata\roaming\mozilla\firefox\profiles\2l1spfzd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=gr ... =827316&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: q:\140062.enu\office14\NPAUTHZ.DLL
FF - plugin: q:\140062.enu\office14\NPSPWRAP.DLL
============= SERVICES / DRIVERS ===============
R? AVerPola;AVerMedia USB Polaris Series Capture Service
R? AVPolCIR;AVerMedia USB Polaris Series Custom IR Service
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety-Dienst
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update-Dienst (gupdatem)
R? MODRC;DiBcom Infrared Receiver
R? MpKsl25391a4f;MpKsl25391a4f
R? MpKsl3198201c;MpKsl3198201c
R? MpKsl3850d811;MpKsl3850d811
R? MpKsl57367506;MpKsl57367506
R? MpKsl5cbf6f6b;MpKsl5cbf6f6b
R? MpKsl6fa1d6bf;MpKsl6fa1d6bf
R? MpKsl72e083f2;MpKsl72e083f2
R? MpKsl747e7732;MpKsl747e7732
R? MpKsl8ea58ca4;MpKsl8ea58ca4
R? MpKsld3602999;MpKsld3602999
R? MSSQLServerADHelper100;SQL Server Hilfsdienst fr Active Directory
R? qamaptcu;qamaptcu
R? RsFx0150;RsFx0150 Driver
R? RTL8167;Realtek 8167 NT Driver
R? TsUsbFlt;TsUsbFlt
S? AAV UpdateService;AAV UpdateService
S? AVerRemote;AVerRemote
S? AVerScheduleService;AVerScheduleService
S? cvhsvc;Client Virtualization Handler
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl3d1cfd5f;MpKsl3d1cfd5f
S? MpNWMon;Microsoft Malware Protection Network Driver
S? MsDepSvc;Webbereitstellungs-Agent-Dienst
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft-Netzwerkinspektion
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? OberonGameConsoleService;Oberon Media Game Console service
S? osppsvc;Office Software Protection Platform
S? Rezip;Rezip
S? rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber
S? SABI;SAMSUNG Kernel Driver For Windows 7
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
=============== Created Last 30 ================
2011-10-08 15:16:44 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d763eb0-c2b6-440a-910b-095d273f57ad}\MpKsl3d1cfd5f.sys
2011-10-08 15:16:39 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d763eb0-c2b6-440a-910b-095d273f57ad}\offreg.dll
2011-10-08 15:08:00 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d763eb0-c2b6-440a-910b-095d273f57ad}\mpengine.dll
2011-10-06 19:05:09 -------- d-----w- c:\users\hartmut\appdata\roaming\Broad Intelligence
2011-10-06 19:04:52 -------- d-----w- c:\program files\MediaCoder
2011-10-04 18:39:29 -------- d-----w- c:\users\hartmut\appdata\roaming\DVDVideoSoft
2011-10-03 16:58:52 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2011-10-03 16:57:47 73568 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2011-10-03 16:55:42 -------- d-----w- c:\windows\system32\RsFx
2011-10-03 16:45:33 -------- d-----w- c:\windows\system32\1031
==================== Find3M ====================
2011-10-04 18:28:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
============= FINISH: 20:37:36,95 ===============

*********** attach.txt ************************************************

==== Installed Programs ======================
ACDSee Foto-Manager 12
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.6 MUI
Alice Greenfingers
Amazon MP3-Downloader 1.0.9
AnyPC Client
Atheros Client Installation Program
AVerMedia Gaming Plug-in
AVerMedia H830 USB Hybrid TV
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
CDex - Open Source Digital Audio CD Extractor
CyberLink PowerDVD 8
CyberLink YouCam
Dairy Dash
Designer 2.0
DHTML Editing Component
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
ESET Online Scanner v3
Farm Frenzy 2
Game Pack
GIMP 2.6.11
Go-Go Gourmet
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
IIS 7.5 Express
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MediaCoder 2011
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Antimalware
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - DEU
Microsoft Choice Guard
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office ScreenTip Language 2010 - Deutsch
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2-Setup (Deutsch)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server Browser
Microsoft SQL Server Compact 4.0 DEU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Deploy 2.0
Microsoft Web Platform Installer 3.0
Microsoft WebMatrix
Microsoft Works
MITs Wizard 3.0 for Device
Mozilla Firefox 6.0.2 (x86 de)
NVIDIA Drivers
Office 2010 Trial Extender Version
PDF Blender
pdfforge Toolbar v4.6
Qt SDK 2009.05
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype Toolbars
Skype™ 4.2
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Steuer-Spar-Erklärung 2010
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
Turbo Lister 2
Unterstützungsdateien für Microsoft SQL Server 2008-Setup
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
User Guide
Webtools von Microsoft SQL Server Compact 4.0 DEU
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (06/15/2009
Windows Driver Package - Broadcom Bluetooth (07/30/2009
Windows Driver Package - Broadcom HIDClass (07/28/2009
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Mobile-Gerätecenter
Windows Mobile Device Center Driver Update
Windows Mobile®-Gerätehandbuch
yEd Graph Editor 3.4.1
==== End Of File ===========================
Regular Member
Posts: 21
Joined: October 8th, 2011, 11:59 am
Re: Mysterious virtual harddrive without access

Unread postby Gary R » October 8th, 2011, 8:25 pm

Your DDS logs appear to have been edited ...... may I draw your attention to this topic .... http://malwareremoval.com/forum/viewtop ... 36#p494336 .... which you should have read before posting for help.

If you still require help, please start a new topic, and post a set of unedited DDS logs and a description of your problems.

This topic is now closed.
User avatar
Gary R
Posts: 21810
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

