Trojaner-Board - TR/Crypt:Xpack.gen in Skype.exe

Hier ist erstmal der GMER scan (konnte ihn aber nur einmal auf C machen, da er ansonsten immer abgestürzt ist).

Ich führe dann jetzt OSAM aus.

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2010-12-28 10:45:15

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11

Running: yczqw3t2.exe; Driver: C:\DOKUME~1\X\LOKALE~1\Temp\uwtdipow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwAllocateVirtualMemory [0xA1C1FFE0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwAssignProcessToJobObject [0xA1C1FF10]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwClose [0xA1C1E0E0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwConnectPort [0xA1C20280]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwCreateFile [0xA1C1DAB0]

SSDT   F7B13E7E                                                                                                                                                ZwCreateKey

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwCreateProcess [0xA1C1F3B0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwCreateProcessEx [0xA1C1F4A0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwCreateSection [0xA1C1D6E0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwCreateSymbolicLinkObject [0xA1C1E3B0]

SSDT   F7B13E74                                                                                                                                                ZwCreateThread

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwDebugActiveProcess [0xA1C208B0]

SSDT   F7B13E83                                                                                                                                                ZwDeleteKey

SSDT   F7B13E8D                                                                                                                                                ZwDeleteValueKey

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwEnumerateKey [0xA1C1E710]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwEnumerateValueKey [0xA1C1E7F0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwFsControlFile [0xA1C1D9C0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwLoadDriver [0xA1C22900]

SSDT   F7B13E92                                                                                                                                                ZwLoadKey

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwMakeTemporaryObject [0xA1C1E2F0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwOpenFile [0xA1C1DF40]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwOpenKey [0xA1C1E580]

SSDT   F7B13E60                                                                                                                                                ZwOpenProcess

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwOpenSection [0xA1C1D7B0]

SSDT   F7B13E65                                                                                                                                                ZwOpenThread

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwProtectVirtualMemory [0xA1C201A0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwQueryKey [0xA1C1E8D0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwQueryValueKey [0xA1C1E9B0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwQueueApcThread [0xA1C1FE40]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwRenameKey [0xA1C1EEB0]

SSDT   F7B13E9C                                                                                                                                                ZwReplaceKey

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwRequestPort [0xA1C20550]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwRequestWaitReplyPort [0xA1C20620]

SSDT   F7B13E97                                                                                                                                                ZwRestoreKey

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSaveKey [0xA1C1EC40]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSaveKeyEx [0xA1C1ED10]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSecureConnectPort [0xA1C20370]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSetContextThread [0xA1C1FD50]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSetInformationDebugObject [0xA1C20980]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSetSecurityObject [0xA1C20A80]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSetSystemInformation [0xA1C1F060]

SSDT   F7B13E88                                                                                                                                                ZwSetValueKey

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSuspendProcess [0xA1C1FBA0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSuspendThread [0xA1C1FC60]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwSystemDebugControl [0xA1C207D0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwTerminateProcess [0xA1C1F890]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwTerminateThread [0xA1C1FA50]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwUnloadDriver [0xA1C1F130]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwWriteFile [0xA1C1D8B0]

SSDT   \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.)                                                                       ZwWriteVirtualMemory [0xA1C200C0]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  ntkrnlpa.exe!ZwCallbackReturn + 2E64                                                                                                                    80504700 4 Bytes  CALL A966E8C6 

.text  ntkrnlpa.exe!ZwCallbackReturn + 2EA8                                                                                                                    80504744 4 Bytes  JMP 0C6AE90A 

.text  ntkrnlpa.exe!ZwCallbackReturn + 2FD8                                                                                                                    80504874 12 Bytes  [A0, FB, C1, A1, 60, FC, C1, ...]

.text  C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                                                section is writeable [0xF4FA7000, 0x198FE0, 0xE8000020]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT    \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                                                      [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT    \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                                                     [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT    \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                                                       [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT    \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                                                      [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT    \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                                        [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT    \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                                                       [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT    \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                                                                      [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

IAT    \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                                                      [F4D5D0AC] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
 

---- Registry - GMER 1.0.15 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd6d4d                                                                             

Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015affd6d4d (not active ControlSet)                                                         

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@iTunes                    ??????????B?????????????????C:\WINDOWS\Installer\2cd1ff7.msi?A???????????s????????????????????????????????$??????????t??AppleCare Support???20091109?????????????f???????0??9.0.2.25?}????B?????????????hxxp://www.apple.com/de/support/????F:\iTunes\??????? ???????T??????ei??01805 009 433???9.0.2.25????????????????????? ??????????????????????????????N?????????????????N???????????N??????a??{00020424-0000-0000-C000-000000000046}??????????? ??????????????????????????????N?br?????b??????????????????????{9E93C96F-CF0D-43F6-8BA8-B807A3370712}??0???????????????????????1.c?????? ???????-???????????????? ?????????&???????????????????????????????????IiTunes?????? ??????????????????????????????N?????????????????????????N?????????{00020424-0000-0000-C000-000000000046}??? ??????? ??????????????????????????????N?????????????????N???????????N??????e??{00020424-0000-0000-C000-000000000046}??????? ??????????????????????????????N????????b????????????????0-C0??{9E93C96F-CF0D-43F6-8BA8-B807A3370712}???????????????????n??1.c?????? ?

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@GEAR                      wrj2b!MWC]I~n*tPfdZOZLy8k=Bk.?0gjLiiedIAAoAE]@ceOAacrz`zqEAC

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@CoreFP                    hN!z]?!'h(XybGG%lrLW

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BBF47A1DD8ACACC4B998ABAA34D61B87\Features@ATL                       u.'b9VZqf(g6u.Q(31aRw.'b9VZqf(g6u.Q(31aR

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@SyncServices              ????????????????????????????????? ????????????????????????????????????????????????????????????????????????????????????????????8????????????e????Apple Mobile Device Support?????????????????????????????????????????????????????????Apple Mobile Device Support?????? ?????????????????????z??????0?2??? ???????????????????AppleMobileDeviceSupport????? ?????????????????????z??????0??????????????????????????????????????????????????????????? ???????????????????????????????*?????????????????????Z.$}Ck,ug(d4M!I%lrLW????? 2?????????????s???AppleMobileDeviceSupport????? ??????????????s???tPWdYa*ug(cNaTJ%lrLWAQVoZa*ug(89)UJ%lrLWUX(aga*ug(M'jZJ%lrLW5j{7Y~6'h(Kh!UO%lrLWdAow`Q'=$@oLjx8S9ImNk&vB8Orq4Ah(%D_!]=ySV}v,XqR!D@NV21E~v*1kw=8v]plh*?x-JP%K%lkt~Do_Jb*ug(iH^&K%lrLW?AppleMobileDeviceSupport???? 2?????????????????AppleMobileDeviceSupport????? ????????????????????v????????????e????????????????????????????????????????????????? *ee ????????????*??s??????????????????????? ???????????????? ????z?????? ????? ?????????????????????8

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@AppleMobileDeviceSupport  Z.$}Ck,ug(d4M!I%lrLW

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@MobileDrivers             tPWdYa*ug(cNaTJ%lrLWAQVoZa*ug(89)UJ%lrLWUX(aga*ug(M'jZJ%lrLW5j{7Y~6'h(Kh!UO%lrLWdAow`Q'=$@oLjx8S9ImNk&vB8Orq4Ah(%D_!]=ySV}v,XqR!D@NV21E~v*1kw=8v]plh*?x-JP%K%lkt~Do_Jb*ug(iH^&K%lrLW?AppleMobileDeviceSupport

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D55AEDAA438CBCB4893AB4D8C1814FEE\Features@CRT_WinSXS                _j0,Y]s!Soe8MkbIdFwUv$f.Z@}4G(*9MkbIdFwUv$f.Z@}4G(u8MkbIdFwU%9YbWIfIbe?9MkbIdFwU_j0,Y]s!Sou8MkbIdFwU_j0,Y]s!So*9MkbIdFwU!N0,YT,$So*9MkbIdFwU!N0,YT,$Sou8MkbIdFwUa@0,YF5$So*9MkbIdFwUe?0,Yk5$So*9MkbIdFwU]A0,Yx4$So*9MkbIdFwUe?0,Yk5$Sou8MkbIdFwUa@0,YF5$Sou8MkbIdFwUXB0,YS4$So*9MkbIdFwU]A0,Yx4$Sou8MkbIdFwUTC0,Y*4$So*9MkbIdFwUPD0,Ya3$So*9MkbIdFwUXB0,YS4$Sou8MkbIdFwU&vv.ZiM}F(*9MkbIdFwUTC0,Y*4$Sou8MkbIdFwULE0,Y83$So*9MkbIdFwUPD0,Ya3$Sou8MkbIdFwULE0,Y83$Sou8MkbIdFwUEgn.Z_T*G(*9MkbIdFwUzH^.ZJcAG(*9MkbIdFwU&vv.ZiM}F(u8MkbIdFwUEgn.Z_T*G(u8MkbIdFwU=6U.Z@jJG(*9MkbIdFwUUQ^.ZZ_AG(*9MkbIdFwUzH^.ZJcAG(u8MkbIdFwU=6U.Z@jJG(u8MkbIdFwUUQ^.ZZ_AG(u8MkbIdFwUaZO,H*K2`Ee8MkbIdFwUxp%0Ij`~kV*9MkbIdFwUaZO,H*K2`E*9MkbIdFwU%?O,H~_2`E*9MkbIdFwUg+O,H9h2`E*9MkbIdFwUc,O,Hog2`E*9MkbIdFwU_-O,HJg2`E*9MkbIdFwUZ.O,H}f2`E*9MkbIdFwUV0O,HWf2`E*9MkbIdFwUR1O,H.f2`E*9MkbIdFwUN2O,Hee2`E*9MkbIdFwU(g70I8-kkV*9MkbIdFwUGW.0I-5tkV*9MkbIdFwU}5y.ItF+lV*9MkbIdFwU@&q.IjM5lV*9MkbIdFwUWBy.I)C+lV*9MkbIdFwU?AppleMobileDeviceSupport
 

---- EOF - GMER 1.0.15 ----

Hier ist der OSAM log

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 12:14:08 on 28.12.2010
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"CognizanceWS" - "Cognizance Corporation" - C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\Settings.dll

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys

"afwcore" (afwcore) - "Agnitum Ltd." - C:\WINDOWS\System32\drivers\afwcore.sys

"Agnitum firewall driver" (afw) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\afw.sys

"ASWFilt" (ASWFilt) - "Agnitum Ltd." - C:\WINDOWS\System32\Filt\ASWFilt.dll

"ATI Function Driver for HDMI Service" (AtiHdmiService) - "ATI Research Inc." - C:\WINDOWS\System32\drivers\AtiHdmi.sys

"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)

"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"CP2101 USB Composite Device driver (WDM)" (slabbus) - ? - C:\WINDOWS\System32\DRIVERS\slabbus.sys  (File not found)

"CP210x USB to UART Bridge Controller Drivers" (slabser) - ? - C:\WINDOWS\System32\DRIVERS\slabser.sys  (File not found)

"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"ITECIR Infrared Receiver" (itecir) - "ITE Tech. Inc. " - C:\WINDOWS\System32\DRIVERS\itecir.sys

"Keyboard Filter" (kbfiltr) - " " - C:\WINDOWS\System32\DRIVERS\kbfiltr.sys

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"SandBox" (SandBox) - "Agnitum Ltd." - C:\WINDOWS\System32\DRIVERS\SandBox.sys

"SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\WINDOWS\system32\drivers\SCDEmu.sys

"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"Synaptics TouchPad Driver" (SynTP) - "Synaptics, Inc." - C:\WINDOWS\System32\DRIVERS\SynTP.sys

"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"{95808DC4-FA4A-4c74-92FE-5B863F82066B}" ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\000.fcl
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\VISSHE.DLL

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll

{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\system32\erasext.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\VISSHE.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - F:\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office 2007\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Programme\PowerISO\PWRISOSH.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - "Synaptics, Inc." - C:\Programme\Synaptics\SynTP\SynTPCpl.dll

{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Programme\TeraCopy\TeraCopy.dll  (File found, but it contains no detailed information)

{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Programme\TeraCopy\TeraCopyExt.dll  (File found, but it contains no detailed information)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRar\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{A1A7E22D-1587-4230-8F16-081C68D21448} "Quick Tune" - "Agnitum Ltd." - C:\Programme\Agnitum\Outpost\ie_bar.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

55963676-2F5E-4BAF-AC28-CF26AA587566 "55963676-2F5E-4BAF-AC28-CF26AA587566" - ? -   (File not found | COM-object registry key not found) / vpnweb.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} "MUCatalogWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll / hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285851806468

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262448071296

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=58813

{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{6FE6A929-59D1-4763-91AD-29B61CFFB35B} "An Mindjet MindManager senden" - "Mindjet" - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll

{07A11D74-9D25-4fea-A833-8B0D76A5577A} "An Mindjet MindManager senden" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

{A1A7E22D-1587-4230-8F16-081C68D21448} "Outpost Firewall Pro Quick Tune" - "Agnitum Ltd." - C:\Programme\Agnitum\Outpost\ie_bar.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DF21F1DB-80C6-11D3-9483-B03D0EC10000} "ASUS Security Protect Manager" - "Bioscrypt Inc." - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll

{07A11D74-9D25-4fea-A833-8B0D76A5577A} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll

{6FE6A929-59D1-4763-91AD-29B61CFFB35B} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\X\Startmenü\Programme\Autostart\desktop.ini

"OneNote 2007 Screen Clipper and Launcher.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office 2007\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"TrueCrypt" - "TrueCrypt Foundation" - "C:\Programme\Ud\Ud.exe" /q preferences /a favorites

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"OutpostMonitor" - "Agnitum Ltd." - "C:\PROGRA~1\Agnitum\Outpost\op_mon.exe" /tray /noservice
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"ASUS Security Protect Manager" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"AdeonaClientService" (AdeonaClientService) - ? - C:\Programme\Dell\cygrunsrv.exe  (File found, but it contains no detailed information)

"Agnitum Client Security Service" (acssrv) - "Agnitum Ltd." - C:\PROGRA~1\Agnitum\Outpost\acs.exe

"Anmeldesitzungsbroker" (ASBroker) - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe

"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"CLCV0" (UTSCSI) - ? - C:\WINDOWS\system32\UTSCSI.EXE

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"getPlus(R) Helper" (getPlusHelper) - ? - C:\Programme\NOS\bin\getPlus_Helper.dll  (File not found)

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Lokaler Verbindungskanal" (ASChannel) - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll

"LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe

"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----

"GinaDLL" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\bin\ocgina.dll

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCard.dll

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

"OneCard" - "Cognizance Corporation" - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und hier der MBRCheck

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Professional

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x000000fc
 

Kernel Drivers (total 153):

  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

  0x806E5000 \WINDOWS\system32\hal.dll

  0xF7987000 \WINDOWS\system32\KDCOM.DLL

  0xF7897000 \WINDOWS\system32\BOOTVID.dll

  0xF7357000 ACPI.sys

  0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

  0xF7346000 pci.sys

  0xF7487000 isapnp.sys

  0xF7497000 ohci1394.sys

  0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

  0xF789B000 compbatt.sys

  0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS

  0xF7A4F000 pciide.sys

  0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

  0xF74B7000 MountMgr.sys

  0xF7327000 ftdisk.sys

  0xF798B000 dmload.sys

  0xF7301000 dmio.sys

  0xF78A3000 ACPIEC.sys

  0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

  0xF770F000 PartMgr.sys

  0xF74C7000 VolSnap.sys

  0xF72E9000 atapi.sys

  0xF7717000 cercsr6.sys

  0xF72D1000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

  0xF74D7000 disk.sys

  0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

  0xF72B1000 fltmgr.sys

  0xF729F000 sr.sys

  0xF74F7000 PxHelp20.sys

  0xF7288000 KSecDD.sys

  0xF71FB000 Ntfs.sys

  0xF71CE000 NDIS.sys

  0xF798D000 speedfan.sys

  0xF71A6000 snapman.sys

  0xF718C000 Mup.sys

  0xF7A51000 giveio.sys

  0xF5534000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0xF4F5C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

  0xF4F48000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xF4F20000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0xF7767000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0xF4EFC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xF776F000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xF5524000 \SystemRoot\system32\DRIVERS\nic1394.sys

  0xF4EE8000 \SystemRoot\system32\DRIVERS\sdbus.sys

  0xF4ED7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

  0xF4EC3000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

  0xF4E71000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

  0xF7617000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xF79EB000 \SystemRoot\system32\DRIVERS\kbfiltr.sys

  0xF777F000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xF4E40000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0xF79F1000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xF7627000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

  0xF4DC4000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

  0xF7857000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xF4D6C000 \SystemRoot\system32\DRIVERS\itecir.sys

  0xF7637000 \SystemRoot\system32\DRIVERS\IFXTPM.SYS

  0xF7647000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xF69AC000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xF699C000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xF4D49000 \SystemRoot\system32\DRIVERS\ks.sys

  0xF785F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0xF7154000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0xF7A01000 \SystemRoot\system32\DRIVERS\ATKACPI.sys

  0xF7867000 \SystemRoot\system32\DRIVERS\afw.sys

  0xF4D09000 \SystemRoot\system32\drivers\afwcore.sys

  0xF77BF000 \SystemRoot\system32\drivers\TDI.SYS

  0xF7BD5000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xF693C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xF7144000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xF4CF2000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xF55B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xF692C000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xF4CE1000 \SystemRoot\system32\DRIVERS\psched.sys

  0xF76C7000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xF7847000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xF4CB1000 \SystemRoot\system32\DRIVERS\rdpdr.sys

  0xF76B7000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xF7A05000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xF4C53000 \SystemRoot\system32\DRIVERS\update.sys

  0xF7134000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xF76A7000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xAE47B000 \SystemRoot\system32\drivers\RtHDMI.sys

  0xAE457000 \SystemRoot\system32\drivers\portcls.sys

  0xF7587000 \SystemRoot\system32\drivers\drmk.sys

  0xF75A7000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xADD9C000 \SystemRoot\system32\drivers\RtkHDAud.sys

  0xADC4A000 \SystemRoot\system32\DRIVERS\AGRSM.sys

  0xF77D7000 \SystemRoot\System32\Drivers\Modem.SYS

  0xADBB1000 \SystemRoot\system32\drivers\MODEMCSA.sys

  0xF7A4B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xF7A7C000 \SystemRoot\System32\Drivers\Null.SYS

  0xF7A4D000 \SystemRoot\System32\Drivers\Beep.SYS

  0xAB438000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0xAB430000 \SystemRoot\System32\drivers\vga.sys

  0xF798F000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xF7991000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xAB428000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xAB420000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xAB7DC000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xAAD60000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xAAD07000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xAACDF000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xAACB9000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xAB51E000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xAAC97000 \SystemRoot\System32\drivers\afd.sys

  0xAB4FE000 \SystemRoot\system32\DRIVERS\arp1394.sys

  0xAB4EE000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xA6582000 \SystemRoot\System32\drivers\truecrypt.sys

  0xA3455000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys

  0xAB5CD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0xF77A7000 \SystemRoot\System32\Drivers\SCDEmu.SYS

  0xA33A9000 \SystemRoot\system32\DRIVERS\SandBox.sys

  0xF4C0B000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xA34E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0xA34D8000 \SystemRoot\system32\drivers\LVUSBSta.sys

  0xA31F8000 \SystemRoot\system32\DRIVERS\snp2uvc.sys

  0xA34C8000 \SystemRoot\system32\DRIVERS\STREAM.SYS

  0xA3DCB000 \SystemRoot\system32\DRIVERS\sncduvc.SYS

  0xAB760000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0xA3488000 \SystemRoot\system32\Filt\ASWFilt.dll

  0xA31CD000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xA315D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xACCAF000 \SystemRoot\System32\Drivers\Fips.SYS

  0xA3137000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0xF799F000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys

  0xA3113000 \SystemRoot\System32\Drivers\Fastfat.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xA44D1000 \SystemRoot\System32\drivers\Dxapi.sys

  0xF77FF000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xF7B0C000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBF012000 \SystemRoot\System32\ati2dvag.dll

  0xBF061000 \SystemRoot\System32\ati2cqag.dll

  0xBF0E9000 \SystemRoot\System32\atikvmag.dll

  0xBF14F000 \SystemRoot\System32\atiok3x2.dll

  0xBF18F000 \SystemRoot\System32\ati3duag.dll

  0xBF4E6000 \SystemRoot\System32\ativvaxx.dll

  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

  0xA0EC5000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0xA6663000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xA0D58000 \SystemRoot\system32\DRIVERS\mrxdav.sys

  0xAD910000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xA0C60000 \SystemRoot\system32\DRIVERS\srv.sys

  0xF79A1000 \??\C:\Programme\CyberLink\PowerDVD\000.fcl

  0xA0953000 \SystemRoot\system32\drivers\wdmaud.sys

  0xA0B50000 \SystemRoot\system32\drivers\sysaudio.sys

  0xA0151000 \SystemRoot\System32\Drivers\HTTP.sys

  0x9FB40000 \SystemRoot\system32\DRIVERS\NETw5x32.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 37):

       0 System Idle Process

       4 System

     964 C:\WINDOWS\system32\smss.exe

    1064 csrss.exe

    1108 C:\WINDOWS\system32\winlogon.exe

    1152 C:\WINDOWS\system32\services.exe

    1164 C:\WINDOWS\system32\lsass.exe

    1340 C:\WINDOWS\system32\svchost.exe

    1380 C:\WINDOWS\system32\ati2evxx.exe

    1400 C:\WINDOWS\system32\svchost.exe

    1580 svchost.exe

    1620 C:\WINDOWS\system32\svchost.exe

    1676 svchost.exe

    1708 svchost.exe

    1788 C:\WINDOWS\system32\ati2evxx.exe

    1852 C:\WINDOWS\system32\spoolsv.exe

    1892 C:\Programme\Avira\AntiVir Desktop\sched.exe

     276 svchost.exe

     496 C:\WINDOWS\system32\agrsmsvc.exe

     532 C:\Programme\Avira\AntiVir Desktop\avguard.exe

     728 C:\Programme\Java\jre6\bin\jqs.exe

     788 C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe

     792 C:\Programme\Avira\AntiVir Desktop\avshadow.exe

    1028 C:\WINDOWS\system32\snmp.exe

    1068 C:\WINDOWS\system32\svchost.exe

    1428 C:\WINDOWS\system32\UTSCSI.EXE

    2440 C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe

    2672 C:\WINDOWS\explorer.exe

    3100 scardsvr.exe

    3228 C:\WINDOWS\system32\wbem\wmiapsrv.exe

    3356 C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe

    3600 alg.exe

     328 C:\WINDOWS\system32\wscntfy.exe

    2680 C:\WINDOWS\system32\svchost.exe

    1256 C:\Dokumente und Einstellungen\X\Desktop\osam_autorun_manager_5_0_portable\osam.exe

    3940 C:\Programme\Opera\opera.exe

    3408 C:\Dokumente und Einstellungen\X\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71140000  (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`35154000

\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000031`b5143e00  (NTFS)

\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000003e`1d615e00  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
 

      Size  Device Name          MBR Status

  --------------------------------------------

    298 GB  \\.\PhysicalDrive0   Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
 
 

Done!