Trojaner-Board - Virus fordert Geld zur Reinigung! Windows nicht nutzbar.

also auch nach dem bzw. wärend dem aswMBR startete der PC neu...

OSAM konnte ich ausführen!

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 11:33:49 on 20.02.2012
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 10.0.2
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ANIO Service" (ANIO) - "Alpha Networks Inc." - C:\WINDOWS\system32\ANIO.SYS

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Manager\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"DSL-Manager Service" (TSMPacket) - ? - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys  (File not found)

"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - ? - C:\WINDOWS\System32\Drivers\dsltestSp5.sys  (File not found)

"int15" (int15) - "Acer, Inc." - C:\WINDOWS\system32\drivers\int15.sys

"int15.sys" (int15.sys) - ? - c:\acernb\int15.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter" (RTL8192su) - "Realtek Semiconductor Corporation                           " - C:\WINDOWS\System32\DRIVERS\RTL8192su.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{B1759355-3EEC-4C1E-B0F1-B719FE26E377} "x-sdch" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} "Context Menu Shell Extension" - "Softpointer Inc" - C:\Programme\TagRename\TRshell.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)

"ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Manager\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Manager\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"ANIWZCS2Service" - "Wireless Service" - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"D-Link AirPlus XtremeG DWL-G122" - "D-Link" - C:\Programme\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

"LogitechCommunicationsManager" - "Logitech Inc." - "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"

"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ANIWZCSd Service" (ANIWZCSdService) - "Wireless Service" - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Empowering Technology Service" (ETService) - ? - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"Google Software Updater" (gusvc) - ? - "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"  (File not found)

"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Danke, das hat funktioniert!

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Home Edition

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x0000000c
 

Kernel Drivers (total 118):

  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

  0x806E5000 \WINDOWS\system32\hal.dll

  0xF7A88000 \WINDOWS\system32\KDCOM.DLL

  0xF7998000 \WINDOWS\system32\BOOTVID.dll

  0xF7458000 ACPI.sys

  0xF7A8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

  0xF7447000 pci.sys

  0xF7588000 isapnp.sys

  0xF7B50000 pciide.sys

  0xF7808000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

  0xF7598000 MountMgr.sys

  0xF7428000 ftdisk.sys

  0xF7810000 PartMgr.sys

  0xF75A8000 VolSnap.sys

  0xF7410000 atapi.sys

  0xF75B8000 disk.sys

  0xF75C8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

  0xF73F0000 fltMgr.sys

  0xF73DE000 sr.sys

  0xF75D8000 PxHelp20.sys

  0xF73C7000 KSecDD.sys

  0xF73B4000 WudfPf.sys

  0xF7327000 Ntfs.sys

  0xF72FA000 NDIS.sys

  0xF72E0000 Mup.sys

  0xF7738000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0xF6D02000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

  0xF6CEE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xF6CC6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0xF6CAA000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys

  0xF78C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0xF6C86000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xF78C8000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xF6C72000 \SystemRoot\system32\DRIVERS\parport.sys

  0xF7748000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xF78D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xF7758000 \SystemRoot\system32\DRIVERS\serial.sys

  0xF7A40000 \SystemRoot\system32\DRIVERS\serenum.sys

  0xF7768000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xF7778000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xF7788000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xF6C4F000 \SystemRoot\system32\DRIVERS\ks.sys

  0xF7C38000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xF7618000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xF7A54000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xF6C38000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xF7628000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xF7638000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xF78E8000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xF6C27000 \SystemRoot\system32\DRIVERS\psched.sys

  0xF7648000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xF78F0000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xF78F8000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xF7658000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xF7900000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xF7AC2000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xF6BC9000 \SystemRoot\system32\DRIVERS\update.sys

  0xF7A68000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xF76A8000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xAA22A000 \SystemRoot\system32\drivers\RtkHDAud.sys

  0xAA206000 \SystemRoot\system32\drivers\portcls.sys

  0xF76D8000 \SystemRoot\system32\drivers\drmk.sys

  0xF7708000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xF7AF8000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xF7A70000 \SystemRoot\System32\Drivers\i2omgmt.SYS

  0xF7B08000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xF7BB3000 \SystemRoot\System32\Drivers\Null.SYS

  0xF7B0A000 \SystemRoot\System32\Drivers\Beep.SYS

  0xF7958000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0xF7960000 \SystemRoot\System32\drivers\vga.sys

  0xF7B0C000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xF7B0E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xF7968000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xF7970000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xF7A78000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xAA183000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xAA12A000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xAA102000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xAA0DC000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xF6BC5000 \SystemRoot\System32\drivers\ws2ifsl.sys

  0xAA0BA000 \SystemRoot\System32\drivers\afd.sys

  0xF7718000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xF7728000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xF7978000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0xAA08F000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xAA01F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xF7798000 \SystemRoot\System32\Drivers\Fips.SYS

  0xF77B8000 \SystemRoot\system32\DRIVERS\avkmgr.sys

  0xA9FFA000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0xA9F41000 \SystemRoot\system32\DRIVERS\RTL8192su.sys

  0xF77D8000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xAA1F2000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xF77F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0xAA1EE000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0xA9F29000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0xF7B20000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xF7A20000 \SystemRoot\System32\drivers\Dxapi.sys

  0xF7988000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xF7C0D000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBF024000 \SystemRoot\System32\igxpgd32.dll

  0xBF012000 \SystemRoot\System32\igxprd32.dll

  0xBF04F000 \SystemRoot\System32\igxpdv32.DLL

  0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL

  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

  0xA9DD0000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0xA9DAC000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xA9AC3000 \SystemRoot\system32\drivers\wdmaud.sys

  0xF77E8000 \SystemRoot\system32\drivers\sysaudio.sys

  0xF7AFE000 \SystemRoot\System32\Drivers\ParVdm.SYS

  0xF78D8000 \??\C:\WINDOWS\system32\ANIO.SYS

  0xF7920000 \??\C:\WINDOWS\system32\drivers\int15.sys

  0xA9751000 \SystemRoot\system32\DRIVERS\srv.sys

  0xF78B8000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

  0xA8F3D000 \SystemRoot\System32\Drivers\HTTP.sys

  0xA8D85000 \SystemRoot\system32\drivers\kmixer.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 41):

       0 System Idle Process

       4 System

     600 C:\WINDOWS\system32\smss.exe

     928 csrss.exe

     980 C:\WINDOWS\system32\winlogon.exe

    1048 C:\WINDOWS\system32\services.exe

    1076 C:\WINDOWS\system32\lsass.exe

    1300 C:\WINDOWS\system32\svchost.exe

    1368 svchost.exe

    1416 C:\WINDOWS\system32\svchost.exe

    1556 C:\WINDOWS\system32\svchost.exe

    1716 svchost.exe

    1860 svchost.exe

     212 C:\WINDOWS\system32\spoolsv.exe

     336 C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

     404 C:\Programme\Avira\AntiVir Desktop\sched.exe

     768 C:\Programme\Avira\AntiVir Desktop\avguard.exe

     836 C:\Programme\Bonjour\mDNSResponder.exe

     880 C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

    1056 C:\Programme\ICQ6Toolbar\ICQ Service.exe

    1452 C:\Programme\Java\jre6\bin\jqs.exe

    1752 C:\WINDOWS\system32\svchost.exe

     940 C:\WINDOWS\explorer.exe

     620 C:\WINDOWS\RTHDCPL.EXE

     632 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

     640 C:\Programme\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe

     680 C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    1704 C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe

     808 C:\Programme\Logitech\QuickCam10\QuickCam10.exe

    1380 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

    1428 C:\Programme\Avira\AntiVir Desktop\avgnt.exe

    1564 C:\WINDOWS\system32\ctfmon.exe

    1740 C:\Dokumente und Einstellungen\Manager\Anwendungsdaten\Dropbox\bin\Dropbox.exe

    2744 C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe

    3892 C:\Programme\Avira\AntiVir Desktop\avshadow.exe

    3024 alg.exe

    3752 C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe

    2084 C:\WINDOWS\system32\svchost.exe

    2876 C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

    3416 C:\WINDOWS\system32\wscntfy.exe

    3084 C:\Dokumente und Einstellungen\Manager\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`00100000  (NTFS)
 

PhysicalDrive0 Model Number: HitachiHDT721016SLA380, Rev: ST1OA31B
 

      Size  Device Name          MBR Status

  --------------------------------------------

    149 GB  \\.\PhysicalDrive0   Unknown MBR code

            SHA1: CC1A53D39F1D3A1781E6EE9841BCE1E5EE84D861
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: