So, ich hoffe alles richtig gemacht zu haben.
GMER lief nicht.
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:59:30 on 13.12.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"AdobeAAMUpdater-1.0-JUUTERHUND-Herr & Frau Fratz.job" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
"GoogleUpdateTaskUserS-1-5-21-725345543-1425521274-839522115-1003Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Herr & Frau Fratz\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-725345543-1425521274-839522115-1003UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Herr & Frau Fratz\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"rsyncStart.job" - ? - C:\Programme\rsync\rsyncStart.bat
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"%WinDSLp_Desc%" (WinDSLp) - "Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG" - C:\WINDOWS\System32\DRIVERS\WinDSL.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys
"Cardex" (Cardex) - ? - C:\WINDOWS\system32\drivers\Cardex.sys (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\HERR&F~1\LOKALE~1\Temp\catchme.sys (File not found)
"CBTNDIS5 NDIS Protocol Driver" (CBTNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\CBTNDIS5.SYS
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"DumaNT" (DumaNT) - "NVIDIA Corporation" - C:\WINDOWS\system32\drivers\DumaNT.sys
"GMSIPCI" (GMSIPCI) - ? - C:\WINDOWS\system32\drivers\GMSIPCI.sys (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"Labtec WebCam(PID_0920)" (PID_0920) - ? - C:\WINDOWS\System32\DRIVERS\LV532AV.SYS (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
"Logitech USB Monitor Filter" (LVUSBSta) - ? - C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys (File not found)
"MSICPL" (MSICPL) - ? - E:\install4\MSICPL.sys (File not found)
"NTACCESS" (NTACCESS) - ? - E:\NTACCESS.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouKE.Sys
"SetPoint PS/2 Mouse Filter Driver" (L8042mou) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042mou.Sys
"SetupNTGLM7X" (SetupNTGLM7X) - ? - E:\NTGLM7X.sys (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TSP" (TSP) - ? - C:\WINDOWS\system32\drivers\klif.sys (File not found)
"VIA Rhine Family Fast Ethernet Adapter Driver Service" (FETNDISB) - ? - C:\WINDOWS\System32\DRIVERS\fetnd5b.sys
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WinDSL-Adapter (PPP-over-Ethernet)" (WinDSLa) - "Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG" - C:\WINDOWS\System32\DRIVERS\WinDSL.sys
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} "IPS Context Menu Shell Extension" - ? - F:\fc-prints\IPSCMH.DLL (File found, but it contains no detailed information)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found)
{DBD8E168-244D-448C-9922-25508950D1DC} "Ulead UDF Driver" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\WINDOWS\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found)
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Herr & Frau Fratz\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AdobeBridge" - ? - "O:\Programme\Adobe\Adobe CS5\Adobe Bridge CS5\Bridge.exe" -stealth (File not found)
"Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\Herr & Frau Fratz\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"NBJ" - "Ahead Software AG" - "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"HPDJ Taskbar Utility" - "HP" - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
"Logitech Hardware Abstraction Layer" - "Logitech, Inc." - KHALMNPR.EXE
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
"WinDSL MTU-Adjust" - "Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG" - WinDSL_MTU.exe
[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"OdysseyNetProv" - "Funk Software, Inc." - C:\Programme\Funk Software\Odyssey Client\odLogin.dll
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"hpzlnt04" - "HP" - C:\WINDOWS\system32\hpzlnt04.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\programme\gemeinsame dateien\akamai\netsession_win_aeec0f0.dll (File found, but it contains no detailed information)
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - ? - C:\WINDOWS\system32\drivers\Automatisches LiveUpdate - Scheduler.sys (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
"NMIndexingService" (NMIndexingService) - ? - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe" (File not found)
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - ? - WgaLogon.dll (File not found)
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000403c
Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF799C000 \WINDOWS\system32\KDCOM.DLL
0xF78AC000 \WINDOWS\system32\BOOTVID.dll
0xF736C000 ACPI.sys
0xF799E000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF735B000 pci.sys
0xF749C000 isapnp.sys
0xF79A0000 viaidexp.sys
0xF771C000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74AC000 MountMgr.sys
0xF733C000 ftdisk.sys
0xF79A2000 dmload.sys
0xF7316000 dmio.sys
0xF7724000 PartMgr.sys
0xF74BC000 VolSnap.sys
0xF72FE000 atapi.sys
0xF74CC000 viamraid.sys
0xF72E6000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF74DC000 disk.sys
0xF74EC000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF72C6000 fltmgr.sys
0xF72B4000 sr.sys
0xF74FC000 PxHelp20.sys
0xF729D000 KSecDD.sys
0xF7210000 Ntfs.sys
0xF71E3000 NDIS.sys
0xF772C000 viaagp1.sys
0xF71C9000 Mup.sys
0xF76FC000 \SystemRoot\System32\DRIVERS\AmdK8.sys
0xF69E9000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF69D5000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF68F3000 \SystemRoot\System32\DRIVERS\smserial.sys
0xF7804000 \SystemRoot\System32\Drivers\Modem.SYS
0xF770C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF752C000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF753C000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF68D0000 \SystemRoot\System32\DRIVERS\ks.sys
0xF780C000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF68AC000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7814000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6880000 \SystemRoot\system32\drivers\vinyl97.sys
0xF685C000 \SystemRoot\system32\drivers\portcls.sys
0xF754C000 \SystemRoot\system32\drivers\drmk.sys
0xF781C000 \SystemRoot\System32\DRIVERS\fetnd5.sys
0xF7824000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF755C000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7195000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6848000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7AC1000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF756C000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7191000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6831000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF757C000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF759C000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF782C000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6820000 \SystemRoot\System32\DRIVERS\psched.sys
0xF75AC000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7834000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF783C000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF649A000 \SystemRoot\system32\DRIVERS\odysseyIM4.sys
0xF646A000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF766C000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7844000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF784C000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79E0000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF640C000 \SystemRoot\System32\DRIVERS\update.sys
0xF7930000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF6C8C000 \SystemRoot\System32\DRIVERS\WinDSL.sys
0xF75CC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6BD9000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF6C7C000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79F2000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF79F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B17000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7764000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF775C000 \SystemRoot\System32\drivers\vga.sys
0xF79FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF776C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7774000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6BB9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF4F91000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4F38000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4F10000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4EEE000 \SystemRoot\System32\drivers\afd.sys
0xF762C000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF777C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF4EC3000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF7B2C000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xF4E2B000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF761C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4E05000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF6C5C000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4985000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A0C000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF77B4000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF77C4000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF7998000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF6C2C000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7990000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xF46C5000 \SystemRoot\System32\Drivers\DumaNT.SYS
0xF71A1000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF15C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF203A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF170E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B6A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF0515000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF34EC000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEFC48000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF169E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEFCA5000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xEFB50000 \SystemRoot\System32\DRIVERS\srv.sys
0xEEAA9000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF9D0000 \SystemRoot\system32\drivers\sysaudio.sys
0xEE162000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 32):
0 System Idle Process
4 System
460 C:\WINDOWS\system32\smss.exe
1704 csrss.exe
1728 C:\WINDOWS\system32\winlogon.exe
1884 C:\WINDOWS\system32\services.exe
1896 C:\WINDOWS\system32\lsass.exe
256 C:\WINDOWS\system32\svchost.exe
416 svchost.exe
584 C:\WINDOWS\system32\svchost.exe
632 svchost.exe
752 svchost.exe
1104 C:\WINDOWS\system32\spoolsv.exe
1196 C:\Programme\Avira\AntiVir Desktop\sched.exe
1256 svchost.exe
156 C:\WINDOWS\system32\svchost.exe
124 C:\Programme\Avira\AntiVir Desktop\avguard.exe
372 C:\Programme\Java\jre6\bin\jqs.exe
540 C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe
768 C:\WINDOWS\system32\svchost.exe
1696 alg.exe
352 C:\WINDOWS\explorer.exe
3048 C:\WINDOWS\sm56hlpr.exe
3056 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3116 C:\Programme\Java\jre6\bin\jusched.exe
2068 C:\Programme\Windows Live\Messenger\msnmsgr.exe
3456 C:\Programme\Skype\Phone\Skype.exe
2924 C:\Programme\Windows Live\Contacts\wlcomm.exe
3648 C:\Programme\Skype\Plugin Manager\skypePM.exe
1284 C:\Dokumente und Einstellungen\Herr & Frau Fratz\Desktop\osam.exe
1452 C:\Programme\Mozilla Firefox\firefox.exe
2592 C:\Dokumente und Einstellungen\Herr & Frau Fratz\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000015`558d8600 (NTFS)
\\.\O: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD2000BB-98GUC0, Rev: 08.02D08
PhysicalDrive5 Model Number: WDC WD5000AAVS-00ZTB0, Rev:
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
465 GB \\.\PhysicalDrive5 MBR Code Faked!
SHA1: 9F93D1CAAFA63DE3FC61C35AAAC0A72932A6E1B6
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
LG Bogi