Trojaner-Board - Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme

Nun denn...

GMer hat mir zweimal son blauen Bildschirm ausgeworfen. Mit der Meldung das Windows heruntergefahren wurden und anderem Nabla.

Daher hier die Osam log:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:51:17 on 25.05.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.5.19
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL  (File signed by Microsoft | File found, but it contains no detailed information)

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys

"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys

"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys

"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys

"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys

"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys

"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys

"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys

"catchme" (catchme) - ? - C:\DOKUME~1\Koi\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys

"NVIDIA TCP/IP Protocol Driver" (NVTCP) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\NVTcp.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll

{A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Koi\Startmenü\Programme\Autostart\desktop.ini

"OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe

"nTrayFw" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe

"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe

"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

"ForceWare Intelligent Application Manager (IAM)" (ForceWare Intelligent Application Manager (IAM)) - ? - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

"ForceWare IP service" (nSvcIp) - "NVIDIA" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

"ForceWare user log service" (nSvcLog) - "NVIDIA" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

"Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"NVIDIA App Filter" - "NVIDIA" - C:\WINDOWS\system32\nvappfilter.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Falls das hier auftaucht. Was ist dieses Windows Genuine Advantage (o.s.ä.)?

MBRCheck[br]

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Professional

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x0000017c
 

Kernel Drivers (total 125):

  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

  0x806D1000 \WINDOWS\system32\hal.dll

  0xF8B65000 \WINDOWS\system32\KDCOM.DLL

  0xF8A75000 \WINDOWS\system32\BOOTVID.dll

  0xF8535000 ACPI.sys

  0xF8B67000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

  0xF8524000 pci.sys

  0xF8665000 isapnp.sys

  0xF8C2D000 pciide.sys

  0xF88E5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

  0xF8675000 MountMgr.sys

  0xF8505000 ftdisk.sys

  0xF8B69000 dmload.sys

  0xF84DF000 dmio.sys

  0xF88ED000 PartMgr.sys

  0xF8685000 VolSnap.sys

  0xF84C7000 atapi.sys

  0xF84B0000 nvata.sys

  0xF8695000 disk.sys

  0xF86A5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

  0xF8490000 fltmgr.sys

  0xF847E000 sr.sys

  0xF8467000 KSecDD.sys

  0xF83DA000 Ntfs.sys

  0xF83AD000 NDIS.sys

  0xF8393000 Mup.sys

  0xF88F5000 avgrkx86.sys

  0xF8A79000 AVGIDSEH.Sys

  0xF8875000 \SystemRoot\system32\DRIVERS\processr.sys

  0xF8955000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0xF7343000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xF895D000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xF710B000 \SystemRoot\system32\drivers\ALCXWDM.SYS

  0xF70E7000 \SystemRoot\system32\drivers\portcls.sys

  0xF8885000 \SystemRoot\system32\drivers\drmk.sys

  0xF70C4000 \SystemRoot\system32\drivers\ks.sys

  0xF8895000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xF88A5000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xF7095000 \SystemRoot\system32\DRIVERS\yk51x86.sys

  0xF8B45000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

  0xF7055000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

  0xF7022000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS

  0xF665E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

  0xF664A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xF88B5000 \SystemRoot\system32\DRIVERS\serial.sys

  0xF8B4D000 \SystemRoot\system32\DRIVERS\serenum.sys

  0xF6636000 \SystemRoot\system32\DRIVERS\parport.sys

  0xF88C5000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xF8965000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xF8D5F000 \SystemRoot\system32\drivers\msmpu401.sys

  0xF8B51000 \SystemRoot\system32\DRIVERS\gameenum.sys

  0xF8D60000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xF88D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xF8B55000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xF661F000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xF86D5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xF86E5000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xF896D000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xF660E000 \SystemRoot\system32\DRIVERS\psched.sys

  0xF86F5000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xF897D000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xF8985000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xF65DE000 \SystemRoot\system32\DRIVERS\rdpdr.sys

  0xF8705000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xF898D000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xF8B8D000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xF6580000 \SystemRoot\system32\DRIVERS\update.sys

  0xF835F000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xF7554000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xF8B8F000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xF87F5000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xF0965000 \SystemRoot\system32\DRIVERS\avgmfx86.sys

  0xF4EBD000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xF16AB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0xF17EB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0xF8BCF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xEB87D000 \SystemRoot\System32\Drivers\Null.SYS

  0xF8BD5000 \SystemRoot\System32\Drivers\Beep.SYS

  0xF17DB000 \SystemRoot\System32\drivers\vga.sys

  0xF8BD7000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xF8BD9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xF17D3000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xF17CB000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xF4EB9000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xEB804000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xEB8F0000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xEB8D7000 \SystemRoot\System32\DRIVERS\NVTcp.sys

  0xEB890000 \SystemRoot\system32\DRIVERS\avgtdix.sys

  0xEBCBB000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xF168B000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xEBC93000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xF4EA5000 \SystemRoot\System32\drivers\ws2ifsl.sys

  0xEBC71000 \SystemRoot\System32\drivers\afd.sys

  0xF167B000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xEBC46000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xEBBD6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xEB9C9000 \SystemRoot\System32\Drivers\Fips.SYS

  0xEBB9A000 \SystemRoot\system32\DRIVERS\avgldx86.sys

  0xEBB81000 \SystemRoot\system32\DRIVERS\ewusbdev.sys

  0xEBD23000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0xF0EAE000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0xEBB67000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys

  0xF8A5D000 \SystemRoot\System32\Drivers\Modem.SYS

  0xEBB4B000 \SystemRoot\system32\DRIVERS\ewusbnet.sys

  0xF8A65000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0xF8775000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xEBB34000 \SystemRoot\System32\Drivers\dump_nvata.sys

  0xF8BF9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xF1F1E000 \SystemRoot\System32\drivers\Dxapi.sys

  0xF8A35000 \SystemRoot\System32\watchdog.sys

  0xBD000000 \SystemRoot\System32\drivers\dxg.sys

  0xF8CCA000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBD012000 \SystemRoot\System32\nv4_disp.dll

  0xF600B000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xB8693000 \SystemRoot\system32\DRIVERS\mrxdav.sys

  0xB8656000 \SystemRoot\system32\drivers\wdmaud.sys

  0xF169B000 \SystemRoot\system32\drivers\sysaudio.sys

  0xEFC50000 \SystemRoot\System32\Drivers\ParVdm.SYS

  0xF8915000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

  0xB8560000 \SystemRoot\system32\DRIVERS\srv.sys

  0xF8905000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys

  0xB8400000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys

  0xB7AFF000 \SystemRoot\System32\Drivers\HTTP.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 44):

       0 System Idle Process

       4 System

     804 C:\WINDOWS\system32\smss.exe

     860 C:\Programme\AVG\AVG10\avgchsvx.exe

    1012 csrss.exe

    1060 C:\WINDOWS\system32\winlogon.exe

    1116 C:\WINDOWS\system32\services.exe

    1128 C:\WINDOWS\system32\lsass.exe

    1276 C:\WINDOWS\system32\nvsvc32.exe

    1348 C:\WINDOWS\system32\svchost.exe

    1416 svchost.exe

    1464 C:\WINDOWS\system32\svchost.exe

    1600 svchost.exe

    1660 svchost.exe

    1852 C:\WINDOWS\explorer.exe

    1900 C:\WINDOWS\system32\spoolsv.exe

    1972 svchost.exe

    2036 C:\Programme\AVG\AVG10\avgwdsvc.exe

     256 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

     372 C:\Programme\Java\jre6\bin\jqs.exe

     412 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

     504 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

     528 C:\WINDOWS\system32\HPZipm12.exe

     728 C:\WINDOWS\system32\svchost.exe

    1008 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

    1032 C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

    1292 C:\Programme\Java\jre6\bin\jusched.exe

    1384 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

    2020 C:\WINDOWS\SOUNDMAN.EXE

     172 C:\Programme\AVG\AVG10\avgtray.exe

    3660 C:\Programme\AVG\AVG10\avgnsx.exe

    3204 C:\WINDOWS\system32\ctfmon.exe

    3344 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

    3492 C:\Programme\OpenOffice.org 3\program\soffice.exe

    3524 C:\Programme\OpenOffice.org 3\program\soffice.bin

    3720 C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

     324 alg.exe

    1796 C:\Programme\Mobile Partner\Mobile Partner.exe

     408 C:\WINDOWS\system32\wuauclt.exe

    5260 C:\Programme\Mozilla Firefox\firefox.exe

    3352 C:\Programme\AVG\AVG10\avgrsx.exe

    1544 C:\Programme\AVG\AVG10\avgcsrvx.exe

     764 wmiprvse.exe

    5412 C:\Dokumente und Einstellungen\Koi\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`80300000  (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000011`80500000  (NTFS)
 

PhysicalDrive0 Model Number: ExcelStorTechnologyJ680, Rev: V32OA60A
 

      Size  Device Name          MBR Status

  --------------------------------------------

     76 GB  \\.\PhysicalDrive0

Ich hoffe, dass ist alles, mein Rechner is mir bei der Zeile "76 GB \\.\PhysicalDrive0" abgeschmiert

Edit: Ähm... Wär echt schön, wenn du mir ein wenig die Dunkelheit erhellen könntest! Was hat es mit diesen Rootkits auf sich? Und habe ich son Teil aufm Rechner? Wüsste ich gern, da ich ein wenig Sorge um meine Konten habe... (Bin leider jetzt erst in nem anderem Thread über diesen Zusammenhang gestoßen)