Trojaner-Board - Infizierung durch Trojaner?

Guten Abend zusammen.

Nach einem Virenscan hat mir das kostenlose Antivirenprogramm "PC Tools Internet Security" folgenden Virus angezeigt:

Trojan BHO.KMY
Pfad: C:/WINDOWS/System32/ctfmon(2).exe

leider kann ich es mit diesem Antivirenprogramm nicht enfernen (dafür müsste ich die volle Version erwerben) deshalb habe ich folgende andere kostenlose Antivirenprogramme bzw. Testversionen scannen lassen:
Avira Antivir, Trend Micro Internet Security, Kaspersky Antivirus und G Data Antivirus.

Keines der Programme hat etwas entdeckt. Anschließend habe ich einen Scan mit "Panda Active Scan" durchführen lassen und dieser hat zwei weitere Trojaner entdeckt (txt-Datei anbei; die Datei "avenger.exe" habe ich inzwischen gelöscht). Hier müsste ich für die Entfernung ebenfalls eine Version erwerben.
Anschließend habe ich mit "Malwarebytes Anti Malware" eine Suche durchlaufen lassen und dies hat wieder nichts entdeckt (txt-Datei anbei).

Nun ist meine Frage, ob mein PC wirklich infiziert ist, oder ob PC Tools und Panda Scan absichtlich Viren anzeigen um ihre kostenpflichtige Version zu kaufen.

Außerdem bekomme ich des öfteren die Meldung "jusched.exe hat Problem festgestellt". Ich weiß nicht, ob das etwas mit den Viren zu tun hat, oder ein anderes Problem ist.

Ich hoffe ihr könnt mir helfen und vielen Dank im voraus!

Hier das HiJackthis-log:

Code:



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:01:12, on 12.01.2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe

C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe

C:\Programme\G Data\AntiVirus\AVK\AVKService.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programme\CyberLink\Shared Files\RichVideo.exe

C:\Programme\Secunia\PSI\PSIA.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\dllhost.exe

C:\Programme\Secunia\PSI\sua.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programme\SMSC\SetIcon.exe

C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

C:\Programme\Brother\ControlCenter2\brctrcen.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\Programme\Real\RealPlayer\update\realsched.exe

C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Windows Media Player\WMPNSCFG.exe

C:\Programme\Secunia\PSI\psi_tray.exe

C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

C:\Programme\Brother\Brmfcmon\BrMfcmon.exe

C:\Programme\iPod\bin\iPodService.exe

C:\Programme\Real\RealPlayer\RealPlay.exe

C:\Programme\Real\RealPlayer\RealPlay.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Mozilla Firefox\plugin-container.exe

C:\Eigene Programme\AntiVirenProg+Scanner\HiJackThis\HiJackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://w**.gmx.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll

O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Real\RealPlayer\update\realsched.exe"  -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe

O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=hxxp://www.aldi.com/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1293720852000

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161181998125

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe

O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe

O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - Unknown owner - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe

O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programme\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Programme\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Programme\Secunia\PSI\sua.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

--

End of file - 10664 bytes

Liebe Grüße
Alina

Hallo Arne,

tut mir Leid für die späte Antwort, war gestern nicht am Rechner...

Hier also die Logs von Gmer, Osam und MbrCheck:

GMER:

Code:

GMER Logfile:
 

        Code:


        
GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2011-01-14 07:25:00

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320820AS rev.3.AAC

Running: 1kyqz8p1.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\fgtdqpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                        ZwClose [0xBA479376]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                        ZwCreateKey [0xBA47A420]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                        ZwDeleteKey [0xBA47A55C]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                        ZwDeleteValueKey [0xBA47A57E]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                        ZwOpenKey [0xBA47A4B4]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                        ZwOpenProcess [0xBA47A2FE]

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                        ZwSetValueKey [0xBA47A52E]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                 section is writeable [0xB9392360, 0x24B2BD, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Programme\Real\RealPlayer\update\realsched.exe[3224] kernel32.dll!SetUnhandledExceptionFilter         7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\Tcpip \Device\Ip                                                                                 GDTdiIcpt.sys (G Data Software AG)

Device          \Driver\Tcpip \Device\Tcp                                                                                GDTdiIcpt.sys (G Data Software AG)

Device          \Driver\Tcpip \Device\Udp                                                                                GDTdiIcpt.sys (G Data Software AG)

Device          \Driver\Tcpip \Device\RawIp                                                                              GDTdiIcpt.sys (G Data Software AG)

Device          \Driver\Tcpip \Device\IPMULTICAST                                                                        GDTdiIcpt.sys (G Data Software AG)
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y!  71230
 

---- EOF - GMER 1.0.15 ----

 
--- --- ---

OSAM:

Code:

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 00:32:16 on 14.01.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"RealUpgradeLogonTaskS-1-5-21-2886695498-1919243377-3692606956-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

"RealUpgradeScheduledTaskS-1-5-21-2886695498-1919243377-3692606956-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl

"xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl  (File found, but it contains no detailed information)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AEGIS Protocol (IEEE 802.1x) v3.4.10.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys

"catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\WINDOWS\system32\drivers\GRD.sys

"GDBehave" (GDBehave) - "G Data Software AG" - C:\WINDOWS\System32\drivers\GDBehave.sys

"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\WINDOWS\system32\drivers\MiniIcpt.sys

"GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

"HookCentre" (HookCentre) - "G Data Software AG" - C:\WINDOWS\system32\drivers\HookCentre.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys

"pavboot" (pavboot) - "Panda Security, S.L." - C:\WINDOWS\System32\drivers\pavboot.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys

"SANDRA" (SANDRA) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys

"TfFsMon" (TfFsMon) - ? - C:\WINDOWS\System32\drivers\TfFsMon.sys  (File not found)

"TfNetMon" (TfNetMon) - ? - C:\WINDOWS\system32\drivers\TfNetMon.sys  (File not found)

"TfSysMon" (TfSysMon) - ? - C:\WINDOWS\System32\drivers\TfSysMon.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar2.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161181998125

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?LinkID=39204

{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar2.dll

{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - c:\programme\google\googletoolbar2.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "{DBC80044-A445-435b-BC74-9C25C1C588A9}" - ? -   (File not found | COM-object registry key not found)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)

"Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)

"Status Monitor.lnk" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"ControlCenter2.0" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun

"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe

"IndexSearch" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"LanguageShortcut" - ? - "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"

"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"PaperPort PTD" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

"SetDefPrt" - "Brother Industories, Ltd." - C:\Programme\Brother\Brmfl05a\BrStDvPt.exe

"SetIcon" - ? - \Programme\SMSC\SetIcon.exe  (File not found)

"SSBkgdUpdate" - "Scansoft, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Real\RealPlayer\update\realsched.exe"  -osboot
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe

"G Data Dateisystem Wächter" (AVKWCtl) - ? - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe

"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe

"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - ? - "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf"  (File not found)

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll

"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe

"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe

"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit h**p://forum.online-solutions.ru

MBRCheck:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Professional

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x000007bc
 

Kernel Drivers (total 134):

  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

  0x806E5000 \WINDOWS\system32\hal.dll

  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

  0xB9F78000 ACPI.sys

  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

  0xB9F67000 pci.sys

  0xBA0A8000 isapnp.sys

  0xBA0B8000 ohci1394.sys

  0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

  0xBA670000 pciide.sys

  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

  0xBA5AC000 viaide.sys

  0xBA0D8000 MountMgr.sys

  0xB9F48000 ftdisk.sys

  0xBA5AE000 dmload.sys

  0xB9F22000 dmio.sys

  0xBA330000 PartMgr.sys

  0xBA338000 videX32.sys

  0xBA340000 pavboot.sys

  0xBA0E8000 VolSnap.sys

  0xB9F0A000 atapi.sys

  0xBA0F8000 disk.sys

  0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

  0xB9EEA000 fltmgr.sys

  0xB9ED8000 sr.sys

  0xBA348000 xfilt.sys

  0xBA350000 PxHelp20.sys

  0xB9EC1000 KSecDD.sys

  0xB9E34000 Ntfs.sys

  0xB9E07000 NDIS.sys

  0xBA118000 uagp35.sys

  0xB9DED000 Mup.sys

  0xBA358000 GDBehave.sys

  0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys

  0xBA168000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0xB94D7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

  0xB94C3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xBA178000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xBA188000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xBA198000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xB94A0000 \SystemRoot\system32\DRIVERS\ks.sys

  0xBA408000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0xBA410000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0xB947C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xBA418000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xB9936000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys

  0xB9454000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0xB9346000 \SystemRoot\system32\DRIVERS\3xHybrid.sys

  0xBA584000 \SystemRoot\system32\DRIVERS\BdaSup.SYS

  0xBA420000 \SystemRoot\system32\DRIVERS\fdc.sys

  0xB9926000 \SystemRoot\system32\DRIVERS\serial.sys

  0xBA588000 \SystemRoot\system32\DRIVERS\serenum.sys

  0xB9332000 \SystemRoot\system32\DRIVERS\parport.sys

  0xB9916000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xBA428000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xBA5D6000 \SystemRoot\System32\Drivers\x10hid.sys

  0xB9906000 \SystemRoot\System32\Drivers\HIDCLASS.SYS

  0xBA430000 \SystemRoot\System32\Drivers\HIDPARSE.SYS

  0xBA761000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xB98F6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xB931B000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xB98E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xB98D6000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xB92EB000 \SystemRoot\system32\DRIVERS\rdpdr.sys

  0xB98C6000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xBA450000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xB9265000 \SystemRoot\system32\DRIVERS\update.sys

  0xBA5A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xB9DC9000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0xB98B6000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xBA1A8000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xBA5E8000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xB6CDF000 \SystemRoot\system32\drivers\RtkHDAud.sys

  0xB6CBB000 \SystemRoot\system32\drivers\portcls.sys

  0xBA1B8000 \SystemRoot\system32\drivers\drmk.sys

  0xBA1D8000 \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys

  0xBA460000 \??\C:\WINDOWS\system32\drivers\HookCentre.sys

  0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xBA745000 \SystemRoot\System32\Drivers\Null.SYS

  0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS

  0xBA470000 \SystemRoot\System32\drivers\vga.sys

  0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xBA478000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xBA480000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xBA578000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xB6C60000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xBA1E8000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xB6C07000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xB6BB7000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xB6B91000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xBA1F8000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xB6B6F000 \SystemRoot\System32\drivers\afd.sys

  0xBA208000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xB6AA4000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xBA218000 \SystemRoot\system32\DRIVERS\arp1394.sys

  0xB6A34000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xBA228000 \??\C:\WINDOWS\system32\drivers\GRD.sys

  0xBA238000 \SystemRoot\System32\Drivers\Fips.SYS

  0xB9253000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xBA4A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0xB6A10000 \SystemRoot\System32\Drivers\Fastfat.SYS

  0xB9243000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0xBA4A8000 \SystemRoot\system32\DRIVERS\usbprint.sys

  0xB6CAF000 \SystemRoot\System32\Drivers\BrScnUsb.sys

  0xBA4B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0xBA368000 \SystemRoot\System32\Drivers\x10ufx2.sys

  0xB6980000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0xBA62A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xB6BF3000 \SystemRoot\System32\drivers\Dxapi.sys

  0xBA3B0000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xBA71D000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBF012000 \SystemRoot\System32\nv4_disp.dll

  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

  0xB69D8000 \SystemRoot\system32\DRIVERS\AegisP.sys

  0xB62DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xB6AEF000 \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

  0xB591F000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xB574A000 \SystemRoot\system32\DRIVERS\mrxdav.sys

  0xB54B1000 \SystemRoot\System32\Drivers\HTTP.sys

  0xB5311000 \SystemRoot\system32\drivers\wdmaud.sys

  0xB5502000 \SystemRoot\system32\drivers\sysaudio.sys

  0xB52B9000 \SystemRoot\system32\DRIVERS\srv.sys

  0xBA658000 \SystemRoot\system32\drivers\MSPQM.sys

  0xB4CC4000 \SystemRoot\system32\DRIVERS\psi_mf.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 54):

       0 System Idle Process

       4 System

     448 C:\WINDOWS\system32\smss.exe

     500 csrss.exe

     524 C:\WINDOWS\system32\winlogon.exe

     568 C:\WINDOWS\system32\services.exe

     580 C:\WINDOWS\system32\lsass.exe

     752 C:\WINDOWS\system32\svchost.exe

     800 svchost.exe

     868 C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe

     892 C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe

     932 C:\WINDOWS\system32\svchost.exe

    1128 svchost.exe

    1180 svchost.exe

    1388 C:\WINDOWS\system32\brsvc01a.exe

    1412 C:\WINDOWS\system32\brss01a.exe

    1420 C:\WINDOWS\system32\spoolsv.exe

    1924 svchost.exe

    1956 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1972 C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe

    1996 C:\Programme\G Data\AntiVirus\AVK\AVKService.exe

     160 C:\Programme\Bonjour\mDNSResponder.exe

     356 C:\WINDOWS\ehome\ehrecvr.exe

     308 C:\WINDOWS\ehome\ehSched.exe

     760 C:\WINDOWS\system32\svchost.exe

    1120 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

    1736 C:\WINDOWS\system32\nvsvc32.exe

    1808 C:\Programme\CyberLink\Shared Files\RichVideo.exe

    1872 C:\Programme\Secunia\PSI\psia.exe

    2376 svchost.exe

    2488 C:\WINDOWS\system32\svchost.exe

    2652 C:\Programme\Common Files\X10\Common\X10nets.exe

    2836 mcrdsvc.exe

    2920 wmpnetwk.exe

    3380 C:\WINDOWS\system32\dllhost.exe

    3564 alg.exe

    3920 C:\Programme\Secunia\PSI\sua.exe

    2484 C:\WINDOWS\explorer.exe

    3548 C:\WINDOWS\ehome\ehtray.exe

    3556 C:\WINDOWS\RTHDCPL.exe

    3584 C:\Programme\SMSC\SetIcon.exe

    4060 C:\WINDOWS\ehome\ehmsas.exe

     648 C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

    1796 C:\Programme\Brother\ControlCenter2\brctrcen.exe

    4148 C:\Programme\iTunes\iTunesHelper.exe

    4292 C:\Programme\Real\RealPlayer\Update\realsched.exe

    4452 C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe

    4496 C:\Programme\Windows Media Player\wmpnscfg.exe

    4712 C:\WINDOWS\system32\ctfmon.exe

    5012 C:\Programme\Secunia\PSI\psi_tray.exe

    5108 C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

    5192 C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

    5404 C:\Programme\iPod\bin\iPodService.exe

    6116 C:\Dokumente und Einstellungen\Alina\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000045`a3811400  (FAT32)
 

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAC   
 

      Size  Device Name          MBR Status

  --------------------------------------------

    298 GB  \\.\PhysicalDrive0   Windows 98 MBR code detected

            SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
 
 

Done!

Viele Grüße,
alina