Trojaner-Board - Avira findet DR/Delphi.Gen & verdächtiger svchost-Prozess

Hallo cosinus,

alles erledigt wie Du es beschrieben hast. Ist mein Rechner nun wieder gesund? Er fühlt sich schon wieder normal an, aber wie sicher kann ich sein?

Beste Grüße & vielen Dank,
Eben

Hier die anonymisierte Log:

Combofix Logfile:

Code:

ComboFix 10-12-26.01 - <username> 28.12.2010  14:26:15.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.894.469 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\<username>\Desktop\CoFi.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\system32\Oeminfo.ini
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_NPF
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-11-28 bis 2010-12-28  ))))))))))))))))))))))))))))))

.
 

2010-12-26 09:52 . 2010-12-26 12:12        --------        d-----w-        c:\dokumente und einstellungen\<username>\Anwendungsdaten\NoteTab Light

2010-12-26 09:52 . 2010-12-26 09:52        --------        d-----w-        c:\programme\NoteTab Light

2010-12-26 00:41 . 2010-12-26 00:42        --------        d-----w-        c:\programme\ERUNT

2010-12-26 00:30 . 2010-12-26 00:30        --------        d-----w-        c:\dokumente und einstellungen\<username>\Anwendungsdaten\Malwarebytes

2010-12-26 00:30 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-26 00:30 . 2010-12-26 00:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-12-26 00:30 . 2010-12-26 00:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-12-26 00:30 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-12-26 00:14 . 2010-12-28 08:17        --------        d-----w-        c:\dokumente und einstellungen\<username>\Anwendungsdaten\QuickScan

2010-12-25 23:39 . 2010-12-25 23:39        --------        d-----w-        c:\dokumente und einstellungen\<username>\Anwendungsdaten\CyberLink

2010-12-25 17:06 . 2010-12-25 17:06        --------        d-----w-        c:\windows\system32\config\systemprofile\Anwendungsdaten\Avira

2010-12-25 14:20 . 2010-12-28 13:20        --------        d-----w-        c:\windows\system32\NtmsData

2010-12-25 14:18 . 2010-12-25 14:18        --------        d-----w-        c:\dokumente und einstellungen\<username>\Anwendungsdaten\Avira

2010-12-25 13:29 . 2010-12-25 13:29        1409        ----a-w-        c:\windows\QTFont.for

2010-12-23 20:45 . 2010-12-23 20:45        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Startmenü

2010-12-11 21:51 . 2010-12-23 20:44        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2010-12-11 21:51 . 2010-11-30 17:13        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2010-12-11 21:51 . 2010-06-17 13:27        45416        ----a-w-        c:\windows\system32\drivers\avgntdd.sys

2010-12-11 21:51 . 2010-06-17 13:27        22360        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys

2010-12-11 21:51 . 2010-12-11 21:51        --------        d-----w-        c:\programme\Avira

2010-12-11 21:51 . 2010-12-11 21:51        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2006-08-14 08:00        86016        ----a-w-        c:\windows\system32\isign32.dll

2010-11-06 00:21 . 2006-08-14 11:59        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-11-06 00:21 . 2006-08-14 11:58        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2010-11-06 00:21 . 2006-08-14 11:58        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2006-08-14 11:58        385024        ----a-w-        c:\windows\system32\html.iec

2010-11-02 15:17 . 2006-08-14 11:59        40960        ----a-w-        c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:12 . 2006-08-14 11:58        290048        ----a-w-        c:\windows\system32\atmfd.dll

2010-10-26 14:05 . 2006-08-14 11:59        1853440        ----a-w-        c:\windows\system32\win32k.sys

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Process Explorer.lnk - c:\programme\process_explorer\procexp.exe [2009-12-12 3550592]

VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-1-16 6144]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2008-06-18 12:47        24692        ----a-w-        c:\windows\system32\ckpNotify.dll
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

2005-02-28 16:53        53248        ----a-w-        c:\windows\Vm_sti.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-04-17 13:34        16143872        ----a-w-        c:\windows\RTHDCPL.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE"=

"c:\\Programme\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=

"c:\\Programme\\CheckPoint\\SecuRemote\\bin\\SCC.EXE"=

"c:\\Programme\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE"=

"c:\\Programme\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE"=

"c:\\WINDOWS\\system32\\lmabcoms.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"c:\\Programme\\Lexmark\\ScanBack\\scanwiz.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
 

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.02.2006 15:00 34880]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.02.2006 16:01 29056]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.12.2010 22:51 135336]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [18.06.2008 13:46 47504]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [18.06.2008 13:46 121136]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [18.06.2008 13:46 673872]

R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [18.06.2008 13:46 2235760]

S1 M9207;LifeView M9207 USB Digital TV BOX;c:\windows\system32\drivers\M9207_543.sys [28.11.2006 17:29 51072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12.12.2009 21:12 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12.12.2009 21:12 8456]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.03.2010 10:17 25088]

S3 WDM_Capture_225;Digital-TV Receiver.;c:\windows\system32\drivers\WDM_Capture_225.sys [04.12.2006 19:30 19328]

S3 WDM_Loader_225;DVB-T TV;c:\windows\system32\drivers\WDM_Loader_225.sys [04.12.2006 19:29 17024]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.08.2006 12:59 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM        REG_MULTI_SZ           WINRM

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://de.yahoo.com/fsc/

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*hxxp://www.yahoo.com

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\dokumente und einstellungen\<username>\Anwendungsdaten\Mozilla\Firefox\Profiles\6jcct492.default\

FF - prefs.js: network.proxy.ftp - proxy.tu-darmstadt.de

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - proxy.tu-darmstadt.de

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http - proxy.tu-darmstadt.de

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - proxy.tu-darmstadt.de

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - proxy.tu-darmstadt.de

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: MM3-ProxySwitch: ProxySwitch@MM3Tools.de - %profile%\extensions\ProxySwitch@MM3Tools.de

FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-12-28 14:35

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(1560)

c:\windows\system32\Ati2evxx.dll
 

- - - - - - - > 'explorer.exe'(2436)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\programme\CheckPoint\SecuRemote\bin\SR_Service.exe

c:\programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

c:\programme\Cisco Systems\VPN Client\cvpnd.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\LMabcoms.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\o2flash.exe

c:\windows\system32\tcpsvcs.exe

c:\programme\CheckPoint\SecuRemote\bin\SR_GUI.Exe

c:\programme\Synaptics\SynTP\SynTPEnh.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-12-28  14:37:18 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-12-28 13:37
 

Vor Suchlauf: 4 Verzeichnis(se), 21.753.155.584 Bytes frei

Nach Suchlauf: 6 Verzeichnis(se), 21.619.978.240 Bytes frei
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
 

- - End Of File - - B0792DF5DDAD94E843CC169AF061B7FA

--- --- ---

Hallo cosinus,

hier sind die logs von GMER, OSAM und MBRCheck:

GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2010-12-29 04:42:12

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-07LAT0 rev.01.06M01

Running: gmer.exe; Driver: C:\DOKUME~1\<username>\LOKALE~1\Temp\uwdoikod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            F7B72E16                                                                                                                       ZwCreateKey

SSDT            F7B72E0C                                                                                                                       ZwCreateThread

SSDT            F7B72E1B                                                                                                                       ZwDeleteKey

SSDT            F7B72E25                                                                                                                       ZwDeleteValueKey

SSDT            F7B72E2A                                                                                                                       ZwLoadKey

SSDT            F7B72DF8                                                                                                                       ZwOpenProcess

SSDT            F7B72DFD                                                                                                                       ZwOpenThread

SSDT            F7B72E34                                                                                                                       ZwReplaceKey

SSDT            F7B72E2F                                                                                                                       ZwRestoreKey

SSDT            F7B72E20                                                                                                                       ZwSetValueKey
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                     Das System kann die angegebene Datei nicht finden. !
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[236] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]            [00F52BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)

IAT             C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[236] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter]  [00F52CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)

IAT             C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[236] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess]          [00F52CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                        wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                        wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 04:45:05 on 29.12.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.13
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\CoFi\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Check Point Office Mode Module" (CP_OMDRV) - "Check Point Software Technologies" - C:\WINDOWS\System32\drivers\omdrv.sys

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys

"Digital-TV Receiver." (WDM_Capture_225) - "Computer & Entertainment, Inc." - C:\WINDOWS\System32\Drivers\WDM_Capture_225.sys

"DVB-T TV" (WDM_Loader_225) - "WideView Technology Inc." - C:\WINDOWS\System32\Drivers\WDM_Loader_225.sys

"epmntdrv" (epmntdrv) - ? - C:\WINDOWS\system32\epmntdrv.sys  (File found, but it contains no detailed information)

"EuGdiDrv" (EuGdiDrv) - ? - C:\WINDOWS\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\NSNDIS5.SYS

"PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\Drivers\PCASp50.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"SYMIDSCO" (SYMIDSCO) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys  (File not found)

"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys

"uwdoikod" (uwdoikod) - ? - C:\DOKUME~1\<username>\LOKALE~1\Temp\uwdoikod.sys  (Hidden registry entry, rootkit activity | File not found)

"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys  (File not found)

"VPN-1 Module" (VPN-1) - "Check Point Software Technologies" - C:\WINDOWS\System32\drivers\vpn.sys

"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\system32\vsdatant.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WINIO" (WINIO) - ? - C:\WINDOWS\system32\winio.sys  (File found, but it contains no detailed information)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - "FaJo" - C:\Programme\FaJo\XP File Security Extension\FJXPFileSecExt.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL

{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll

{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll

{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll

{5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll

"Messenger" - ? - C:\Programme\Messenger\msmsgs.exe  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Process Explorer.lnk" - "Sysinternals - www.sysinternals.com" - C:\Programme\process_explorer\procexp.exe  (Shortcut exists | File exists)

"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\<username>\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL

"Lexmark Enhanced TCP/IP Port" - " " - C:\WINDOWS\system32\lmablmpm.dll

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Check Point VPN-1 Securemote service" (SR_Service) - "Check Point Software Technologies" - C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe

"Check Point VPN-1 Securemote watchdog" (SR_Watchdog) - "Check Point Software Technologies" - C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

"Cisco Systems, Inc. Installer service" (CiscoVpnInstallService) - ? - C:\DOKUME~1\<username>\LOKALE~1\Temp\7zS3BB.tmp\INSTAL~1.EXE  (File not found)

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"lmab_device" (lmab_device) - " " - C:\WINDOWS\system32\LMabcoms.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"O2Micro Flash Memory" (O2Flash) - ? - C:\WINDOWS\system32\o2flash.exe  (File found, but it contains no detailed information)

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"ckpNotify" - "Check Point Software Technologies" - C:\WINDOWS\system32\ckpNotify.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck Logfile:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF79D2000 \WINDOWS\system32\KDCOM.DLL
0xF78E2000 \WINDOWS\system32\BOOTVID.dll
0xF73A2000 ACPI.sys
0xF79D4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7391000 pci.sys
0xF74D2000 isapnp.sys
0xF74E2000 ohci1394.sys
0xF74F2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF78E6000 compbatt.sys
0xF78EA000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A9A000 pciide.sys
0xF7752000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7502000 MountMgr.sys
0xF7372000 ftdisk.sys
0xF78EE000 ACPIEC.sys
0xF7A9B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF775A000 PartMgr.sys
0xF7512000 VolSnap.sys
0xF735A000 atapi.sys
0xF7284000 iaStor.sys
0xF7762000 o2sd.sys
0xF726C000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7522000 o2media.sys
0xF7255000 nvatabus.sys
0xF7242000 nvraid.sys
0xF7532000 \WINDOWS\system32\drivers\CLASSPNP.SYS
0xF776A000 SiSRaid2.sys
0xF722B000 viamraid.sys
0xF7542000 disk.sys
0xF720B000 fltmgr.sys
0xF71F9000 sr.sys
0xF71E2000 KSecDD.sys
0xF7155000 Ntfs.sys
0xF7128000 NDIS.sys
0xF710E000 Mup.sys
0xF7742000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF70E6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6A8D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6A79000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7842000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6A55000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF784A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7562000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7572000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7582000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6A32000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6A0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7592000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7852000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF69D3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF75A2000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF6962000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF785A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF68EA000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF66C8000 \SystemRoot\system32\DRIVERS\fw.sys
0xF7862000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF66A9000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF7B24000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF70D6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6692000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7872000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF787A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6674000 \SystemRoot\system32\DRIVERS\vnasc.sys
0xF75E2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A02000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6616000 \SystemRoot\system32\DRIVERS\update.sys
0xF70CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF65E9000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xF7602000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7632000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEE07A000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF7882000 \SystemRoot\System32\Drivers\Modem.SYS
0xEDC44000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEDC20000 \SystemRoot\system32\drivers\portcls.sys
0xF7642000 \SystemRoot\system32\drivers\drmk.sys
0xF7A0A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BAC000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A0C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78AA000 \SystemRoot\System32\drivers\vga.sys
0xF7A0E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78B2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDBED000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7652000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xEDB94000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDB6C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDB1E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDAFC000 \SystemRoot\System32\drivers\afd.sys
0xF7662000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7672000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDAC7000 \SystemRoot\System32\drivers\truecrypt.sys
0xF78C2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xEDA9C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDA2C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF79A2000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xF76A2000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDA06000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A18000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7712000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xED9C6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A30000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF64E5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78DA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B5C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09A000 \SystemRoot\System32\atikvmag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEB6D1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF7722000 \SystemRoot\System32\drivers\omdrv.sys
0xEB79E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB4C4000 \SystemRoot\System32\drivers\vpn.sys
0xEB1DC000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xEB15C000 \SystemRoot\system32\DRIVERS\srv.sys
0xEE334000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE409000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A34000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA51E000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA1D2000 \??\C:\DOKUME~1\<username>\LOKALE~1\Temp\uwdoikod.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
1300 C:\WINDOWS\system32\smss.exe
1532 csrss.exe
1684 C:\WINDOWS\system32\winlogon.exe
1744 C:\WINDOWS\system32\services.exe
1756 C:\WINDOWS\system32\lsass.exe
1944 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1992 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
732 C:\WINDOWS\system32\svchost.exe
856 svchost.exe
892 C:\WINDOWS\system32\svchost.exe
1140 C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
1224 svchost.exe
1252 svchost.exe
1632 C:\WINDOWS\system32\spoolsv.exe
1872 C:\Programme\Avira\AntiVir Desktop\sched.exe
236 C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
320 C:\Programme\Java\jre6\bin\jqs.exe
360 C:\WINDOWS\system32\lmabcoms.exe
396 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
428 C:\WINDOWS\system32\o2flash.exe
520 C:\WINDOWS\system32\tcpsvcs.exe
552 C:\WINDOWS\system32\svchost.exe
436 C:\WINDOWS\explorer.exe
344 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
1208 C:\Programme\process_explorer\procexp.exe
1048 alg.exe
2412 C:\WINDOWS\system32\wbem\wmiapsrv.exe
1180 C:\WINDOWS\system32\wscntfy.exe
724 C:\Programme\Mozilla Firefox\firefox.exe
3056 C:\Dokumente und Einstellungen\<username>\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`4ca58200 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-07LAT0, Rev: 01.06M01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!