Trojaner-Board - TR/Jorik.SpyEyes.nc + EXP/CVE-2010-4452.A

So,alles wunderbar geklappt:)

Darf ich jetzt eigendlich die Wiederherstellung wieder einschalten oder muss die weiterhin erst mal deaktiviert sein?
Ich hab Angst das durch irgend ein Fehler mein ganzes System zerschrottet wird und ich ohne Wiederherstellungspunkt alles neu aufsetzen muss:headbang:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 18:01:31 on 04.06.2011
 

OS: Windows XP Professional Service Pack 2 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.20696
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINXP\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINXP\system32\javacpl.cpl

"PhysX.cpl" - ? - C:\WINXP\system32\PhysX.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINXP\system32\QuickTime.cpl

"viahdcpl.cpl" - "VIA Technologies, Inc" - C:\WINXP\system32\viahdcpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal" - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\cofi22729c\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINXP\system32\drivers\Changer.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINXP\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINXP\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINXP\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINXP\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINXP\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINXP\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINXP\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINXP\System32\Drivers\PxHelp20.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINXP\System32\drivers\prodrv06.sys

"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINXP\System32\drivers\sfhlp01.sys

"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINXP\System32\drivers\prohlp02.sys

"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINXP\System32\drivers\prosync1.sys

"WDICA" (WDICA) - ? - C:\WINXP\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Programme\7-Zip\7-zip.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINXP\System32\XPSSHHDR.DLL

{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINXP\System32\XPSSHHDR.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINXP\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.5" - "ICQ, LLC." - C:\Programme\ICQ7.5\ICQ.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\cruncher\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Adope\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"PunkBuster" (PnkBstrA) - ? - D:\Spiele\MOHA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe  (File found, but it contains no detailed information)

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINXP\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

GMER Logfile:

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-06-04 18:25:24

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 ST3500418AS rev.CC46

Running: Gmer.exe; Driver: C:\DOKUME~1\cruncher\LOKALE~1\Temp\pxtdqpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT    BA73A60E                                      ZwCreateKey

SSDT    BA73A604                                      ZwCreateThread

SSDT    BA73A613                                      ZwDeleteKey

SSDT    BA73A61D                                      ZwDeleteValueKey

SSDT    BA73A622                                      ZwLoadKey

SSDT    BA73A5F0                                      ZwOpenProcess

SSDT    BA73A5F5                                      ZwOpenThread

SSDT    BA73A62C                                      ZwReplaceKey

SSDT    BA73A627                                      ZwRestoreKey

SSDT    BA73A618                                      ZwSetValueKey
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text   C:\WINXP\system32\DRIVERS\ati2mtag.sys        section is writeable [0xB78FE000, 0x231B17, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

Device  \Driver\prodrv06 \Device\ProDrv06             E1797880

Device  \Driver\atapi \Device\Ide\IdePort0            prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort1            prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort2            prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort3            prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-12  prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-5   prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\prohlp02 \Device\ProHlp02             E101A178
 

---- EOF - GMER 1.0.15 ----

--- --- ---

MBRCheck Log

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 124):
0x804D7000 \WINXP\system32\ntkrnlpa.exe
0x806E3000 \WINXP\system32\hal.dll
0xBA5A8000 \WINXP\system32\KDCOM.DLL
0xBA4B8000 \WINXP\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINXP\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINXP\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F22000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0A000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINXP\system32\DRIVERS\CLASSPNP.SYS
0xB9EEA000 fltMgr.sys
0xBA0F8000 PxHelp20.sys
0xB9ED3000 KSecDD.sys
0xB9E46000 Ntfs.sys
0xB9E19000 NDIS.sys
0xBA5AE000 sfhlp01.sys
0xBA5B0000 prosync1.sys
0xB9E01000 \WINXP\System32\drivers\SCSIPORT.SYS
0xB9DE5000 prohlp02.sys
0xB9DCA000 Mup.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\processr.sys
0xB78FD000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB78E9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB78C4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB78A1000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB787E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB785B000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7847000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB7836000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA554000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA558000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA7B2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB781F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB780E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA238000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB77DD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA248000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5BC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7766000 \SystemRoot\system32\DRIVERS\update.sys
0xBA578000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA258000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA268000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAB37B000 \SystemRoot\system32\drivers\viahduaa.sys
0xAB359000 \SystemRoot\system32\drivers\portcls.sys
0xBA298000 \SystemRoot\system32\drivers\drmk.sys
0xBA5C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6FD000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3F8000 \SystemRoot\System32\drivers\vga.sys
0xBA5C8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA400000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA408000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7D96000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAB2C6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAB26D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAB21D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAB1FC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAB1DA000 \SystemRoot\System32\drivers\afd.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAB1AF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA2D8000 \SystemRoot\System32\drivers\prodrv06.sys
0xAB140000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xAB11A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA420000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA540000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA308000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA544000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA5DA000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB77B6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA188000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAB0DA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB775A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA448000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF068000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF197000 \SystemRoot\System32\atiok3x2.dll
0xBF1F7000 \SystemRoot\System32\ati3duag.dll
0xBF518000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA819C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA8188000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7E67000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7FDC000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7B6B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5F2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7A01000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7830000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7423000 \SystemRoot\system32\drivers\kmixer.sys
0xA7236000 \??\C:\DOKUME~1\cruncher\LOKALE~1\Temp\pxtdqpow.sys
0x7C910000 \WINXP\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
592 C:\WINXP\system32\smss.exe
640 csrss.exe
684 C:\WINXP\system32\winlogon.exe
728 C:\WINXP\system32\services.exe
740 C:\WINXP\system32\lsass.exe
932 C:\WINXP\system32\ati2evxx.exe
948 C:\WINXP\system32\svchost.exe
1020 svchost.exe
1124 C:\WINXP\system32\svchost.exe
1244 svchost.exe
1292 svchost.exe
1416 C:\WINXP\system32\ati2evxx.exe
1500 C:\WINXP\system32\spoolsv.exe
1636 D:\Programme\Avira\AntiVir Desktop\sched.exe
1760 C:\WINXP\explorer.exe
1712 D:\Programme\Avira\AntiVir Desktop\avgnt.exe
1740 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1628 C:\WINXP\system32\ctfmon.exe
240 D:\Programme\Avira\AntiVir Desktop\avguard.exe
292 C:\Programme\Java\jre6\bin\jqs.exe
380 D:\Spiele\MOHA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
1072 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
1516 alg.exe
3028 D:\Programme\Alice Software\AliceEinwahl.exe
3204 C:\WINXP\system32\notepad.exe
2216 C:\Dokumente und Einstellungen\cruncher\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC46

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

Dank dir:)