Trojaner-Board - Fehlende Adminrechte - "Keine ausreichende Berechtigung, um auf Elemente zugreifen zu könnnen."

hallo Arne...

GMER hat leider auch nicht im abgesicherten modus durchgehalten, es hing sich im system32 bei irgendeiner .dll datei auf oder es wurde gleich ein neustart gemacht.

OSAM spuckte folgendes aus:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 12:25:40 on 11.11.2010
 

OS: Windows XP Home Edition Service Pack 2 (Build 2600)

Default Browser: Opera Software Opera Internet Browser 9.63
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"RMSchedule.job" - "PC Tools" - C:\Programme\Registry Mechanic\RegMech.exe

"Automatische Wartung.job" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\OneClickStarter.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Add Performance Filter Driver" (sisperf) - "Silicon Integrated Systems Corp." - C:\WINDOWS\System32\drivers\sisperf.sys

"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys

"Advanced System Protector" (BCASPROT) - ? - C:\Programme\Systweak\Advanced System Protector\sasprot32.sys  (File found, but it contains no detailed information)

"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys

"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys

"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys

"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"GEARAspiWDM" (GearAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\drivers\GEARAspiWDM.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"Multimedia Keyboard Filter Driver" (msikbd2k) - "Netropa Corporation" - C:\WINDOWS\System32\DRIVERS\msikbd2k.sys

"NeroCd2k" (NeroCd2k) - "ahead software gmbh
 

im stoeckmaedle 6
 

76307 karlsbad, germany
 

Fax: ++49-7248-911-888
 

e-mail: info@nero.com" - C:\WINDOWS\System32\drivers\NeroCd2k.sys

"NetworkX" (NetworkX) - ? - C:\WINDOWS\system32\ckldrv.sys  (File found, but it contains no detailed information)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Pivot" (Pivot) - "Portrait Displays, Inc." - C:\WINDOWS\System32\drivers\pivot.sys

"Pivot Mouse/Pointers Filter Driver" (pivotmou) - "Portrait Displays, Inc." - C:\WINDOWS\system32\drivers\pivotmou.sys

"Portrait Displays low level device driver" (PdiPorts) - "Portrait Displays, Inc." - C:\WINDOWS\System32\Drivers\PdiPorts.sys

"pxkbf" (pxkbf) - "Prevx" - C:\WINDOWS\System32\drivers\pxkbf.sys

"pxrts" (pxrts) - "Prevx" - C:\WINDOWS\System32\drivers\pxrts.sys

"pxscan" (pxscan) - "Prevx" - C:\WINDOWS\System32\drivers\pxscan.sys

"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"sisidex" (sisidex) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\drivers\sisidex.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

"VIA USB Host Controller Lower Filter" (vulfnths) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfnth.sys

"VIA USB Roothub Lower Filter" (vulfntrs) - "VIA Technologies, Inc." - C:\WINDOWS\System32\Drivers\vulfntr.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{4EB37360-49E8-11D3-95B5-004033382980} "ALZip 5.0 Context Menu Shell Extension" - "ESTsoft" - C:\Programme\Alzip\ALZip\AZCTM.dll

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{654D0431-C930-43C4-B8DA-9AA01BA5B486} "PDI GUI Engine COM Obj" - "Portrait Displays, Inc" - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HtmlEngine.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{5464D816-CF16-4784-B9F3-75C0DB52B499} "YMailShellExt Class" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Gutscheinmieze" - "Synatix GmbH" - C:\Dokumente und Einstellungen\Ramon Briceno\Anwendungsdaten\Gutscheinmieze\toolbar.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "YInstStarter Class" - "Yahoo! Inc." - C:\Programme\Yahoo!\Common\yinsthelper.dll / C:\Programme\Yahoo!\Common\yinsthelper.dll

{1E54D648-B804-468d-BC78-4AFFED8E262E} "{1E54D648-B804-468d-BC78-4AFFED8E262E}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

{41564D57-9980-0010-8000-00AA00389B71} "{41564D57-9980-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "Gutscheinmieze" - "Synatix GmbH" - C:\Dokumente und Einstellungen\Ramon Briceno\Anwendungsdaten\Gutscheinmieze\toolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - ? - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll

{69D72956-317C-44bd-B369-8E44D4EF9801} "SafeOnline BHO" - "Prevx" - C:\WINDOWS\system32\PxSecure.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Ramon Briceno\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe

"MULTIMEDIA KEYBOARD" - "Netropa Corp." - C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe

"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

... und MRB...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D7000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF798B000 siside.sys
0xF7717000 pxscan.sys
0xF7637000 VolSnap.sys
0xF74BF000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltMgr.sys
0xF748E000 sr.sys
0xF7477000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF744A000 NDIS.sys
0xF789B000 sisperf.sys
0xF7667000 sisidex.sys
0xBA7E5000 Mup.sys
0xF7677000 gagp30kx.sys
0xF771F000 avgrkx86.sys
0xF7687000 AVGIDSEH.Sys
0xBA745000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9976000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9962000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF76B7000 \SystemRoot\System32\drivers\pivot.sys
0xB9EA6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9E96000 \SystemRoot\system32\drivers\NeroCd2k.sys
0xB9E86000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9E76000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB96B1000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA71D000 \SystemRoot\System32\drivers\GEARAspiWDM.sys
0xB95CD000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB95A9000 \SystemRoot\system32\drivers\portcls.sys
0xB9E66000 \SystemRoot\system32\drivers\drmk.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9586000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7807000 \SystemRoot\system32\DRIVERS\sisnic.sys
0xF780F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9575000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA711000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9561000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA70D000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB9DCE000 \SystemRoot\system32\drivers\msmpu401.sys
0xB9DCD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9E56000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA709000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB954A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9E46000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9E36000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7817000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9539000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9E26000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF781F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7737000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA6F9000 \SystemRoot\System32\Drivers\PdiPorts.sys
0xB9E16000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF773F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7747000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9505000 \SystemRoot\system32\DRIVERS\update.sys
0xBA6F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xB8304000 \SystemRoot\System32\drivers\pxrts.sys
0xF79A5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A5A000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79A9000 \SystemRoot\System32\DRIVERS\msikbd2k.sys
0xF7767000 \SystemRoot\System32\drivers\vga.sys
0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF776F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7923000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB8259000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8201000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB81B9000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xB8198000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7576000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8170000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB814E000 \SystemRoot\System32\drivers\afd.sys
0xF7566000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8122000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF792F000 \SystemRoot\system32\ckldrv.sys
0xB80B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7556000 \SystemRoot\System32\Drivers\Fips.SYS
0xB7FC9000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF778F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF793F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7546000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7943000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7947000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7797000 \SystemRoot\System32\drivers\pxkbf.sys
0xF7536000 \SystemRoot\system32\drivers\usbaudio.sys
0xF7516000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7F1B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77AF000 \SystemRoot\System32\watchdog.sys
0xB83D9000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A6F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB760F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB6AE6000 \SystemRoot\system32\drivers\wdmaud.sys
0xB76EB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79F1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB67D8000 \SystemRoot\System32\Drivers\adfs.SYS
0xB6C23000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xB675D000 \SystemRoot\system32\DRIVERS\srv.sys
0xB75BB000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB6609000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB62D0000 \SystemRoot\System32\Drivers\HTTP.sys
0xB43C0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
804 C:\WINDOWS\system32\smss.exe
1052 csrss.exe
1076 C:\WINDOWS\system32\winlogon.exe
1148 C:\WINDOWS\system32\services.exe
1168 C:\WINDOWS\system32\lsass.exe
1316 C:\WINDOWS\system32\svchost.exe
1384 svchost.exe
1472 C:\WINDOWS\system32\svchost.exe
1548 svchost.exe
1652 svchost.exe
1892 C:\WINDOWS\system32\spoolsv.exe
2020 C:\WINDOWS\explorer.exe
184 C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
188 C:\WINDOWS\system32\rundll32.exe
220 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
308 C:\Programme\AVG\AVG10\avgtray.exe
388 C:\WINDOWS\system32\ctfmon.exe
1600 C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
1736 C:\Programme\AVG\AVG10\avgwdsvc.exe
1988 C:\WINDOWS\system32\nvsvc32.exe
500 C:\WINDOWS\system32\svchost.exe
2396 alg.exe
2564 C:\WINDOWS\system32\wscntfy.exe
3016 C:\WINDOWS\system32\svchost.exe
2692 C:\Dokumente und Einstellungen\x\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3120023A, Rev: 3.30
PhysicalDrive1 Model Number: Maxtor6L080P0, Rev: BAJ41G20

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
76 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

grüße Ramon