Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei Trojaner endgültig gelöscht?

Bundespolizei Trojaner endgültig gelöscht?


Log-Analyse und Auswertung: Bundespolizei Trojaner endgültig gelöscht?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.08.2011, 21:09   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.08.2011, 22:24   #2
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?


GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-15 22:51:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD321KJ rev.CP100-10
Running: l6kxo3gi.exe; Driver: C:\Users\username\AppData\Local\Temp\pxldipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                       82E3F349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82E78D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\splz.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               9255FDB9 5 Bytes  JMP 855BA4E0 
.text           ac097r2h.SYS                                                                                                        908F2000 12 Bytes  [44, 88, 21, 83, EE, 86, 21, ...] {INC ESP; MOV [ECX], AH; SUB ESI, -0x7a; AND [EBX-0x7cde9860], EAX}
.text           ac097r2h.SYS                                                                                                        908F200D 9 Bytes  [67, 21, 83, 48, 8B, 21, 83, ...]
.text           ac097r2h.SYS                                                                                                        908F2017 20 Bytes  [00, DE, A7, 3B, 8B, E6, A5, ...]
.text           ac097r2h.SYS                                                                                                        908F202C 149 Bytes  [00, 00, 00, 00, C0, A1, E3, ...]
.text           ac097r2h.SYS                                                                                                        908F20C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA2A6B300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA2B42300, 0x1BEE, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
?               C:\Users\username\AppData\Local\Temp\catchme.sys                                                                          Das System kann die angegebene Datei nicht finden. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8B2BE042] \SystemRoot\System32\Drivers\splz.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8B2BE6D6] \SystemRoot\System32\Drivers\splz.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8B2BE800] \SystemRoot\System32\Drivers\splz.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8B2BE13E] \SystemRoot\System32\Drivers\splz.sys
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortNotification]                                          00147880
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortQuerySystemTime]                                       78800C75
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortReadPortUchar]                                         06750015
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortStallExecution]                                        C25DC033
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortWritePortUchar]                                        458B0008
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortWritePortUlong]                                        6A006A08
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    50056A24
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         005AB7E8
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  0001B800
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortGetParentBusType]                                      C25D0000
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortRequestCallback]                                       CCCC0008
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 CCCCCCCC
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  CCCCCCCC
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortCompleteRequest]                                       CCCCCCCC
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortCopyMemory]                                            53EC8B55
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortEtwTraceLog]                                           800C5D8B
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             7500117B
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                127B806A
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  80647500
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  7500137B
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortInitialize]                                            157B805E
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         56587500
IAT             \SystemRoot\System32\Drivers\ac097r2h.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     8008758B

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              855821F8
Device          \FileSystem\fastfat \FatCdrom                                                                                       8801B1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{D194CE8D-83C4-469A-A5DC-91165D826B49}                                            865F61F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                8557E1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    867641F8
Device          \Driver\sptd \Device\546958315                                                                                      splz.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    867641F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    867641F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{E5DDA494-8B1D-4A77-9ADF-53A9E1F206E2}                                            865F61F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    86680500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    867641F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    867641F8
Device          \Driver\PCI_PNP4314 \Device\00000062                                                                                splz.sys
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    867641F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              8557E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                    86680500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              8557E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        865A31F8
Device          \Driver\ACPI_HAL \Device\00000059                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-a                                                                         855801F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  855801F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  855801F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  855801F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  855801F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                  855801F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                  855801F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3                                                                         855801F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              8557E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom1                                                                                        865A31F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              8557E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             865F61F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    867641F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    867641F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    867641F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    86680500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    867641F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    867641F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    867641F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    86680500
Device          \Driver\ac097r2h \Device\Scsi\ac097r2h1Port6Path0Target0Lun0                                                        8667A500
Device          \Driver\ac097r2h \Device\Scsi\ac097r2h1                                                                             8667A500
Device          \FileSystem\fastfat \Fat                                                                                            8801B1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 E:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x63 0x86 0x35 0xAE ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x4E 0x8E 0xD4 0x1A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x7D 0x57 0x5B 0xC6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     E:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x63 0x86 0x35 0xAE ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4E 0x8E 0xD4 0x1A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x7D 0x57 0x5B 0xC6 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize                                       1481
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x46 0x47 0x15 0xB0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xE9 0x02 0x6C 0xFA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                               malicious Win32:MBRoot code @ sector 61

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:57:21 on 15.08.2011

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Folder Size" - "Brio" - D:\Program Files\FolderSize\FolderSize.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ac097r2h" (ac097r2h) - "Microsoft Corporation" - C:\Windows\system32\drivers\ac097r2h.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\username\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\cpuz132_x32.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsla1597a06" (MpKsla1597a06) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42E84261-0B61-4CBC-A281-4B5F7D493BAD}\MpKsla1597a06.sys
"Performance Tools Driver 10.0" (VSPerfDrv100) - "Microsoft Corporation" - D:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
"pxldipoc" (pxldipoc) - ? - C:\Users\username\AppData\Local\Temp\pxldipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{04DAAD08-70EF-450E-834A-DCFAF9B48748} "{04DAAD08-70EF-450E-834A-DCFAF9B48748}" - "Brio" - D:\Program Files\FolderSize\FolderSizeColumn.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - D:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Program Files\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI8079~1\shellext.dll
{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\ProgramData\AllDup\FEShlExt.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - D:\Program Files\Logitech\SetPoint\kbcplext.dll
{00F58DCC-975D-40f9-A5A7-A94E70665E3A} "LnkIconShlExt Class" - "G Data Software" - C:\Program Files\G Data\G Data LNK-Checker\LnkCheck.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - D:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{DDA57003-0068-4ed2-9D32-4D1EC707D94D} "Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm" - "Microsoft Corporation" - D:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - D:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Eraser" - "The Eraser Project" - "D:\PROGRA~1\Eraser\Eraser.exe" --atRestart
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Folder Size" (FolderSize) - "Brio" - D:\Program Files\FolderSize\FolderSizeSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-15 22:58:37
-----------------------------
22:58:37.464    OS Version: Windows 6.1.7601 Service Pack 1
22:58:37.464    Number of processors: 2 586 0xF06
22:58:37.464    ComputerName: username-PC  UserName: username
22:58:38.213    Initialize success
22:59:53.063    AVAST engine defs: 11081501
23:01:06.135    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
23:01:06.135    Disk 0 Vendor: SAMSUNG_HD321KJ CP100-10 Size: 305244MB BusType: 3
23:01:08.428    Disk 0 MBR read successfully
23:01:08.428    Disk 0 MBR scan
23:01:08.428    Disk 0 Windows 7 default MBR code
23:01:08.662    Disk 0 malicious Win32:MBRoot code @ sector 61 !
23:01:08.943    Disk 0 scanning C:\Windows\system32\drivers
23:01:47.506    Service scanning
23:01:48.005    Service MpKsla1597a06 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42E84261-0B61-4CBC-A281-4B5F7D493BAD}\MpKsla1597a06.sys **LOCKED** 32
23:01:48.021    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
23:01:48.099    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:01:48.676    Modules scanning
23:02:10.813    Disk 0 trace - called modules:
23:02:10.828    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855801f8]<<
23:02:10.828    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8642e030]
23:02:10.828    3 CLASSPNP.SYS[8b98859e] -> nt!IofCallDriver -> [0x862d9918]
23:02:10.844    5 ACPI.sys[8b4373d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8633f908]
23:02:10.844    \Driver\atapi[0x86313b88] -> IRP_MJ_CREATE -> 0x855801f8
23:02:11.234    AVAST engine scan C:\Windows
23:02:15.555    AVAST engine scan C:\Windows\system32
23:03:52.634    AVAST engine scan C:\Windows\system32\drivers
23:03:59.716    AVAST engine scan C:\Users\username
23:14:33.951    AVAST engine scan C:\ProgramData
23:16:24.540    Scan finished successfully
23:17:43.195    Disk 0 MBR has been saved successfully to "E:\username\Desktop\MBR.dat"
23:17:43.211    The log file has been saved successfully to "E:\username\Desktop\aswMBR.txt"
__________________
Antwort

Themen zu Bundespolizei Trojaner endgültig gelöscht?
7-zip, antivir, antivir guard, any video converter, avgnt, avira, bho, bonjour, converter, desktop, document, error, flash player, hijack, hijackthis, install.exe, jashla.exe, jdownloader, langs, logfile, microsoft office word, microsoft security, mozilla, mp3, nvidia update, nvlddmkm.sys, object, office 2007, plug-in, problem, problembehandlung, prozess, realtek, registry, safer networking, security, security update, server, shell32.dll, software, sptd.sys, start menu, studio, system, trick, trojaner, version=1.0, video converter, virtualbox, visual studio, webcheck


« Bin infiziert (mit einem Trojaner) ;) wie bekomme ich das sche*** Ding runter? | Spam Mails werden automatisch vom Yahoo Account verschickt »


Ähnliche Themen: Bundespolizei Trojaner endgültig gelöscht?


  1. GVU Trojaner endgültig entfernen
    Log-Analyse und Auswertung - 24.07.2013 (12)
  2. BKA Trojaner endgültig entfernen
    Log-Analyse und Auswertung - 03.07.2013 (15)
  3. gvu trojaner endgültig entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (14)
  4. Bundespolizei-Trojaner mit Malware gelöscht- Rechner wirklich sauber?
    Log-Analyse und Auswertung - 04.04.2013 (2)
  5. Trojaner endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (9)
  6. Ransom Trojaner endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (8)
  7. (2x) Bundespolizei-Trojaner endgültig beseitigen
    Mülltonne - 04.09.2012 (1)
  8. GVU Trojaner 2.04 endgültig entfernen?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  9. Bundespolizei - infizierte Dateien gelöscht und jetzt keine Anmeldung mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (18)
  10. Bundespolizei Trojaner endgültig weg?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2011 (1)
  11. Bundespolizei Trojaner gelöscht, aber wirklich weg ?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2011 (7)
  12. Bundespolizei / Ukash gelöscht... Aber vollständig?
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (1)
  13. Trojander endgültig gelöscht?
    Log-Analyse und Auswertung - 14.04.2011 (19)
  14. Freigelassener Trojaner TR/dldr.exchanger.baz nun endgültig von PC gelöscht?
    Log-Analyse und Auswertung - 10.08.2010 (8)
  15. TR/Dropper.Gen - Wie werde ich den Trojaner endgültig los?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2009 (5)
  16. Cieja.exe email trojaner endgültig gelöscht?
    Log-Analyse und Auswertung - 22.10.2009 (4)
  17. Trojaner endgültig entfernt?
    Log-Analyse und Auswertung - 24.03.2009 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Trojaner endgültig gelöscht? - Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ - Bundespolizei Trojaner endgültig gelöscht?...
Archiv
Du betrachtest: Bundespolizei Trojaner endgültig gelöscht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131