Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner - jetzt sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.09.2011, 00:21   #16
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Endlich fertig ...

GMER
Beim ersten Versuch: Absturz
Zweiter Versuch: leider mit aktiviertem Virenscanner, abgebrochen
Dritter Versuch: quälend langsam, nach ca. 36 Stunden (und inzwischen durch Timer gestartetem Programm Phonostar) folgendes Log:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-01 08:28:44
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0
Running: vn8jrqg3.exe; Driver: C:\Users\doc_mk7\AppData\Local\Temp\fgtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     82C96539 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82CBB092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spdm.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91236000, 0x2FBAB4, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                               91DA5D18 5 Bytes  JMP 88C904E0 
.text           anbfyv8h.SYS                                                                                                        90FC2000 12 Bytes  [44, 18, C2, 82, EE, 16, C2, ...]
.text           anbfyv8h.SYS                                                                                                        90FC200D 9 Bytes  [F7, C1, 82, 48, 1B, C2, 82, ...] {TEST ECX, 0xc21b4882; ADD BYTE [EAX], 0x0}
.text           anbfyv8h.SYS                                                                                                        90FC2017 20 Bytes  [00, DE, 47, 1A, 8B, E6, 45, ...]
.text           anbfyv8h.SYS                                                                                                        90FC202C 20 Bytes  [00, 00, 00, 00, E0, 11, C9, ...]
.text           anbfyv8h.SYS                                                                                                        90FC2041 128 Bytes  [B6, CB, 82, 60, B5, CB, 82, ...]
.text           ...                                                                                                                 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                     [747F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [747D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                               [747D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [747F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [747E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [747E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                             [747E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [747E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                   [747E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                             [747E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [747E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [747E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [747EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [747E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              855721F8
Device          \FileSystem\fastfat \FatCdrom                                                                                       88C8E1F8
Device          \Driver\volmgr \Device\HarddiskVolume12                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume12                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume13                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume13                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                8556E1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}                                            88AB41F8
Device          \Driver\usbehci \Device\USBPDO-0                                                                                    88C91500
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    88C91500
Device          \Driver\PCI_PNP3741 \Device\00000057                                                                                spdm.sys
Device          \Driver\USBSTOR \Device\00000070                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000071                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        88AF41F8
Device          \Driver\USBSTOR \Device\00000072                                                                                    893B51F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                       [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-2                                                                       [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                        88AF41F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000074                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume7                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\sptd \Device\1401779742                                                                                     spdm.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             88AB41F8
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume9                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{9A295CD5-A244-421C-A8EF-9E3A343737CB}                                            88AB41F8
Device          \Driver\usbehci \Device\USBFDO-0                                                                                    88C91500
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    88C91500
Device          \Driver\volmgr \Device\HarddiskVolume10                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume11                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume11                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\anbfyv8h \Device\Scsi\anbfyv8h1Port1Path0Target0Lun0                                                        88CB5400
Device          \Driver\anbfyv8h \Device\Scsi\anbfyv8h1                                                                             88CB5400
Device          \FileSystem\fastfat \Fat                                                                                            88C8E1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x41 0xE8 0x7C 0xA4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x2A 0x37 0xC9 0x01 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x95 0x94 0x0B 0x93 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x82 0x53 0x78 0xA6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xFC 0x21 0xC0 0x4B ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x2A 0x37 0xC9 0x01 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x95 0x94 0x0B 0x93 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x82 0x53 0x78 0xA6 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Osam
lief zügig durch und lieferte folgendes Log:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 08:43:56 on 01.09.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"anbfyv8h" (anbfyv8h) - "Microsoft Corporation" - C:\Windows\system32\drivers\anbfyv8h.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\doc_mk7\AppData\Local\Temp\catchme.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"fgtdapow" (fgtdapow) - ? - C:\Users\doc_mk7\AppData\Local\Temp\fgtdapow.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"pwdrvio" (pwdrvio) - ? - C:\Windows\system32\pwdrvio.sys  (File found, but it contains no detailed information)
"pwdspio" (pwdspio) - ? - C:\Windows\system32\pwdspio.sys  (File found, but it contains no detailed information)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\doc_mk7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\doc_mk7\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"portfolio.lnk" - ? - C:\moneten\portfolio.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"Free Download Manager" - "FreeDownloadManager.ORG" - C:\Program Files\Free Download Manager\fdm.exe -autorun
"phonostar-Player" - ? - C:\Program Files\phonostar-Player\phonostarStarter.exe  (File found, but it contains no detailed information)
"phonostarTimer" - ? - C:\Program Files\phonostar-Player\phonostarTimer.exe  (File found, but it contains no detailed information)
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---


aswMBR
lief zuerst auch sehr langsam und hängte sich dann nach einiger Zeit beim Scannen einer dll (CDRip.DLL) auf.
Nach Abbruch und Neustart des Rechners lief der zweite Versuch dann zügig (mit einem gelben und einem roten Eintrag) durch, wie man am Log sieht:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 08:45:28
-----------------------------
08:45:28.629    OS Version: Windows 6.1.7600 
08:45:28.629    Number of processors: 4 586 0x2505
08:45:28.630    ComputerName: PC7  UserName: 
08:45:31.262    Initialize success
08:48:47.910    AVAST engine defs: 11083101
08:49:55.403    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:49:55.405    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
08:49:55.406    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:49:55.408    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
08:49:55.409    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000071
08:49:55.411    Disk 2 Vendor:   Size: 305245MB BusType: 0
08:49:55.413    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000072
08:49:55.415    Disk 3 Vendor:   Size: 305245MB BusType: 0
08:49:57.586    Disk 0 MBR read successfully
08:49:57.592    Disk 0 MBR scan
08:49:57.709    Disk 0 unknown MBR code
08:49:57.716    Disk 0 MBR hidden
08:49:57.974    Disk 0 scanning sectors +2930275120
08:49:59.360    Disk 0 scanning C:\Windows\system32\drivers
08:55:00.009    Service scanning
08:55:00.450    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:55:00.988    Modules scanning
09:00:29.429    Disk 0 trace - called modules:
09:00:29.517    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdm.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
09:00:29.521    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9d880]
09:00:29.524    3 CLASSPNP.SYS[8ba4e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86318028]
09:00:31.300    AVAST engine scan C:\Windows
09:23:25.446    AVAST engine scan C:\Windows\system32
10:48:37.334    AVAST engine scan C:\Windows\system32\drivers
11:27:20.288    AVAST engine scan C:\Users\doc_mk7
14:56:06.922    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
14:56:06.933    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 00:11:03
-----------------------------
00:11:03.486    OS Version: Windows 6.1.7600 
00:11:03.486    Number of processors: 4 586 0x2505
00:11:03.486    ComputerName: PC7  UserName: 
00:11:08.743    Initialize success
00:14:16.911    AVAST engine defs: 11090101
00:14:23.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:23.213    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
00:14:23.229    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
00:14:23.229    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
00:14:23.229    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
00:14:23.244    Disk 2 Vendor:   Size: 305245MB BusType: 0
00:14:23.244    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
00:14:23.244    Disk 3 Vendor:   Size: 305245MB BusType: 0
00:14:25.272    Disk 0 MBR read successfully
00:14:25.272    Disk 0 MBR scan
00:14:25.288    Disk 0 unknown MBR code
00:14:25.288    Disk 0 scanning sectors +2930275120
00:14:25.382    Disk 0 scanning C:\Windows\system32\drivers
00:14:38.361    Service scanning
00:14:38.907    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:14:39.468    Modules scanning
00:14:46.629    Disk 0 trace - called modules:
00:14:46.660    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsg.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
00:14:46.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9ba38]
00:14:46.676    3 CLASSPNP.SYS[8ba7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b4028]
00:14:49.312    AVAST engine scan C:\Windows
00:14:56.363    AVAST engine scan C:\Windows\system32
00:16:59.962    AVAST engine scan C:\Windows\system32\drivers
00:17:11.849    AVAST engine scan C:\Users\doc_mk7
00:58:40.007    AVAST engine scan C:\ProgramData
00:59:28.710    Scan finished successfully
01:01:10.298    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
01:01:10.313    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"
         

Alt 02.09.2011, 00:26   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Zitat:
00:14:25.272 Disk 0 MBR read successfully
00:14:25.272 Disk 0 MBR scan
00:14:25.288 Disk 0 unknown MBR code
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR für Disk 0!
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________

__________________

Alt 02.09.2011, 10:10   #18
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Fix hat offenbar geklappt: keine negativen Folgen
Neues Log:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 08:45:28
-----------------------------
08:45:28.629    OS Version: Windows 6.1.7600 
08:45:28.629    Number of processors: 4 586 0x2505
08:45:28.630    ComputerName: PC7  UserName: 
08:45:31.262    Initialize success
08:48:47.910    AVAST engine defs: 11083101
08:49:55.403    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:49:55.405    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
08:49:55.406    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:49:55.408    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
08:49:55.409    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000071
08:49:55.411    Disk 2 Vendor:   Size: 305245MB BusType: 0
08:49:55.413    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000072
08:49:55.415    Disk 3 Vendor:   Size: 305245MB BusType: 0
08:49:57.586    Disk 0 MBR read successfully
08:49:57.592    Disk 0 MBR scan
08:49:57.709    Disk 0 unknown MBR code
08:49:57.716    Disk 0 MBR hidden
08:49:57.974    Disk 0 scanning sectors +2930275120
08:49:59.360    Disk 0 scanning C:\Windows\system32\drivers
08:55:00.009    Service scanning
08:55:00.450    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:55:00.988    Modules scanning
09:00:29.429    Disk 0 trace - called modules:
09:00:29.517    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdm.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
09:00:29.521    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9d880]
09:00:29.524    3 CLASSPNP.SYS[8ba4e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86318028]
09:00:31.300    AVAST engine scan C:\Windows
09:23:25.446    AVAST engine scan C:\Windows\system32
10:48:37.334    AVAST engine scan C:\Windows\system32\drivers
11:27:20.288    AVAST engine scan C:\Users\doc_mk7
14:56:06.922    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
14:56:06.933    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 00:11:03
-----------------------------
00:11:03.486    OS Version: Windows 6.1.7600 
00:11:03.486    Number of processors: 4 586 0x2505
00:11:03.486    ComputerName: PC7  UserName: 
00:11:08.743    Initialize success
00:14:16.911    AVAST engine defs: 11090101
00:14:23.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:23.213    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
00:14:23.229    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
00:14:23.229    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
00:14:23.229    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
00:14:23.244    Disk 2 Vendor:   Size: 305245MB BusType: 0
00:14:23.244    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
00:14:23.244    Disk 3 Vendor:   Size: 305245MB BusType: 0
00:14:25.272    Disk 0 MBR read successfully
00:14:25.272    Disk 0 MBR scan
00:14:25.288    Disk 0 unknown MBR code
00:14:25.288    Disk 0 scanning sectors +2930275120
00:14:25.382    Disk 0 scanning C:\Windows\system32\drivers
00:14:38.361    Service scanning
00:14:38.907    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:14:39.468    Modules scanning
00:14:46.629    Disk 0 trace - called modules:
00:14:46.660    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsg.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
00:14:46.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9ba38]
00:14:46.676    3 CLASSPNP.SYS[8ba7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b4028]
00:14:49.312    AVAST engine scan C:\Windows
00:14:56.363    AVAST engine scan C:\Windows\system32
00:16:59.962    AVAST engine scan C:\Windows\system32\drivers
00:17:11.849    AVAST engine scan C:\Users\doc_mk7
00:58:40.007    AVAST engine scan C:\ProgramData
00:59:28.710    Scan finished successfully
01:01:10.298    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
01:01:10.313    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 10:15:57
-----------------------------
10:15:57.564    OS Version: Windows 6.1.7600 
10:15:57.564    Number of processors: 4 586 0x2505
10:15:57.564    ComputerName: PC7  UserName: 
10:16:20.324    Initialize success
10:16:25.223    AVAST engine defs: 11090101
10:16:34.489    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:16:34.505    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
10:16:34.505    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:16:34.505    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
10:16:34.505    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
10:16:34.520    Disk 2 Vendor:   Size: 305245MB BusType: 0
10:16:34.520    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
10:16:34.520    Disk 3 Vendor:   Size: 305245MB BusType: 0
10:16:36.564    Disk 0 MBR read successfully
10:16:36.564    Disk 0 MBR scan
10:16:36.580    Disk 0 Windows 7 default MBR code
10:16:36.595    Disk 0 scanning sectors +2930275120
10:16:36.673    Disk 0 scanning C:\Windows\system32\drivers
10:16:48.966    Service scanning
10:16:51.244    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:16:51.836    Modules scanning
10:16:58.872    Disk 0 trace - called modules:
10:16:58.903    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmn.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
10:16:58.919    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9da58]
10:16:58.919    3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b6028]
10:17:01.290    AVAST engine scan C:\Windows
10:17:12.007    AVAST engine scan C:\Windows\system32
10:19:22.735    AVAST engine scan C:\Windows\system32\drivers
10:19:35.137    AVAST engine scan C:\Users\doc_mk7
10:58:33.940    AVAST engine scan C:\ProgramData
10:59:00.632    Scan finished successfully
11:04:26.095    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
11:04:26.111    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"
         
Was ist mit der gelben ...
Zitat:
10:16:51.244 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
und der roten Zeile?
Zitat:
10:16:58.903 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmn.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
__________________

Alt 02.09.2011, 10:27   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Zitat:
08:49:57.709 Disk 0 unknown MBR code
08:49:57.716 Disk 0 MBR hidden
Ging nicht...

Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-32-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.09.2011, 10:43   #20
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Sorry, aber ich habe das gesamte Log gepostet. Es entält die History aller Scans.
Dein letztes Zitat stammt von gestern, vor dem Fix.
Das heutige Log sieht folgendermaßen aus:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 00:11:03
-----------------------------
00:11:03.486    OS Version: Windows 6.1.7600 
00:11:03.486    Number of processors: 4 586 0x2505
00:11:03.486    ComputerName: PC7  UserName: 
00:11:08.743    Initialize success
00:14:16.911    AVAST engine defs: 11090101
00:14:23.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:23.213    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
00:14:23.229    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
00:14:23.229    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
00:14:23.229    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
00:14:23.244    Disk 2 Vendor:   Size: 305245MB BusType: 0
00:14:23.244    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
00:14:23.244    Disk 3 Vendor:   Size: 305245MB BusType: 0
00:14:25.272    Disk 0 MBR read successfully
00:14:25.272    Disk 0 MBR scan
00:14:25.288    Disk 0 unknown MBR code
00:14:25.288    Disk 0 scanning sectors +2930275120
00:14:25.382    Disk 0 scanning C:\Windows\system32\drivers
00:14:38.361    Service scanning
00:14:38.907    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:14:39.468    Modules scanning
00:14:46.629    Disk 0 trace - called modules:
00:14:46.660    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsg.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
00:14:46.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9ba38]
00:14:46.676    3 CLASSPNP.SYS[8ba7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b4028]
00:14:49.312    AVAST engine scan C:\Windows
00:14:56.363    AVAST engine scan C:\Windows\system32
00:16:59.962    AVAST engine scan C:\Windows\system32\drivers
00:17:11.849    AVAST engine scan C:\Users\doc_mk7
00:58:40.007    AVAST engine scan C:\ProgramData
00:59:28.710    Scan finished successfully
01:01:10.298    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
01:01:10.313    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 10:15:57
         
Die "hidden"-Zeile ist nun weg, die "unknown"-Zeile immer noch drin.
Soll ich trotzdem so verfahren, wie in deinem letzten Post beschrieben?


Alt 02.09.2011, 13:28   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Ja, fix den mbr mal über die Win-CD.
__________________
--> BKA Trojaner - jetzt sauber?

Alt 02.09.2011, 15:47   #22
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Zitat:
Zitat von cosinus Beitrag anzeigen
Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
MBRCheck hatten wir noch nicht ...
Hier schon mal das MBRCheck-Log.
Meckert immer noch über
Zitat:
non-standard or infected MBR
... !?

GMER lass ich heute Nacht laufen.

Alt 03.09.2011, 12:04   #23
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



GMER will nicht mehr!
4x Absturz, dabei 1x Rechner "eingefroren" und 1x Bluescreen.
Ich weiß nicht, ob du mit der Bluescreen-Meldung nach dem Neustart was anfangen kannst, aber ich füge sie mal an.

Alt 04.09.2011, 13:30   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Ja sry, ich muss meinen Baustein mal aktualisieren. Da steht noch mbrcheck drin und nicht aswMBR
Du hast wirklich bootrec.exe /fixboot und bootrec.exe /fixmbr über die Windows-CD ausgeführt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.09.2011, 13:34   #25
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Ja!
Beides wurde mit dem Kommentar bestätigt: erfolgreich ausgeführt!
Soll ich noch mit aswMBR hinterher?

Alt 04.09.2011, 13:51   #26
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



sry auch,
wenn ich mir dein Posting so ansehe, könnte es sein, dass ich das Leerzeichen nach bootrec.exe vergessen hatte!
Habe das ganze eben nochmal "mit Leerzeichen" wiederholt und scanne neu mit aswMBR ...

Alt 04.09.2011, 13:51   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Hm, dann ollte der MBR auch neu sein
Mach nochmal ein neues aswMBR-Log, ist der MBR immer noch unbekannt, bitte den MBR nochmal versuchen mit aswMBR zu fixen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.09.2011, 15:05   #28
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



jetzt aber ...
mit den Leerzeichen klappt auch das Fixen ...
Hier das neue aswMBR-Log:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-04 15:03:46
-----------------------------
15:03:46.043    OS Version: Windows 6.1.7600 
15:03:46.043    Number of processors: 4 586 0x2505
15:03:46.043    ComputerName: PC7  UserName: 
15:03:50.491    Initialize success
15:03:54.567    AVAST engine defs: 11090400
15:03:56.053    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:03:56.053    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
15:03:56.069    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:03:56.069    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
15:03:56.069    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000074
15:03:56.084    Disk 2 Vendor:   Size: 305245MB BusType: 0
15:03:56.084    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000075
15:03:56.084    Disk 3 Vendor:   Size: 305245MB BusType: 0
15:03:58.114    Disk 0 MBR read successfully
15:03:58.114    Disk 0 MBR scan
15:03:58.130    Disk 0 Windows 7 default MBR code
15:03:58.146    Disk 0 scanning sectors +2930275120
15:03:58.224    Disk 0 scanning C:\Windows\system32\drivers
15:04:13.189    Service scanning
15:04:15.972    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:04:16.519    Modules scanning
15:04:24.353    Disk 0 trace - called modules:
15:04:24.385    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spiu.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
15:04:24.401    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9f820]
15:04:24.401    3 CLASSPNP.SYS[8ba2159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86319028]
15:04:26.635    AVAST engine scan C:\Windows
15:04:35.414    AVAST engine scan C:\Windows\system32
15:06:52.712    AVAST engine scan C:\Windows\system32\drivers
15:07:05.051    AVAST engine scan C:\Users\doc_mk7
15:47:44.881    AVAST engine scan C:\ProgramData
15:48:18.533    Scan finished successfully
16:02:45.308    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
16:02:45.370    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"
         

Alt 04.09.2011, 15:33   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Zitat:
15:03:58.130 Disk 0 Windows 7 default MBR code


Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.09.2011, 12:52   #30
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?



Vollscan mit Malwarebytes: nix gefunden

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7650

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.09.2011 18:23:31
mbam-log-2011-09-04 (18-23-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 707108
Laufzeit: 1 Stunde(n), 28 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Vollscan mit SUPERAntiSpyware : ein paar Cookies und alte unbenutzte Software

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/05/2011 at 03:25 AM

Application Version : 5.0.1118

Core Rules Database Version : 7645
Trace Rules Database Version: 5457

Scan type       : Complete Scan
Total Scan Time : 03:21:39

Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 861
Memory threats detected   : 0
Registry items scanned    : 38977
Registry threats detected : 0
File items scanned        : 444657
File threats detected     : 30

Adware.Tracking Cookie
	C:\Users\doc_mk7\AppData\Roaming\Microsoft\Windows\Cookies\2UGAD6V9.txt
	C:\Users\doc_mk7\AppData\Roaming\Microsoft\Windows\Cookies\5O9J6BUC.txt
	.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Cryptor[Egun]
	F:\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA\WELLENMASCHINEN\WELLMA6.EXE
	ZIP ARCHIVE( F:\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP )/WELLENMASCHINEN/WELLMA6.EXE
	F:\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP
	ZIP ARCHIVE( G:\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP )/PRJBOOKFINDER.EXE
	G:\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP
	ZIP ARCHIVE( H:\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP )/INNO SETUP HILFSPROGRAMM (GES)/INNO SETUP HILFSPROGRAMM.EXE
	H:\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP
	ZIP ARCHIVE( C:\ALTE FESTPLATTE\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP )/INNO SETUP HILFSPROGRAMM (GES)/INNO SETUP HILFSPROGRAMM.EXE
	C:\ALTE FESTPLATTE\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP
	ZIP ARCHIVE( C:\ALTE FESTPLATTE\ENTWICKLUNG\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP )/PRJBOOKFINDER.EXE
	C:\ALTE FESTPLATTE\ENTWICKLUNG\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP
	C:\ALTE FESTPLATTE\SCHULE\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA\WELLENMASCHINEN\WELLMA6.EXE
	ZIP ARCHIVE( C:\ALTE FESTPLATTE\SCHULE\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP )/WELLENMASCHINEN/WELLMA6.EXE
	C:\ALTE FESTPLATTE\SCHULE\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP
         

ESET:gleicher Befund wie zuvor: Miro + alte unbenutzte Software

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=61a2e269d68ab542976301a1611e027c
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-12 12:16:03
# local_time=2011-08-12 02:16:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 364944 49684109 270503 0
# compatibility_mode=5893 16776574 100 94 21619393 64782079 0 0
# compatibility_mode=8192 67108863 100 0 223 223 0 0
# scanned=11591
# found=1
# cleaned=0
# scan_time=475
C:\alte festplatte\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=61a2e269d68ab542976301a1611e027c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-12 03:51:02
# local_time=2011-08-12 05:51:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 365525 49684690 271084 0
# compatibility_mode=5893 16776574 100 94 21619974 64782660 0 0
# compatibility_mode=8192 67108863 100 0 804 804 0 0
# scanned=545520
# found=13
# cleaned=0
# scan_time=12792
C:\alte festplatte\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\radio\phonostar\ps_radio2012.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\radio\podcatcher\Miro_Installer.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe	a variant of Win32/Adware.Trymedia application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe	probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\entwicklung\bücher\Office_Programmierung\DATA\KAP_13.HTM	probably unknown SCRIPT virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\doc_mk7\Downloads\software\Miro-3.5.1.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
G:\bücher\Office_Programmierung\DATA\KAP_13.HTM	probably unknown SCRIPT virus (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\radio\phonostar\ps_radio2012.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\radio\podcatcher\Miro_Installer.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe	a variant of Win32/Adware.Trymedia application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe	probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)	00000000000000000000000000000000	I
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=61a2e269d68ab542976301a1611e027c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-05 10:09:22
# local_time=2011-09-05 12:09:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 48780 51737918 334892 0
# compatibility_mode=5893 16776574 100 94 23673202 66835888 0 0
# compatibility_mode=8192 67108863 100 0 2054032 2054032 0 0
# scanned=539927
# found=13
# cleaned=0
# scan_time=12664
C:\alte festplatte\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\radio\phonostar\ps_radio2012.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\radio\podcatcher\Miro_Installer.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe	a variant of Win32/Adware.Trymedia application (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe	probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)	00000000000000000000000000000000	I
C:\alte festplatte\entwicklung\bücher\Office_Programmierung\DATA\KAP_13.HTM	probably unknown SCRIPT virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\doc_mk7\Downloads\software\Miro-3.5.1.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
G:\bücher\Office_Programmierung\DATA\KAP_13.HTM	probably unknown SCRIPT virus (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\radio\phonostar\ps_radio2012.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\radio\podcatcher\Miro_Installer.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe	a variant of Win32/Adware.Trymedia application (unable to clean)	00000000000000000000000000000000	I
H:\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe	probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)	00000000000000000000000000000000	I
         

Antwort

Themen zu BKA Trojaner - jetzt sauber?
alten, anhang, blick, brauch, bundeskriminalamt trojaner, dateien, ebenfalls, ergebnis, extras.txt, frage, frieden, gefundene, gefundenen, genutzt, heute, installiert, jahre, melde, nicht installiert, otl auswertung, otl.txt, rechner, richtig, sauber, schei, troja, trojaner, werfen, windows, würde




Ähnliche Themen: BKA Trojaner - jetzt sauber?


  1. BDS/ZeroAccess - Trojaner gelöscht, nicht sicher ob System jetzt sauber ist
    Plagegeister aller Art und deren Bekämpfung - 31.03.2013 (4)
  2. OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe
    Log-Analyse und Auswertung - 13.08.2012 (18)
  3. GVU Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 07.08.2012 (32)
  4. BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber?
    Log-Analyse und Auswertung - 26.03.2012 (12)
  5. Trojaner TR/PSW.Zbot.605 gelöscht. Jetzt alles sauber?
    Log-Analyse und Auswertung - 19.02.2012 (1)
  6. Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?
    Log-Analyse und Auswertung - 01.02.2012 (26)
  7. Trojaner urlzone - System nach Neuaufsetzen jetzt sauber/sicher?
    Log-Analyse und Auswertung - 12.06.2011 (10)
  8. Conhost-Trojaner: Ist mein System jetzt sauber???
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (2)
  9. Trojaner eingefangen, weiß nicht ob System jetzt sauber...
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (23)
  10. Trojaner gehabt - System jetzt sauber? IE öffnet sich selbständig...
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (24)
  11. Rechner war mit dem Trojaner Antivirus Soft verseucht. Ist er jetzt wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (11)
  12. 16 Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 11.03.2010 (15)
  13. Mehrere Trojaner gefunden, System bereinigt, ist es jetzt sauber?
    Log-Analyse und Auswertung - 12.01.2010 (16)
  14. viren und trojaner? system jetzt sauber?
    Log-Analyse und Auswertung - 31.10.2008 (0)
  15. trojaner gehabt - logfile jetzt sauber?
    Log-Analyse und Auswertung - 17.08.2008 (3)
  16. trojaner gehabt - logfile jetzt sauber?
    Mülltonne - 13.08.2008 (0)
  17. Trojaner gehabt - hijackthis jetzt sauber?
    Mülltonne - 13.08.2008 (2)

Zum Thema BKA Trojaner - jetzt sauber? - Endlich fertig ... GMER Beim ersten Versuch: Absturz Zweiter Versuch: leider mit aktiviertem Virenscanner, abgebrochen Dritter Versuch: quälend langsam, nach ca. 36 Stunden (und inzwischen durch Timer gestartetem Programm Phonostar) - BKA Trojaner - jetzt sauber?...
Archiv
Du betrachtest: BKA Trojaner - jetzt sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.