Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner - jetzt sauber?

BKA Trojaner - jetzt sauber?


Log-Analyse und Auswertung: BKA Trojaner - jetzt sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.09.2011, 00:21   #16
doc_h
 
BKA Trojaner - jetzt sauber? - Standard

BKA Trojaner - jetzt sauber?


Endlich fertig ...

GMER
Beim ersten Versuch: Absturz
Zweiter Versuch: leider mit aktiviertem Virenscanner, abgebrochen
Dritter Versuch: quälend langsam, nach ca. 36 Stunden (und inzwischen durch Timer gestartetem Programm Phonostar) folgendes Log:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-01 08:28:44
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0
Running: vn8jrqg3.exe; Driver: C:\Users\doc_mk7\AppData\Local\Temp\fgtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     82C96539 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82CBB092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spdm.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91236000, 0x2FBAB4, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                               91DA5D18 5 Bytes  JMP 88C904E0 
.text           anbfyv8h.SYS                                                                                                        90FC2000 12 Bytes  [44, 18, C2, 82, EE, 16, C2, ...]
.text           anbfyv8h.SYS                                                                                                        90FC200D 9 Bytes  [F7, C1, 82, 48, 1B, C2, 82, ...] {TEST ECX, 0xc21b4882; ADD BYTE [EAX], 0x0}
.text           anbfyv8h.SYS                                                                                                        90FC2017 20 Bytes  [00, DE, 47, 1A, 8B, E6, 45, ...]
.text           anbfyv8h.SYS                                                                                                        90FC202C 20 Bytes  [00, 00, 00, 00, E0, 11, C9, ...]
.text           anbfyv8h.SYS                                                                                                        90FC2041 128 Bytes  [B6, CB, 82, 60, B5, CB, 82, ...]
.text           ...                                                                                                                 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                     [747F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [747D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                               [747D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [747F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [747E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [747E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                             [747E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [747E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                   [747E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                             [747E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [747E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [747E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [747EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [747E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              855721F8
Device          \FileSystem\fastfat \FatCdrom                                                                                       88C8E1F8
Device          \Driver\volmgr \Device\HarddiskVolume12                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume12                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume13                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume13                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                8556E1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}                                            88AB41F8
Device          \Driver\usbehci \Device\USBPDO-0                                                                                    88C91500
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    88C91500
Device          \Driver\PCI_PNP3741 \Device\00000057                                                                                spdm.sys
Device          \Driver\USBSTOR \Device\00000070                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000071                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        88AF41F8
Device          \Driver\USBSTOR \Device\00000072                                                                                    893B51F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                       [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-2                                                                       [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                        88AF41F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000074                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume7                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\sptd \Device\1401779742                                                                                     spdm.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             88AB41F8
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume9                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{9A295CD5-A244-421C-A8EF-9E3A343737CB}                                            88AB41F8
Device          \Driver\usbehci \Device\USBFDO-0                                                                                    88C91500
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    88C91500
Device          \Driver\volmgr \Device\HarddiskVolume10                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume11                                                                             8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume11                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\anbfyv8h \Device\Scsi\anbfyv8h1Port1Path0Target0Lun0                                                        88CB5400
Device          \Driver\anbfyv8h \Device\Scsi\anbfyv8h1                                                                             88CB5400
Device          \FileSystem\fastfat \Fat                                                                                            88C8E1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x41 0xE8 0x7C 0xA4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x2A 0x37 0xC9 0x01 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x95 0x94 0x0B 0x93 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x82 0x53 0x78 0xA6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xFC 0x21 0xC0 0x4B ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x2A 0x37 0xC9 0x01 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x95 0x94 0x0B 0x93 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x82 0x53 0x78 0xA6 ...

---- EOF - GMER 1.0.15 ----
--- --- ---


Osam
lief zügig durch und lieferte folgendes Log:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 08:43:56 on 01.09.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"anbfyv8h" (anbfyv8h) - "Microsoft Corporation" - C:\Windows\system32\drivers\anbfyv8h.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\doc_mk7\AppData\Local\Temp\catchme.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"fgtdapow" (fgtdapow) - ? - C:\Users\doc_mk7\AppData\Local\Temp\fgtdapow.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"pwdrvio" (pwdrvio) - ? - C:\Windows\system32\pwdrvio.sys  (File found, but it contains no detailed information)
"pwdspio" (pwdspio) - ? - C:\Windows\system32\pwdspio.sys  (File found, but it contains no detailed information)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\doc_mk7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\doc_mk7\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"portfolio.lnk" - ? - C:\moneten\portfolio.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"Free Download Manager" - "FreeDownloadManager.ORG" - C:\Program Files\Free Download Manager\fdm.exe -autorun
"phonostar-Player" - ? - C:\Program Files\phonostar-Player\phonostarStarter.exe  (File found, but it contains no detailed information)
"phonostarTimer" - ? - C:\Program Files\phonostar-Player\phonostarTimer.exe  (File found, but it contains no detailed information)
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---


aswMBR
lief zuerst auch sehr langsam und hängte sich dann nach einiger Zeit beim Scannen einer dll (CDRip.DLL) auf.
Nach Abbruch und Neustart des Rechners lief der zweite Versuch dann zügig (mit einem gelben und einem roten Eintrag) durch, wie man am Log sieht:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 08:45:28
-----------------------------
08:45:28.629    OS Version: Windows 6.1.7600 
08:45:28.629    Number of processors: 4 586 0x2505
08:45:28.630    ComputerName: PC7  UserName: 
08:45:31.262    Initialize success
08:48:47.910    AVAST engine defs: 11083101
08:49:55.403    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:49:55.405    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
08:49:55.406    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:49:55.408    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
08:49:55.409    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000071
08:49:55.411    Disk 2 Vendor:   Size: 305245MB BusType: 0
08:49:55.413    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000072
08:49:55.415    Disk 3 Vendor:   Size: 305245MB BusType: 0
08:49:57.586    Disk 0 MBR read successfully
08:49:57.592    Disk 0 MBR scan
08:49:57.709    Disk 0 unknown MBR code
08:49:57.716    Disk 0 MBR hidden
08:49:57.974    Disk 0 scanning sectors +2930275120
08:49:59.360    Disk 0 scanning C:\Windows\system32\drivers
08:55:00.009    Service scanning
08:55:00.450    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:55:00.988    Modules scanning
09:00:29.429    Disk 0 trace - called modules:
09:00:29.517    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdm.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
09:00:29.521    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9d880]
09:00:29.524    3 CLASSPNP.SYS[8ba4e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86318028]
09:00:31.300    AVAST engine scan C:\Windows
09:23:25.446    AVAST engine scan C:\Windows\system32
10:48:37.334    AVAST engine scan C:\Windows\system32\drivers
11:27:20.288    AVAST engine scan C:\Users\doc_mk7
14:56:06.922    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
14:56:06.933    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 00:11:03
-----------------------------
00:11:03.486    OS Version: Windows 6.1.7600 
00:11:03.486    Number of processors: 4 586 0x2505
00:11:03.486    ComputerName: PC7  UserName: 
00:11:08.743    Initialize success
00:14:16.911    AVAST engine defs: 11090101
00:14:23.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:23.213    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
00:14:23.229    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
00:14:23.229    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
00:14:23.229    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
00:14:23.244    Disk 2 Vendor:   Size: 305245MB BusType: 0
00:14:23.244    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
00:14:23.244    Disk 3 Vendor:   Size: 305245MB BusType: 0
00:14:25.272    Disk 0 MBR read successfully
00:14:25.272    Disk 0 MBR scan
00:14:25.288    Disk 0 unknown MBR code
00:14:25.288    Disk 0 scanning sectors +2930275120
00:14:25.382    Disk 0 scanning C:\Windows\system32\drivers
00:14:38.361    Service scanning
00:14:38.907    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:14:39.468    Modules scanning
00:14:46.629    Disk 0 trace - called modules:
00:14:46.660    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsg.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
00:14:46.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9ba38]
00:14:46.676    3 CLASSPNP.SYS[8ba7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b4028]
00:14:49.312    AVAST engine scan C:\Windows
00:14:56.363    AVAST engine scan C:\Windows\system32
00:16:59.962    AVAST engine scan C:\Windows\system32\drivers
00:17:11.849    AVAST engine scan C:\Users\doc_mk7
00:58:40.007    AVAST engine scan C:\ProgramData
00:59:28.710    Scan finished successfully
01:01:10.298    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
01:01:10.313    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"

 

Themen zu BKA Trojaner - jetzt sauber?
alten, anhang, blick, brauch, bundeskriminalamt trojaner, dateien, ebenfalls, ergebnis, extras.txt, frage, frieden, gefundene, gefundenen, genutzt, heute, installiert, jahre, melde, nicht installiert, otl auswertung, otl.txt, rechner, richtig, sauber, schei, troja, trojaner, werfen, windows, würde


« Trojaner Bundespolizei -> Dateien in externe Datenbank ebenfalls befallen? | Bundespolizei-Trojaner shell.txt »


Ähnliche Themen: BKA Trojaner - jetzt sauber?


  1. BDS/ZeroAccess - Trojaner gelöscht, nicht sicher ob System jetzt sauber ist
    Plagegeister aller Art und deren Bekämpfung - 31.03.2013 (4)
  2. OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe
    Log-Analyse und Auswertung - 13.08.2012 (18)
  3. GVU Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 07.08.2012 (32)
  4. BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber?
    Log-Analyse und Auswertung - 26.03.2012 (12)
  5. Trojaner TR/PSW.Zbot.605 gelöscht. Jetzt alles sauber?
    Log-Analyse und Auswertung - 19.02.2012 (1)
  6. Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?
    Log-Analyse und Auswertung - 01.02.2012 (26)
  7. Trojaner urlzone - System nach Neuaufsetzen jetzt sauber/sicher?
    Log-Analyse und Auswertung - 12.06.2011 (10)
  8. Conhost-Trojaner: Ist mein System jetzt sauber???
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (2)
  9. Trojaner eingefangen, weiß nicht ob System jetzt sauber...
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (23)
  10. Trojaner gehabt - System jetzt sauber? IE öffnet sich selbständig...
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (24)
  11. Rechner war mit dem Trojaner Antivirus Soft verseucht. Ist er jetzt wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (11)
  12. 16 Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 11.03.2010 (15)
  13. Mehrere Trojaner gefunden, System bereinigt, ist es jetzt sauber?
    Log-Analyse und Auswertung - 12.01.2010 (16)
  14. viren und trojaner? system jetzt sauber?
    Log-Analyse und Auswertung - 31.10.2008 (0)
  15. trojaner gehabt - logfile jetzt sauber?
    Log-Analyse und Auswertung - 17.08.2008 (3)
  16. trojaner gehabt - logfile jetzt sauber?
    Mülltonne - 13.08.2008 (0)
  17. Trojaner gehabt - hijackthis jetzt sauber?
    Mülltonne - 13.08.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner - jetzt sauber? - Endlich fertig ... GMER Beim ersten Versuch: Absturz Zweiter Versuch: leider mit aktiviertem Virenscanner, abgebrochen Dritter Versuch: quälend langsam, nach ca. 36 Stunden (und inzwischen durch Timer gestartetem Programm Phonostar) - BKA Trojaner - jetzt sauber?...
Archiv
Du betrachtest: BKA Trojaner - jetzt sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131