Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA Trojaner - jetzt sauber? (https://www.trojaner-board.de/102403-bka-trojaner-sauber.html)

doc_h 02.09.2011 00:21
Endlich fertig ...

GMER
Beim ersten Versuch: Absturz
Zweiter Versuch: leider mit aktiviertem Virenscanner, abgebrochen
Dritter Versuch: quälend langsam, nach ca. 36 Stunden (und inzwischen durch Timer gestartetem Programm Phonostar) folgendes Log:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-01 08:28:44
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0
Running: vn8jrqg3.exe; Driver: C:\Users\doc_mk7\AppData\Local\Temp\fgtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                    82C96539 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82CBB092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\Drivers\spdm.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91236000, 0x2FBAB4, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                              91DA5D18 5 Bytes  JMP 88C904E0
.text          anbfyv8h.SYS                                                                                                        90FC2000 12 Bytes  [44, 18, C2, 82, EE, 16, C2, ...]
.text          anbfyv8h.SYS                                                                                                        90FC200D 9 Bytes  [F7, C1, 82, 48, 1B, C2, 82, ...] {TEST ECX, 0xc21b4882; ADD BYTE [EAX], 0x0}
.text          anbfyv8h.SYS                                                                                                        90FC2017 20 Bytes  [00, DE, 47, 1A, 8B, E6, 45, ...]
.text          anbfyv8h.SYS                                                                                                        90FC202C 20 Bytes  [00, 00, 00, 00, E0, 11, C9, ...]
.text          anbfyv8h.SYS                                                                                                        90FC2041 128 Bytes  [B6, CB, 82, 60, B5, CB, 82, ...]
.text          ...                                                                                                               

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                    [747F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [747D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                              [747D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [747F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [747E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [747E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                            [747E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [747E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                  [747E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                            [747E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [747E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [747E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [747EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [747E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              855721F8
Device          \FileSystem\fastfat \FatCdrom                                                                                      88C8E1F8
Device          \Driver\volmgr \Device\HarddiskVolume12                                                                            8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume12                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume13                                                                            8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume13                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                8556E1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}                                            88AB41F8
Device          \Driver\usbehci \Device\USBPDO-0                                                                                    88C91500
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    88C91500
Device          \Driver\PCI_PNP3741 \Device\00000057                                                                                spdm.sys
Device          \Driver\USBSTOR \Device\00000070                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000071                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        88AF41F8
Device          \Driver\USBSTOR \Device\00000072                                                                                    893B51F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                      [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                      [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-2                                                                      [8B47D420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                        88AF41F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000074                                                                                    893B51F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume7                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\sptd \Device\1401779742                                                                                    spdm.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                            88AB41F8
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume9                                                                              8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{9A295CD5-A244-421C-A8EF-9E3A343737CB}                                            88AB41F8
Device          \Driver\usbehci \Device\USBFDO-0                                                                                    88C91500
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    88C91500
Device          \Driver\volmgr \Device\HarddiskVolume10                                                                            8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume11                                                                            8556E1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume11                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\anbfyv8h \Device\Scsi\anbfyv8h1Port1Path0Target0Lun0                                                        88CB5400
Device          \Driver\anbfyv8h \Device\Scsi\anbfyv8h1                                                                            88CB5400
Device          \FileSystem\fastfat \Fat                                                                                            88C8E1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x41 0xE8 0x7C 0xA4 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x2A 0x37 0xC9 0x01 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x95 0x94 0x0B 0x93 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x82 0x53 0x78 0xA6 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xFC 0x21 0xC0 0x4B ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x2A 0x37 0xC9 0x01 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x95 0x94 0x0B 0x93 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x82 0x53 0x78 0xA6 ...

---- EOF - GMER 1.0.15 ----
--- --- ---


Osam
lief zügig durch und lieferte folgendes Log:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 08:43:56 on 01.09.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"anbfyv8h" (anbfyv8h) - "Microsoft Corporation" - C:\Windows\system32\drivers\anbfyv8h.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\doc_mk7\AppData\Local\Temp\catchme.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"fgtdapow" (fgtdapow) - ? - C:\Users\doc_mk7\AppData\Local\Temp\fgtdapow.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"pwdrvio" (pwdrvio) - ? - C:\Windows\system32\pwdrvio.sys  (File found, but it contains no detailed information)
"pwdspio" (pwdspio) - ? - C:\Windows\system32\pwdspio.sys  (File found, but it contains no detailed information)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\doc_mk7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\doc_mk7\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"portfolio.lnk" - ? - C:\moneten\portfolio.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"Free Download Manager" - "FreeDownloadManager.ORG" - C:\Program Files\Free Download Manager\fdm.exe -autorun
"phonostar-Player" - ? - C:\Program Files\phonostar-Player\phonostarStarter.exe  (File found, but it contains no detailed information)
"phonostarTimer" - ? - C:\Program Files\phonostar-Player\phonostarTimer.exe  (File found, but it contains no detailed information)
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---


aswMBR
lief zuerst auch sehr langsam und hängte sich dann nach einiger Zeit beim Scannen einer dll (CDRip.DLL) auf.
Nach Abbruch und Neustart des Rechners lief der zweite Versuch dann zügig (mit einem gelben und einem roten Eintrag) durch, wie man am Log sieht:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 08:45:28
-----------------------------
08:45:28.629    OS Version: Windows 6.1.7600
08:45:28.629    Number of processors: 4 586 0x2505
08:45:28.630    ComputerName: PC7  UserName:
08:45:31.262    Initialize success
08:48:47.910    AVAST engine defs: 11083101
08:49:55.403    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:49:55.405    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
08:49:55.406    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:49:55.408    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
08:49:55.409    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000071
08:49:55.411    Disk 2 Vendor:  Size: 305245MB BusType: 0
08:49:55.413    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000072
08:49:55.415    Disk 3 Vendor:  Size: 305245MB BusType: 0
08:49:57.586    Disk 0 MBR read successfully
08:49:57.592    Disk 0 MBR scan
08:49:57.709    Disk 0 unknown MBR code
08:49:57.716    Disk 0 MBR hidden
08:49:57.974    Disk 0 scanning sectors +2930275120
08:49:59.360    Disk 0 scanning C:\Windows\system32\drivers
08:55:00.009    Service scanning
08:55:00.450    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:55:00.988    Modules scanning
09:00:29.429    Disk 0 trace - called modules:
09:00:29.517    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdm.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
09:00:29.521    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9d880]
09:00:29.524    3 CLASSPNP.SYS[8ba4e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86318028]
09:00:31.300    AVAST engine scan C:\Windows
09:23:25.446    AVAST engine scan C:\Windows\system32
10:48:37.334    AVAST engine scan C:\Windows\system32\drivers
11:27:20.288    AVAST engine scan C:\Users\doc_mk7
14:56:06.922    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
14:56:06.933    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 00:11:03
-----------------------------
00:11:03.486    OS Version: Windows 6.1.7600
00:11:03.486    Number of processors: 4 586 0x2505
00:11:03.486    ComputerName: PC7  UserName:
00:11:08.743    Initialize success
00:14:16.911    AVAST engine defs: 11090101
00:14:23.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:23.213    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
00:14:23.229    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
00:14:23.229    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
00:14:23.229    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
00:14:23.244    Disk 2 Vendor:  Size: 305245MB BusType: 0
00:14:23.244    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
00:14:23.244    Disk 3 Vendor:  Size: 305245MB BusType: 0
00:14:25.272    Disk 0 MBR read successfully
00:14:25.272    Disk 0 MBR scan
00:14:25.288    Disk 0 unknown MBR code
00:14:25.288    Disk 0 scanning sectors +2930275120
00:14:25.382    Disk 0 scanning C:\Windows\system32\drivers
00:14:38.361    Service scanning
00:14:38.907    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:14:39.468    Modules scanning
00:14:46.629    Disk 0 trace - called modules:
00:14:46.660    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsg.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
00:14:46.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9ba38]
00:14:46.676    3 CLASSPNP.SYS[8ba7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b4028]
00:14:49.312    AVAST engine scan C:\Windows
00:14:56.363    AVAST engine scan C:\Windows\system32
00:16:59.962    AVAST engine scan C:\Windows\system32\drivers
00:17:11.849    AVAST engine scan C:\Users\doc_mk7
00:58:40.007    AVAST engine scan C:\ProgramData
00:59:28.710    Scan finished successfully
01:01:10.298    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
01:01:10.313    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"

cosinus 02.09.2011 00:26
Zitat:
00:14:25.272 Disk 0 MBR read successfully
00:14:25.272 Disk 0 MBR scan
00:14:25.288 Disk 0 unknown MBR code
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR für Disk 0!
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

doc_h 02.09.2011 10:10
Fix hat offenbar geklappt: keine negativen Folgen
Neues Log:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 08:45:28
-----------------------------
08:45:28.629    OS Version: Windows 6.1.7600
08:45:28.629    Number of processors: 4 586 0x2505
08:45:28.630    ComputerName: PC7  UserName:
08:45:31.262    Initialize success
08:48:47.910    AVAST engine defs: 11083101
08:49:55.403    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:49:55.405    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
08:49:55.406    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:49:55.408    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
08:49:55.409    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000071
08:49:55.411    Disk 2 Vendor:  Size: 305245MB BusType: 0
08:49:55.413    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000072
08:49:55.415    Disk 3 Vendor:  Size: 305245MB BusType: 0
08:49:57.586    Disk 0 MBR read successfully
08:49:57.592    Disk 0 MBR scan
08:49:57.709    Disk 0 unknown MBR code
08:49:57.716    Disk 0 MBR hidden
08:49:57.974    Disk 0 scanning sectors +2930275120
08:49:59.360    Disk 0 scanning C:\Windows\system32\drivers
08:55:00.009    Service scanning
08:55:00.450    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:55:00.988    Modules scanning
09:00:29.429    Disk 0 trace - called modules:
09:00:29.517    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdm.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
09:00:29.521    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9d880]
09:00:29.524    3 CLASSPNP.SYS[8ba4e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86318028]
09:00:31.300    AVAST engine scan C:\Windows
09:23:25.446    AVAST engine scan C:\Windows\system32
10:48:37.334    AVAST engine scan C:\Windows\system32\drivers
11:27:20.288    AVAST engine scan C:\Users\doc_mk7
14:56:06.922    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
14:56:06.933    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 00:11:03
-----------------------------
00:11:03.486    OS Version: Windows 6.1.7600
00:11:03.486    Number of processors: 4 586 0x2505
00:11:03.486    ComputerName: PC7  UserName:
00:11:08.743    Initialize success
00:14:16.911    AVAST engine defs: 11090101
00:14:23.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:23.213    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
00:14:23.229    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
00:14:23.229    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
00:14:23.229    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
00:14:23.244    Disk 2 Vendor:  Size: 305245MB BusType: 0
00:14:23.244    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
00:14:23.244    Disk 3 Vendor:  Size: 305245MB BusType: 0
00:14:25.272    Disk 0 MBR read successfully
00:14:25.272    Disk 0 MBR scan
00:14:25.288    Disk 0 unknown MBR code
00:14:25.288    Disk 0 scanning sectors +2930275120
00:14:25.382    Disk 0 scanning C:\Windows\system32\drivers
00:14:38.361    Service scanning
00:14:38.907    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:14:39.468    Modules scanning
00:14:46.629    Disk 0 trace - called modules:
00:14:46.660    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsg.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
00:14:46.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9ba38]
00:14:46.676    3 CLASSPNP.SYS[8ba7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b4028]
00:14:49.312    AVAST engine scan C:\Windows
00:14:56.363    AVAST engine scan C:\Windows\system32
00:16:59.962    AVAST engine scan C:\Windows\system32\drivers
00:17:11.849    AVAST engine scan C:\Users\doc_mk7
00:58:40.007    AVAST engine scan C:\ProgramData
00:59:28.710    Scan finished successfully
01:01:10.298    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
01:01:10.313    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 10:15:57
-----------------------------
10:15:57.564    OS Version: Windows 6.1.7600
10:15:57.564    Number of processors: 4 586 0x2505
10:15:57.564    ComputerName: PC7  UserName:
10:16:20.324    Initialize success
10:16:25.223    AVAST engine defs: 11090101
10:16:34.489    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:16:34.505    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
10:16:34.505    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:16:34.505    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
10:16:34.505    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
10:16:34.520    Disk 2 Vendor:  Size: 305245MB BusType: 0
10:16:34.520    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
10:16:34.520    Disk 3 Vendor:  Size: 305245MB BusType: 0
10:16:36.564    Disk 0 MBR read successfully
10:16:36.564    Disk 0 MBR scan
10:16:36.580    Disk 0 Windows 7 default MBR code
10:16:36.595    Disk 0 scanning sectors +2930275120
10:16:36.673    Disk 0 scanning C:\Windows\system32\drivers
10:16:48.966    Service scanning
10:16:51.244    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:16:51.836    Modules scanning
10:16:58.872    Disk 0 trace - called modules:
10:16:58.903    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmn.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
10:16:58.919    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9da58]
10:16:58.919    3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b6028]
10:17:01.290    AVAST engine scan C:\Windows
10:17:12.007    AVAST engine scan C:\Windows\system32
10:19:22.735    AVAST engine scan C:\Windows\system32\drivers
10:19:35.137    AVAST engine scan C:\Users\doc_mk7
10:58:33.940    AVAST engine scan C:\ProgramData
10:59:00.632    Scan finished successfully
11:04:26.095    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
11:04:26.111    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"
Was ist mit der gelben ...
Zitat:
10:16:51.244 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
und der roten Zeile?
Zitat:
10:16:58.903 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmn.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<

cosinus 02.09.2011 10:27
Zitat:
08:49:57.709 Disk 0 unknown MBR code
08:49:57.716 Disk 0 MBR hidden
Ging nicht...

Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-32-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

doc_h 02.09.2011 10:43
Sorry, aber ich habe das gesamte Log gepostet. Es entält die History aller Scans.
Dein letztes Zitat stammt von gestern, vor dem Fix.
Das heutige Log sieht folgendermaßen aus:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 00:11:03
-----------------------------
00:11:03.486    OS Version: Windows 6.1.7600
00:11:03.486    Number of processors: 4 586 0x2505
00:11:03.486    ComputerName: PC7  UserName:
00:11:08.743    Initialize success
00:14:16.911    AVAST engine defs: 11090101
00:14:23.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:14:23.213    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
00:14:23.229    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
00:14:23.229    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
00:14:23.229    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000073
00:14:23.244    Disk 2 Vendor:  Size: 305245MB BusType: 0
00:14:23.244    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000074
00:14:23.244    Disk 3 Vendor:  Size: 305245MB BusType: 0
00:14:25.272    Disk 0 MBR read successfully
00:14:25.272    Disk 0 MBR scan
00:14:25.288    Disk 0 unknown MBR code
00:14:25.288    Disk 0 scanning sectors +2930275120
00:14:25.382    Disk 0 scanning C:\Windows\system32\drivers
00:14:38.361    Service scanning
00:14:38.907    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:14:39.468    Modules scanning
00:14:46.629    Disk 0 trace - called modules:
00:14:46.660    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsg.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
00:14:46.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9ba38]
00:14:46.676    3 CLASSPNP.SYS[8ba7f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b4028]
00:14:49.312    AVAST engine scan C:\Windows
00:14:56.363    AVAST engine scan C:\Windows\system32
00:16:59.962    AVAST engine scan C:\Windows\system32\drivers
00:17:11.849    AVAST engine scan C:\Users\doc_mk7
00:58:40.007    AVAST engine scan C:\ProgramData
00:59:28.710    Scan finished successfully
01:01:10.298    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
01:01:10.313    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 10:15:57
Die "hidden"-Zeile ist nun weg, die "unknown"-Zeile immer noch drin.
Soll ich trotzdem so verfahren, wie in deinem letzten Post beschrieben?

cosinus 02.09.2011 13:28
Ja, fix den mbr mal über die Win-CD.

doc_h 02.09.2011 15:47
Zitat:
Zitat von cosinus (Beitrag 698971)
Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
MBRCheck hatten wir noch nicht ...
Hier schon mal das MBRCheck-Log.
Meckert immer noch über
Zitat:
non-standard or infected MBR
... !?

GMER lass ich heute Nacht laufen.

doc_h 03.09.2011 12:04
GMER will nicht mehr!
4x Absturz, dabei 1x Rechner "eingefroren" und 1x Bluescreen.
Ich weiß nicht, ob du mit der Bluescreen-Meldung nach dem Neustart was anfangen kannst, aber ich füge sie mal an.

cosinus 04.09.2011 13:30
Ja sry, ich muss meinen Baustein mal aktualisieren. Da steht noch mbrcheck drin und nicht aswMBR :wtf:
Du hast wirklich bootrec.exe /fixboot und bootrec.exe /fixmbr über die Windows-CD ausgeführt?

doc_h 04.09.2011 13:34
Ja!
Beides wurde mit dem Kommentar bestätigt: erfolgreich ausgeführt!
Soll ich noch mit aswMBR hinterher?

doc_h 04.09.2011 13:51
sry auch,
wenn ich mir dein Posting so ansehe, könnte es sein, dass ich das Leerzeichen nach bootrec.exe vergessen hatte!
Habe das ganze eben nochmal "mit Leerzeichen" wiederholt und scanne neu mit aswMBR ...

cosinus 04.09.2011 13:51
Hm, dann ollte der MBR auch neu sein :balla:
Mach nochmal ein neues aswMBR-Log, ist der MBR immer noch unbekannt, bitte den MBR nochmal versuchen mit aswMBR zu fixen.

doc_h 04.09.2011 15:05
jetzt aber ...
mit den Leerzeichen klappt auch das Fixen ...
Hier das neue aswMBR-Log:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-04 15:03:46
-----------------------------
15:03:46.043    OS Version: Windows 6.1.7600
15:03:46.043    Number of processors: 4 586 0x2505
15:03:46.043    ComputerName: PC7  UserName:
15:03:50.491    Initialize success
15:03:54.567    AVAST engine defs: 11090400
15:03:56.053    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:03:56.053    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
15:03:56.069    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:03:56.069    Disk 1 Vendor: ST332082 3.AA Size: 305245MB BusType: 3
15:03:56.069    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000074
15:03:56.084    Disk 2 Vendor:  Size: 305245MB BusType: 0
15:03:56.084    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000075
15:03:56.084    Disk 3 Vendor:  Size: 305245MB BusType: 0
15:03:58.114    Disk 0 MBR read successfully
15:03:58.114    Disk 0 MBR scan
15:03:58.130    Disk 0 Windows 7 default MBR code
15:03:58.146    Disk 0 scanning sectors +2930275120
15:03:58.224    Disk 0 scanning C:\Windows\system32\drivers
15:04:13.189    Service scanning
15:04:15.972    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:04:16.519    Modules scanning
15:04:24.353    Disk 0 trace - called modules:
15:04:24.385    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spiu.sys halmacpi.dll >>UNKNOWN [0x8554a938]<<
15:04:24.401    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e9f820]
15:04:24.401    3 CLASSPNP.SYS[8ba2159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86319028]
15:04:26.635    AVAST engine scan C:\Windows
15:04:35.414    AVAST engine scan C:\Windows\system32
15:06:52.712    AVAST engine scan C:\Windows\system32\drivers
15:07:05.051    AVAST engine scan C:\Users\doc_mk7
15:47:44.881    AVAST engine scan C:\ProgramData
15:48:18.533    Scan finished successfully
16:02:45.308    Disk 0 MBR has been saved successfully to "C:\Users\doc_mk7\Desktop\MBR.dat"
16:02:45.370    The log file has been saved successfully to "C:\Users\doc_mk7\Desktop\aswMBR.txt"

cosinus 04.09.2011 15:33
Zitat:
15:03:58.130 Disk 0 Windows 7 default MBR code
:daumenhoc

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


doc_h 05.09.2011 12:52
Vollscan mit Malwarebytes: nix gefunden

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7650

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.09.2011 18:23:31
mbam-log-2011-09-04 (18-23-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 707108
Laufzeit: 1 Stunde(n), 28 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Vollscan mit SUPERAntiSpyware : ein paar Cookies und alte unbenutzte Software

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/05/2011 at 03:25 AM

Application Version : 5.0.1118

Core Rules Database Version : 7645
Trace Rules Database Version: 5457

Scan type      : Complete Scan
Total Scan Time : 03:21:39

Operating System Information
Windows 7 Home Premium 32-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 861
Memory threats detected  : 0
Registry items scanned    : 38977
Registry threats detected : 0
File items scanned        : 444657
File threats detected    : 30

Adware.Tracking Cookie
        C:\Users\doc_mk7\AppData\Roaming\Microsoft\Windows\Cookies\2UGAD6V9.txt
        C:\Users\doc_mk7\AppData\Roaming\Microsoft\Windows\Cookies\5O9J6BUC.txt
        .adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\DOC_MK7\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H21DFTE0.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Cryptor[Egun]
        F:\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA\WELLENMASCHINEN\WELLMA6.EXE
        ZIP ARCHIVE( F:\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP )/WELLENMASCHINEN/WELLMA6.EXE
        F:\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP
        ZIP ARCHIVE( G:\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP )/PRJBOOKFINDER.EXE
        G:\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP
        ZIP ARCHIVE( H:\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP )/INNO SETUP HILFSPROGRAMM (GES)/INNO SETUP HILFSPROGRAMM.EXE
        H:\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP
        ZIP ARCHIVE( C:\ALTE FESTPLATTE\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP )/INNO SETUP HILFSPROGRAMM (GES)/INNO SETUP HILFSPROGRAMM.EXE
        C:\ALTE FESTPLATTE\ARCHIV\PROGS\ENTWICKLUNG\VISUAL BASIC\SETUP ERSTELLEN\INNO SETUP HILFSPROGRAMM (GES).ZIP
        ZIP ARCHIVE( C:\ALTE FESTPLATTE\ENTWICKLUNG\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP )/PRJBOOKFINDER.EXE
        C:\ALTE FESTPLATTE\ENTWICKLUNG\BüCHER\VB LEHRBUCH\BUCH - IT STUDIENAUSGABE\BEISPIELE\KAP04\BEI04.ZIP
        C:\ALTE FESTPLATTE\SCHULE\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA\WELLENMASCHINEN\WELLMA6.EXE
        ZIP ARCHIVE( C:\ALTE FESTPLATTE\SCHULE\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP )/WELLENMASCHINEN/WELLMA6.EXE
        C:\ALTE FESTPLATTE\SCHULE\MATERIAL\PHYSIK\JG12\WELLEN\WELLMA.ZIP

ESET:gleicher Befund wie zuvor: Miro + alte unbenutzte Software

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=61a2e269d68ab542976301a1611e027c
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-12 12:16:03
# local_time=2011-08-12 02:16:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 364944 49684109 270503 0
# compatibility_mode=5893 16776574 100 94 21619393 64782079 0 0
# compatibility_mode=8192 67108863 100 0 223 223 0 0
# scanned=11591
# found=1
# cleaned=0
# scan_time=475
C:\alte festplatte\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=61a2e269d68ab542976301a1611e027c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-12 03:51:02
# local_time=2011-08-12 05:51:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 365525 49684690 271084 0
# compatibility_mode=5893 16776574 100 94 21619974 64782660 0 0
# compatibility_mode=8192 67108863 100 0 804 804 0 0
# scanned=545520
# found=13
# cleaned=0
# scan_time=12792
C:\alte festplatte\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\radio\phonostar\ps_radio2012.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\radio\podcatcher\Miro_Installer.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe        a variant of Win32/Adware.Trymedia application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe        probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\entwicklung\bücher\Office_Programmierung\DATA\KAP_13.HTM        probably unknown SCRIPT virus (unable to clean)        00000000000000000000000000000000        I
C:\Users\doc_mk7\Downloads\software\Miro-3.5.1.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
G:\bücher\Office_Programmierung\DATA\KAP_13.HTM        probably unknown SCRIPT virus (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\radio\phonostar\ps_radio2012.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\radio\podcatcher\Miro_Installer.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe        a variant of Win32/Adware.Trymedia application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe        probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)        00000000000000000000000000000000        I
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=61a2e269d68ab542976301a1611e027c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-05 10:09:22
# local_time=2011-09-05 12:09:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 48780 51737918 334892 0
# compatibility_mode=5893 16776574 100 94 23673202 66835888 0 0
# compatibility_mode=8192 67108863 100 0 2054032 2054032 0 0
# scanned=539927
# found=13
# cleaned=0
# scan_time=12664
C:\alte festplatte\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\radio\phonostar\ps_radio2012.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\radio\podcatcher\Miro_Installer.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe        a variant of Win32/Adware.Trymedia application (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe        probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)        00000000000000000000000000000000        I
C:\alte festplatte\entwicklung\bücher\Office_Programmierung\DATA\KAP_13.HTM        probably unknown SCRIPT virus (unable to clean)        00000000000000000000000000000000        I
C:\Users\doc_mk7\Downloads\software\Miro-3.5.1.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
G:\bücher\Office_Programmierung\DATA\KAP_13.HTM        probably unknown SCRIPT virus (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\audio\rippen\audiograbber\agsetup183se.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\radio\phonostar\ps_radio2012.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\radio\podcatcher\Miro_Installer.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\spiele\strategie\ee\EmpireEarthIISetup-dm.exe        a variant of Win32/Adware.Trymedia application (unable to clean)        00000000000000000000000000000000        I
H:\archiv\progs\tv\streaming\ppstream\ppstream_1.0.4.595.exe        probably a variant of Win32/Agent.DZUBIZF trojan (unable to clean)        00000000000000000000000000000000        I


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:50 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130