Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER Logfile:GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-05 01:32:39
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS543225L9A300 rev.FBEOC40C
Running: vw59dxt7.exe; Driver: C:\Users\***\AppData\Local\Temp\agtirkow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1             8287D349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2    828B6D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x91006000, 0x2D5378, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004e         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

--- --- ---
--- --- ---


OSAM Logfile:OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:59:35 on 06.02.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"G Data Network Monitor" (GdNetMon) - "G Data Software AG" - C:\Windows\system32\drivers\GdNetMon32.sys
"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys
"G Data WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{04184942-D1DF-4B17-BD72-81C230531CA6} "AVKVirtualFolder Class" - "G Data Software AG" - D:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupNSE.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - D:\Program Files\G Data\TotalCare\WebFilter\AVKWebIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - D:\Program Files\G Data\TotalCare\WebFilter\AVKWebIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"G Data AntiVirus Tray Application" - "G Data Software AG" - D:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
"GDFirewallTray" - "G Data Software AG" - D:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
"G Data Backup Service" (GDBackupSvc) - "G Data Software AG" - D:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - D:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe
"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - D:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - D:\Program Files\G Data\TotalCare\AVK\AVKService.exe
"G Data Tuner Service" (GDTunerSvc) - "G Data Software AG" - D:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         

aswMBR:

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 10:00:41
-----------------------------
10:00:41.169    OS Version: Windows 6.1.7601 Service Pack 1
10:00:41.169    Number of processors: 2 586 0xF0D
10:00:41.169    ComputerName: ***-PC  UserName: ***
10:00:41.701    Initialize success
10:01:33.194    AVAST engine defs: 12020503
10:01:38.553    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:01:38.553    Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
10:01:38.569    Disk 0 MBR read successfully
10:01:38.569    Disk 0 MBR scan
10:01:38.584    Disk 0 Windows 7 default MBR code
10:01:38.600    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:01:38.616    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        54900 MB offset 206848
10:01:38.647    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       100000 MB offset 112642048
10:01:38.678    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        83473 MB offset 317442048
10:01:38.694    Disk 0 scanning sectors +488394752
10:01:38.756    Disk 0 scanning C:\Windows\system32\drivers
10:01:55.194    Service scanning
10:01:56.944    Modules scanning
10:02:16.319    Disk 0 trace - called modules:
10:02:16.334    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
10:02:16.350    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d66030]
10:02:16.350    3 CLASSPNP.SYS[8ae0459e] -> nt!IofCallDriver -> [0x858fe918]
10:02:16.366    5 ACPI.sys[8aaa53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x858bc030]
10:02:17.163    AVAST engine scan C:\Windows
10:02:19.616    AVAST engine scan C:\Windows\system32
10:05:43.381    AVAST engine scan C:\Windows\system32\drivers
10:06:10.584    AVAST engine scan C:\Users\***
10:07:24.475    AVAST engine scan C:\ProgramData
10:07:42.538    Scan finished successfully
10:08:16.491    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
10:08:16.506    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!