Trojaner-Board - Googlelinks führen zu nicht erwünschten Seiten

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Googlelinks führen zu nicht erwünschten Seiten (https://www.trojaner-board.de/108257-googlelinks-fuehren-erwuenschten-seiten.html)

Erstell dir mal ein neues Profil und teste => Profile verwalten | Anleitung | Firefox-Hilfe

Ich habe ein neues Profil ohne Erfolg erstellt und getestet. Googleergebnisse werden weiterhin fehlgeleitet.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier die gewünschte ComboFix-Log.

Code:

ComboFix 12-01-19.02 - Andreas 20.01.2012  15:13:02.1.4 - x86

ausgeführt von:: c:\dokumente und einstellungen\Andreas\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokume~1\Andreas\LOKALE~1\Temp\sfamcc00001.dll

c:\dokume~1\Andreas\LOKALE~1\Temp\sfareca00001.dll

c:\dokumente und einstellungen\Andreas\Desktop\Scanner.lnk

c:\dokumente und einstellungen\Andreas\Lokale Einstellungen\Temp\sfamcc00001.dll

c:\dokumente und einstellungen\Andreas\Lokale Einstellungen\Temp\sfareca00001.dll

c:\dokumente und einstellungen\Andreas\WINDOWS

c:\windows\IsUn0407.exe

c:\windows\iun6002.exe

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system\Wing32.dll

c:\windows\system32\setup.ini

c:\windows\system32\tmp25.tmp

c:\windows\system32\tmp3F.tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-20 bis 2012-01-20  ))))))))))))))))))))))))))))))

.

.

2012-01-18 02:04 . 2012-01-18 02:04        118784        --sha-r-        c:\windows\system32\perfprocg.dll

2012-01-16 23:27 . 2012-01-16 23:42        21840        ----atw-        c:\windows\system32\SIntfNT.dll

2012-01-16 23:27 . 2012-01-16 23:42        17212        ----atw-        c:\windows\system32\SIntf32.dll

2012-01-16 23:27 . 2012-01-16 23:42        12067        ----atw-        c:\windows\system32\SIntf16.dll

2012-01-16 23:07 . 2012-01-16 23:07        --------        d-----w-        c:\programme\Sierra On-Line

2012-01-13 13:14 . 2012-01-13 13:32        --------        d-----w-        c:\dokumente und einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Somalian Syndrome

2012-01-13 13:13 . 2008-04-27 09:35        180224        ----a-w-        c:\windows\system32\xvidvfw.dll

2012-01-13 13:13 . 2008-04-27 09:33        765952        ----a-w-        c:\windows\system32\xvidcore.dll

2012-01-13 13:13 . 2007-06-28 17:55        77824        ----a-w-        c:\windows\system32\xvid.ax

2012-01-13 13:13 . 2012-01-13 13:13        --------        d-----w-        c:\programme\Xvid

2012-01-06 08:36 . 2012-01-06 08:36        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll

2012-01-06 08:36 . 2012-01-06 08:36        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll

2012-01-06 08:36 . 2012-01-06 08:36        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll

2012-01-06 08:36 . 2012-01-06 08:36        43992        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-15 01:10 . 2009-06-09 10:36        444952        ----a-w-        c:\windows\system32\wrap_oal.dll

2012-01-15 01:10 . 2009-06-09 10:36        109080        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-12-15 11:59 . 2010-02-14 23:23        19210240        ----a-w-        c:\windows\system32\atioglxx.dll

2011-12-15 11:59 . 2010-02-14 23:23        884736        ----a-w-        c:\windows\system32\ati2cqag.dll

2011-12-15 11:59 . 2010-02-14 23:23        118784        ----a-w-        c:\windows\system32\atibtmon.exe

2011-12-15 11:59 . 2010-02-14 23:23        7196672        ----a-w-        c:\windows\system32\aticaldd.dll

2011-12-15 11:58 . 2010-02-14 23:23        806912        ----a-w-        c:\windows\system32\atikvmag.dll

2011-12-15 11:58 . 2010-02-14 23:23        53248        ----a-w-        c:\windows\system32\aticalcl.dll

2011-12-15 11:58 . 2010-02-14 23:23        24064        ----a-w-        c:\windows\system32\ativcoxx.dll

2011-12-15 11:58 . 2010-02-14 23:23        294912        ----a-w-        c:\windows\system32\ATIODE.exe

2011-12-15 11:58 . 2010-02-14 23:23        192512        ----a-w-        c:\windows\system32\ati2evxx.dll

2011-12-15 11:58 . 2011-03-25 10:19        956160        ----a-w-        c:\windows\system32\ativvamv.dll

2011-12-15 11:58 . 2010-02-14 23:23        45056        ----a-w-        c:\windows\system32\ATIODCLI.exe

2011-12-15 11:58 . 2010-02-14 23:23        212992        ----a-w-        c:\windows\system32\atipdlxx.dll

2011-12-15 11:58 . 2010-02-14 23:23        7493120        ----a-w-        c:\windows\system32\drivers\ati2mtag.sys

2011-12-15 11:58 . 2010-02-14 23:23        65024        ----a-w-        c:\windows\system32\atimpc32.dll

2011-12-15 11:58 . 2010-02-14 23:23        65024        ----a-w-        c:\windows\system32\amdpcom32.dll

2011-12-15 11:58 . 2010-02-14 23:23        602112        ----a-w-        c:\windows\system32\atiok3x2.dll

2011-12-15 11:58 . 2010-02-14 23:23        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-12-15 11:58 . 2010-02-14 23:23        5266624        ----a-w-        c:\windows\system32\ati3duag.dll

2011-12-15 11:58 . 2010-02-14 23:23        311296        ----a-w-        c:\windows\system32\atiiiexx.dll

2011-12-15 11:58 . 2010-02-14 23:23        304640        ----a-w-        c:\windows\system32\ati2dvag.dll

2011-12-15 11:58 . 2010-02-14 23:23        3303040        ----a-w-        c:\windows\system32\ativvaxx.dll

2011-12-15 11:58 . 2010-02-14 23:23        17408        ----a-w-        c:\windows\system32\atitvo32.dll

2011-12-15 11:58 . 2010-02-14 23:23        57344        ----a-w-        c:\windows\system32\aticalrt.dll

2011-12-15 11:58 . 2010-02-14 23:23        643072        ----a-w-        c:\windows\system32\ati2evxx.exe

2011-12-15 11:58 . 2010-02-14 23:23        53248        ----a-w-        c:\windows\system32\ATIDDC.DLL

2011-12-15 11:58 . 2010-02-28 01:48        159744        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-12-15 11:58 . 2010-02-14 23:23        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-12-15 11:58 . 2010-02-14 23:23        155648        ----a-w-        c:\windows\system32\Oemdspif.dll

2011-12-15 11:58 . 2010-02-14 23:23        43520        ----a-w-        c:\windows\system32\ati2edxx.dll

2011-12-15 11:58 . 2010-02-14 23:23        26112        ----a-w-        c:\windows\system32\Ati2mdxx.exe

2011-12-15 11:58 . 2010-02-14 23:23        233472        ----a-w-        c:\windows\system32\atiadlxx.dll

2011-12-10 14:24 . 2011-11-29 11:44        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-02 00:52 . 2011-12-02 00:12        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll

2011-11-09 21:39 . 2011-11-09 21:39        59904        ----a-w-        c:\windows\system32\OpenVideo.dll

2011-11-09 21:39 . 2011-11-09 21:39        54784        ----a-w-        c:\windows\system32\OVDecode.dll

2011-11-09 21:38 . 2011-11-09 21:38        14375936        ----a-w-        c:\windows\system32\amdocl.dll

2011-11-09 21:37 . 2011-11-09 21:37        44032        ----a-w-        c:\windows\system32\OpenCL.dll

2012-01-06 08:36 . 2011-05-06 09:12        121816        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll

2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll

2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"ATICustomerCare"="c:\programme\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Malwarebytes' Anti-Malware"="e:\betriebsprogramme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Andreas\Startmenü\Programme\Autostart\

SpeedFan.lnk - c:\programme\SpeedFan\speedfan.exe [2009-8-9 3986552]

.

c:\dokumente und einstellungen\Andreas\Startmenü\Programme\Autostart\

SpeedFan.lnk - c:\programme\SpeedFan\speedfan.exe [2009-8-9 3986552]

.

c:\dokumente und einstellungen\Andreas\Startmenü\Programme\Autostart\

SpeedFan.lnk - c:\programme\SpeedFan\speedfan.exe [2009-8-9 3986552]

.

c:\dokumente und einstellungen\Andreas\Startmenü\Programme\Autostart\

SpeedFan.lnk - c:\programme\SpeedFan\speedfan.exe [2009-8-9 3986552]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher S.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher S.lnk

backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50        1144104        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ENISysTray]

2005-02-01 15:17        245760        ----a-w-        c:\programme\3S Software\CoDeSys ENI Server\ENISysTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 13:49        249064        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"c:\\totalcmd\\TOTALCMD.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Internetgutes\\Toll\\BF1942\\BF1942.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programme\\Winamp\\winamp.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\pt boats knights of the sea\\PT-Boats.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\pt boats south gambit\\PTBoatsSG.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\Children of the Nile Alexandria\\CoTN.exe"=

"e:\\Betriebsprogramme\\Steam\\SteamApps\\common\\Children of the Nile\\CoTN.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19.01.2012 18:14 36000]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.02.2010 11:22 185472]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.01.2012 18:14 86224]

R2 ENI Server;ENI Server;c:\programme\3S Software\CoDeSys ENI Server\ENI.exe [28.05.2011 01:59 565248]

R2 MBAMService;MBAMService;e:\betriebsprogramme\Malwarebytes' Anti-Malware\mbamservice.exe [29.11.2011 12:44 652872]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.11.2011 12:44 20464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]

S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [08.11.2011 13:47 136176]

S3 3SRTE;RTE 3S System Driver;c:\windows\system32\drivers\3SRTE.sys [28.05.2011 01:59 298043]

S3 cpuz130;cpuz130;\??\c:\dokume~1\Andreas\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\Andreas\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [08.11.2011 13:47 136176]

S3 ibpcimpm;ibpcimpm;c:\windows\system32\drivers\ibpcimpm.sys [28.05.2011 01:59 264124]

S3 pnicml;pnicml;\??\c:\dokume~1\Andreas\LOKALE~1\Temp\pnicml.sys --> c:\dokume~1\Andreas\LOKALE~1\Temp\pnicml.sys [?]

S3 RTIOdrvAPIC;RTIOdrvAPIC;c:\windows\system32\drivers\RTIOdrvAPIC.sys [28.05.2011 01:59 23618]

S3 RTIOdrvApplicom;RTIOdrvApplicom;c:\windows\system32\drivers\RTIOdrvApplicom.sys [28.05.2011 01:59 218956]

S3 RTIOdrvAutomata;RTIOdrvAutomata;c:\windows\system32\drivers\RTIOdrvAutomata.sys [28.05.2011 01:59 300264]

S3 RTIOdrvCP5613;RTIOdrvCP5613;c:\windows\system32\drivers\RTIOdrvCP5613.sys [28.05.2011 01:59 398712]

S3 RTIOdrvDAMP;RTIOdrvDAMP;c:\windows\system32\drivers\RTIOdrvDAMP.sys [28.05.2011 01:59 80756]

S3 RTIOdrvFC310x;RTIOdrvFC310x;c:\windows\system32\drivers\RTIOdrvFC310x.sys [28.05.2011 01:59 203176]

S3 RTIOdrvHilscherDPM;RTIOdrvHilscherDPM;c:\windows\system32\drivers\RTIOdrvHilscherDPM.sys [28.05.2011 01:59 57936]

S3 RTIOdrvHMS;RTIOdrvHMS;c:\windows\system32\drivers\RTIOdrvHMS.sys [28.05.2011 01:59 30268]

S3 RTIOdrvSJA;RTIOdrvSJA;c:\windows\system32\drivers\RTIOdrvSJA.sys [28.05.2011 01:59 108796]

S3 RTService;RT Service 3S KM;c:\programme\3S Software\CoDeSys SP RTE\RTService.exe [28.05.2011 01:59 544825]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-08 12:47]

.

2012-01-20 c:\windows\Tasks\Lrdqlhgvek.job

- c:\windows\system32\perfprocg.dll [2012-01-18 02:04]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.heute.de/

IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Andreas\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\nh7rzrgl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.heute.de/

FF - prefs.js: network.proxy.type - 2

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-35679699.sys

MSConfigStartUp-Buskb - c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Atlmon\comnew.exe

MSConfigStartUp-DAEMON Tools Lite - c:\programme\DAEMON Tools Lite\DTLite.exe

AddRemove-Pharaoh - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-20 15:18

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-527237240-1220945662-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:a7,cf,e8,f2,2c,dc,26,f3,41,92,b6,b0,d7,84,32,6a,26,d2,1b,f8,80,

   84,76,33,04,ae,f9,bd,07,29,f8,06,46,49,5f,c5,dd,4b,e6,55,a9,a2,85,72,e8,f5,\

"rkeysecu"=hex:bd,25,01,60,dc,54,17,78,c2,50,55,66,42,35,ba,3d

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(544)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(1724)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\rundll32.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\PnkBstrA.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\windows\System32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-20  15:21:12 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-20 14:21

.

Vor Suchlauf: 16 Verzeichnis(se), 16.286.900.224 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 16.738.082.816 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 7C045CEFDA0D4DB7C8A1EA0B754EE751

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Guten Morgen! Hier die gewünschten Logs.

gmer.log

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-21 08:14:12

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJA0 rev.05.01C05

Running: 9y23y0kk.exe; Driver: C:\DOKUME~1\Andreas\LOKALE~1\Temp\pxtdrpod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT    B911606C                                      ZwClose

SSDT    B9116026                                      ZwCreateKey

SSDT    B9116076                                      ZwCreateSection

SSDT    B911601C                                      ZwCreateThread

SSDT    B911602B                                      ZwDeleteKey

SSDT    B9116035                                      ZwDeleteValueKey

SSDT    B9116067                                      ZwDuplicateObject

SSDT    B911603A                                      ZwLoadKey

SSDT    B9116008                                      ZwOpenProcess

SSDT    B911600D                                      ZwOpenThread

SSDT    B911608F                                      ZwQueryValueKey

SSDT    B9116044                                      ZwReplaceKey

SSDT    B9116080                                      ZwRequestWaitReplyPort

SSDT    B911603F                                      ZwRestoreKey

SSDT    B911607B                                      ZwSetContextThread

SSDT    B9116085                                      ZwSetSecurityObject

SSDT    B9116030                                      ZwSetValueKey

SSDT    B911608A                                      ZwSystemDebugControl

SSDT    B9116017                                      ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text   C:\WINDOWS\system32\DRIVERS\ati2mtag.sys      section is writeable [0xB9247000, 0x2C28EE, 0xE8000020]

.vmp2   C:\WINDOWS\system32\drivers\acedrv11.sys      entry point in ".vmp2" section [0xA98B869D]

.text   C:\WINDOWS\system32\DRIVERS\atksgt.sys        section is writeable [0xA984E300, 0x3B6D8, 0xE8000020]

.text   C:\WINDOWS\system32\DRIVERS\lirsgt.sys        section is writeable [0xF77B7300, 0x1BEE, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort0            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort1            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort2            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort3            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
 

---- EOF - GMER 1.0.15 ----

Hier das Osam-Log.

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 08:22:54 on 21.01.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Unable to get information
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Lrdqlhgvek.job" - ? - C:\WINDOWS\system32\perfprocg.dll  (File is exclusively opened, access blocked | File found, but it contains no detailed information)
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys

"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz130" (cpuz130) - ? - C:\DOKUME~1\Andreas\LOKALE~1\Temp\cpuz130\cpuz_x32.sys  (File not found)

"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys

"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"ibpcimpm" (ibpcimpm) - ? - C:\WINDOWS\system32\drivers\ibpcimpm.sys  (File found, but it contains no detailed information)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pnicml" (pnicml) - ? - C:\DOKUME~1\Andreas\LOKALE~1\Temp\pnicml.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"pxtdrpod" (pxtdrpod) - ? - C:\DOKUME~1\Andreas\LOKALE~1\Temp\pxtdrpod.sys  (Hidden registry entry, rootkit activity | File not found)

"RTE 3S System Driver" (3SRTE) - "3S - Smart Software Solutions GmbH" - C:\WINDOWS\system32\drivers\3SRTE.sys

"RTIOdrvAPIC" (RTIOdrvAPIC) - "3S" - C:\WINDOWS\system32\drivers\RTIOdrvAPIC.sys

"RTIOdrvApplicom" (RTIOdrvApplicom) - ? - C:\WINDOWS\system32\drivers\RTIOdrvApplicom.sys  (File found, but it contains no detailed information)

"RTIOdrvAutomata" (RTIOdrvAutomata) - ? - C:\WINDOWS\system32\drivers\RTIOdrvAutomata.sys  (File found, but it contains no detailed information)

"RTIOdrvCP5613" (RTIOdrvCP5613) - ? - C:\WINDOWS\system32\drivers\RTIOdrvCP5613.sys  (File found, but it contains no detailed information)

"RTIOdrvDAMP" (RTIOdrvDAMP) - ? - C:\WINDOWS\system32\drivers\RTIOdrvDAMP.sys  (File found, but it contains no detailed information)

"RTIOdrvFC310x" (RTIOdrvFC310x) - ? - C:\WINDOWS\system32\drivers\RTIOdrvFC310x.sys  (File found, but it contains no detailed information)

"RTIOdrvHilscherDPM" (RTIOdrvHilscherDPM) - ? - C:\WINDOWS\system32\drivers\RTIOdrvHilscherDPM.sys  (File found, but it contains no detailed information)

"RTIOdrvHMS" (RTIOdrvHMS) - ? - C:\WINDOWS\system32\drivers\RTIOdrvHMS.sys  (File found, but it contains no detailed information)

"RTIOdrvSJA" (RTIOdrvSJA) - ? - C:\WINDOWS\system32\drivers\RTIOdrvSJA.sys  (File found, but it contains no detailed information)

"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll

{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - E:\Betriebsprogramme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{2170E0A4-42F2-4EB5-911F-ABC2717F6566} "WebPlus Thumbnail Handler" - "Serif (Europe) Ltd" - C:\Programme\Serif\WebPlus\X2\Program\ThumbnailProvider.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\desktop.ini

"SpeedFan.lnk" - "Almico Software (www.almico.com)" - C:\Programme\SpeedFan\speedfan.exe  (Shortcut exists | File exists)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"ATICustomerCare" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"ENI Server" (ENI Server) - "3S-Smart Software Solutions GmbH" - C:\Programme\3S Software\CoDeSys ENI Server\ENI.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"RT Service 3S KM" (RTService) - "3S-Smart Software Solutions GmbH" - C:\Programme\3S Software\CoDeSys SP RTE\RTService.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und hier das aswMBR-Log

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-21 08:24:01

-----------------------------

08:24:01.781    OS Version: Windows 5.1.2600 Service Pack 3

08:24:01.781    Number of processors: 4 586 0x1707

08:24:01.781    ComputerName: ANDI  UserName: 

08:24:02.265    Initialize success

08:25:14.578    AVAST engine defs: 12012001

08:39:14.921    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

08:39:14.921    Disk 0 Vendor: WDC_WD800JB-00JJA0 05.01C05 Size: 76319MB BusType: 3

08:39:14.937    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e

08:39:14.937    Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3

08:39:14.937    Disk 0 MBR read successfully

08:39:14.937    Disk 0 MBR scan

08:39:14.953    Disk 0 Windows XP default MBR code

08:39:14.984    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        31133 MB offset 63

08:39:15.031    Disk 0 scanning sectors +63761985

08:39:15.093    Disk 0 scanning C:\WINDOWS\system32\drivers

08:39:26.343    Service scanning

08:39:27.125    Modules scanning

08:39:31.843    Disk 0 trace - called modules:

08:39:31.859    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS 

08:39:31.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2cbab8]

08:39:31.859    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a2e6f18]

08:39:31.859    5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a293940]

08:39:31.875    \Driver\atapi[0x8a336d20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7717d60]

08:39:32.062    AVAST engine scan C:\WINDOWS

08:39:37.859    AVAST engine scan C:\WINDOWS\system32

08:43:05.421    File: C:\WINDOWS\system32\perfprocg.dll  **INFECTED** Win32:Diller-B [Trj]

08:45:26.703    AVAST engine scan C:\WINDOWS\system32\drivers

08:46:14.031    AVAST engine scan C:\Dokumente und Einstellungen\Andreas

08:51:35.640    AVAST engine scan C:\Dokumente und Einstellungen\All Users

08:53:04.906    Scan finished successfully

09:00:20.125    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Andreas\Desktop\MBR.dat"

09:00:20.125    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Andreas\Desktop\aswMBR.txt"

Zitat:

"Lrdqlhgvek.job" - ? - C:\WINDOWS\system32\perfprocg.dll (File is exclusively opened, access blocked | File found, but it contains no detailed information)

Bitte mit OSAM deaktivieren und löschen (delete from storage) siehe Anleitung zu osam
Mach anschließend einen Windows-Neustart und wieder ein neues Log mit OSAM

Hi,

hier das neue OSAM-Log:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 11:43:00 on 23.01.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Unable to get information
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys

"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz130" (cpuz130) - ? - C:\DOKUME~1\Andreas\LOKALE~1\Temp\cpuz130\cpuz_x32.sys  (File not found)

"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys

"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"ibpcimpm" (ibpcimpm) - ? - C:\WINDOWS\system32\drivers\ibpcimpm.sys  (File found, but it contains no detailed information)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pnicml" (pnicml) - ? - C:\DOKUME~1\Andreas\LOKALE~1\Temp\pnicml.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"RTE 3S System Driver" (3SRTE) - "3S - Smart Software Solutions GmbH" - C:\WINDOWS\system32\drivers\3SRTE.sys

"RTIOdrvAPIC" (RTIOdrvAPIC) - "3S" - C:\WINDOWS\system32\drivers\RTIOdrvAPIC.sys

"RTIOdrvApplicom" (RTIOdrvApplicom) - ? - C:\WINDOWS\system32\drivers\RTIOdrvApplicom.sys  (File found, but it contains no detailed information)

"RTIOdrvAutomata" (RTIOdrvAutomata) - ? - C:\WINDOWS\system32\drivers\RTIOdrvAutomata.sys  (File found, but it contains no detailed information)

"RTIOdrvCP5613" (RTIOdrvCP5613) - ? - C:\WINDOWS\system32\drivers\RTIOdrvCP5613.sys  (File found, but it contains no detailed information)

"RTIOdrvDAMP" (RTIOdrvDAMP) - ? - C:\WINDOWS\system32\drivers\RTIOdrvDAMP.sys  (File found, but it contains no detailed information)

"RTIOdrvFC310x" (RTIOdrvFC310x) - ? - C:\WINDOWS\system32\drivers\RTIOdrvFC310x.sys  (File found, but it contains no detailed information)

"RTIOdrvHilscherDPM" (RTIOdrvHilscherDPM) - ? - C:\WINDOWS\system32\drivers\RTIOdrvHilscherDPM.sys  (File found, but it contains no detailed information)

"RTIOdrvHMS" (RTIOdrvHMS) - ? - C:\WINDOWS\system32\drivers\RTIOdrvHMS.sys  (File found, but it contains no detailed information)

"RTIOdrvSJA" (RTIOdrvSJA) - ? - C:\WINDOWS\system32\drivers\RTIOdrvSJA.sys  (File found, but it contains no detailed information)

"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll

{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - E:\Betriebsprogramme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{2170E0A4-42F2-4EB5-911F-ABC2717F6566} "WebPlus Thumbnail Handler" - "Serif (Europe) Ltd" - C:\Programme\Serif\WebPlus\X2\Program\ThumbnailProvider.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\desktop.ini

"SpeedFan.lnk" - "Almico Software (www.almico.com)" - C:\Programme\SpeedFan\speedfan.exe  (Shortcut exists | File exists)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"ATICustomerCare" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"ENI Server" (ENI Server) - "3S-Smart Software Solutions GmbH" - C:\Programme\3S Software\CoDeSys ENI Server\ENI.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"RT Service 3S KM" (RTService) - "3S-Smart Software Solutions GmbH" - C:\Programme\3S Software\CoDeSys SP RTE\RTService.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

ok sieht gut aus.
Machst du auch bitte noch ein neues Log mit aswMBR?

hier das aswMBR-Log:

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-23 12:55:05

-----------------------------

12:55:05.796    OS Version: Windows 5.1.2600 Service Pack 3

12:55:05.796    Number of processors: 4 586 0x1707

12:55:05.796    ComputerName: ANDI  UserName: 

12:55:06.234    Initialize success

12:57:45.687    AVAST engine defs: 12012300

12:58:20.843    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

12:58:20.843    Disk 0 Vendor: WDC_WD800JB-00JJA0 05.01C05 Size: 76319MB BusType: 3

12:58:20.843    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e

12:58:20.843    Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3

12:58:20.859    Disk 0 MBR read successfully

12:58:20.859    Disk 0 MBR scan

12:58:20.875    Disk 0 Windows XP default MBR code

12:58:20.875    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        31133 MB offset 63

12:58:20.875    Disk 0 scanning sectors +63761985

12:58:20.937    Disk 0 scanning C:\WINDOWS\system32\drivers

12:58:28.781    Service scanning

12:58:29.578    Modules scanning

12:58:32.812    Disk 0 trace - called modules:

12:58:32.828    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS 

12:58:32.828    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a252ab8]

12:58:32.828    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a2cef18]

12:58:32.828    5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a255940]

12:58:32.828    \Driver\atapi[0x8a2dcf38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7717d60]

12:58:33.281    AVAST engine scan C:\WINDOWS

12:58:37.484    AVAST engine scan C:\WINDOWS\system32

13:00:13.406    AVAST engine scan C:\WINDOWS\system32\drivers

13:00:23.984    AVAST engine scan C:\Dokumente und Einstellungen\Andreas

13:01:52.906    AVAST engine scan C:\Dokumente und Einstellungen\All Users

13:02:15.015    Scan finished successfully

13:10:47.015    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Andreas\Desktop\MBR.dat"

13:10:47.015    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Andreas\Desktop\aswMBRneu.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Ich habe ganz vergessen zu sagen, dass Google wieder problemlos funktioniert.:applaus:
Ich war wohl zu sehr im Freudenrausch, um diese Info auch auf die Tastatur zu bringen! Sorry!:balla:

Soll ich die weiteren Logs trotzdem ausführen?

Ja das sind Kontrollscans! Mach die bitte

Hier die 3 gewünschten Logs:

Malewarebytes-Log

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.24.02
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Andreas :: ANDI [Administrator]
 

Schutz: Aktiviert
 

24.01.2012 10:34:01

mbam-log-2012-01-24 (10-34-01).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 190491

Laufzeit: 4 Minute(n), 21 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Superantispyware-Log

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 01/24/2012 at 11:58 AM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8159

Trace Rules Database Version: 5971
 

Scan type       : Complete Scan

Total Scan Time : 01:13:51
 

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator
 

Memory items scanned      : 639

Memory threats detected   : 0

Registry items scanned    : 22674

Registry threats detected : 0

File items scanned        : 187761

File threats detected     : 20
 

Adware.Tracking Cookie

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@2o7[2].txt [ /2o7 ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@accounts[2].txt [ /accounts ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@ad.360yield[2].txt [ /ad.360yield ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@adfarm1.adition[1].txt [ /adfarm1.adition ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@adform[2].txt [ /adform ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@adx.chip[1].txt [ /adx.chip ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@atdmt[2].txt [ /atdmt ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@bs.serving-sys[1].txt [ /bs.serving-sys ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@comvelgmbh.112.2o7[1].txt [ /comvelgmbh.112.2o7 ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@germanwings.112.2o7[1].txt [ /germanwings.112.2o7 ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@im.banner.t-online[1].txt [ /im.banner.t-online ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@serving-sys[2].txt [ /serving-sys ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@smartadserver[1].txt [ /smartadserver ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@specificclick[1].txt [ /specificclick ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@track.adform[2].txt [ /track.adform ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@tracking.mindshare[2].txt [ /tracking.mindshare ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@www.etracker[1].txt [ /www.etracker ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@karstadt[2].txt [ /de.sitestat.com ]

        C:\Dokumente und Einstellungen\Andreas\Cookies\andreas@karstadt-de[1].txt [ /de.sitestat.com ]

ESET-Log

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5914d444672ada46a9e0c1135a63c892

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-18 10:19:53

# local_time=2012-01-18 11:19:53 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 100 44005 101818080 47642 0

# compatibility_mode=8192 67108863 100 0 3746 3746 0 0

# scanned=180501

# found=2

# cleaned=0

# scan_time=3677

E:\Betriebsprogramme\Unlocker1.9.1.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

${Memory}        probably a variant of Win32/Ponmocup.AA trojan        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5914d444672ada46a9e0c1135a63c892

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-24 12:58:55

# local_time=2012-01-24 01:58:55 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777175 100 0 413277 413277 0 0

# compatibility_mode=8192 67108863 100 0 485179 485179 0 0

# scanned=183259

# found=1

# cleaned=0

# scan_time=6986

E:\Betriebsprogramme\Unlocker1.9.1.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!