Trojaner-Board - Bildschirm bleibt weiß nach dem Hochfahren

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Bildschirm bleibt weiß nach dem Hochfahren (https://www.trojaner-board.de/140135-bildschirm-bleibt-weiss-hochfahren.html)

Bildschirm bleibt weiß nach dem Hochfahren

Hallo,

habe einen Laptop der Marke Asus. Seit Gestern bleibt aber der Bildschirm nach dem Hochfahren weiß. Kann mir einer helfen?

Hallo,

gehe bitte diese Anleitung durch, um nach einer der angegebenen Möglichkeiten einen Diagnosescan zu machen: http://www.trojaner-board.de/139230-...ml#post1124740

Hallo,

habe wie beschrieben eine OTlep-CD gebrannt und versucht zu booten. Läuft auch an, bleibt dann aber hängen. Zweimal kam auch Bluescreen.

HitmanPro funktioniert auch nicht. Bildschirm wird nach dem Hochfahren immer noch weiß.

Gruß

Was hast du denn für ein Betriebssystem? Windows XP, Vista, 7, 8?
Und funktioniert der abgesicherte Modus mit Eingabeaufforderung noch, so dass du dort auf das schwarze Konsolenfenster gelangst?

Laptop Asus, Windows xp.

Ja, komme noch in den abgesicherten Modus rein.

Gruß

Ok, dann mach es bitte so, wie es in der verlinkten Anleitung steht:

Abgesicherter Modus mit Eingabeaufforderung
Kommst du in den abgesicherten Modus mit Eingabeaufforderung (ein schwarzes Eingabefenster erscheint)? Dann gib ein explorer (Enter), lade dir die nötigen Programme auf einen USB-Stick an einem sauberen Computer mit Internetzugang und folge so den Anweisungen der normalen Anleitung.

Kann im abgesicherten Modus keinen Text (explorer) eingeben, gibt nur verschiedene Optionen zum auswählen....bin dort über F5 hingekommen, das meintest Du doch, oder?

Nein, mit dem abgesicherten Modus mit Eingabeaufforderung meine ich das: http://www.trojaner-board.de/63335-w...s-starten.html

Ok, hab ich gemacht, es erschien zunächst ein schwarzer Bildschirm mit ganz viel Text, dann in jeder Ecke Safe Modus und xp startete wieder ganz normal, anfänglich, fuhr wieder runter und startet wieder und dann wieder weißer Bildschirm...was mache ich falsch?

Ah, jetzt hat es geklappt.

So jetzt habe ich einen Scan durchgeführt. Hurra!

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 15:58 on 20/08/2013 (Admin)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...

SPTD -> Already disabled
 
 

-=E.O.F=-

Code:

Checking file system on D:

The type of the file system is FAT32.
 
 

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.                         

Volume Serial Number is A249-E367

Windows has checked the file system and found no problems.
 

   4169248768 bytes total disk space.

       106496 bytes in 2 hidden files.

     21225472 bytes in 9 files.

   4147912704 bytes available on disk.
 

         4096 bytes in each allocation unit.

      1017883 total allocation units on disk.

      1012674 allocation units available on disk.

und zuletzt noch:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03

Ran by Admin (administrator) on 20-08-2013 16:14:26

Running from D:\

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Safe Mode (minimal)
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)

HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)

HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)

HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()

Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)

HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)

HKCU\...\Run: [DrvUpdater] - C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe [192856 2011-09-05] ()

HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)

HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)

HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION 

MountPoints2: {570a61c0-4771-11e1-b151-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c0-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c2-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c4-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c6-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c8-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4ca-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c0-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c4-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c6-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {f2c24540-3837-11e1-93d9-485b399951c9} - D:\AutoRun.exe

MountPoints2: {f7a95340-476a-11e1-9b64-485b399951c9} - D:\.\Setup.exe AUTORUN=1

HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)

HKU\LocalService\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\LocalService\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)

Lsa: [Authentication Packages] msv1_0 nwprovau

Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk

ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk

ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND

URLSearchHook: (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}

SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 

SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = 

BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

Toolbar: HKCU -Ask Toolbar - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: ipp - No CLSID Value - 

Handler: msdaipp - No CLSID Value - 

Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8
 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml

FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
 

========================== Services (Whitelisted) =================
 

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)

S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)

S2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()

S2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)

S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
 

==================== Drivers (Whitelisted) ====================
 

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)

S3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)

S3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))

S2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)

S1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)

S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)

S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)

S1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)

S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)

S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)

S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)

S3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)

R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)

U4 ERSvc; 

S4 IntelIde; No ImagePath

U1 WS2IFSL; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro

2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST

2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable

2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
 

==================== One Month Modified Files and Folders =======
 

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache

2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST

2013-08-20 16:11 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt

2013-08-20 16:11 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-08-20 16:11 - 2011-12-28 18:06 - 01653895 _____ C:\WINDOWS\WindowsUpdate.log

2013-08-20 16:10 - 2013-07-17 19:21 - 00000004 _____ C:\Documents and Settings\Admin\Application Data\cache.ini

2013-08-20 16:10 - 2011-12-28 19:35 - 00000275 _____ C:\WINDOWS\wiadebug.log

2013-08-20 16:10 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini

2013-08-20 16:10 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin

2013-08-20 16:09 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log

2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-08-20 16:07 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable

2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

2013-08-20 15:40 - 2011-12-28 19:32 - 01039698 _____ C:\WINDOWS\setupapi.log

2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC

2013-08-19 19:00 - 2013-06-16 16:21 - 00000254 _____ C:\WINDOWS\Tasks\RMSchedule.job

2013-08-19 16:44 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data

2013-08-19 16:42 - 2012-01-05 19:30 - 00002400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe

[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d 
 

C:\Windows\System32\winlogon.exe

[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117 
 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe

[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a 
 

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Warte in freudiger Erwartung auf Antwort. Ich kann nämlich damit nicht viel anfangen :)

Gruß

Da ist noch mehr drauf...
Mach bitte folgenden Fix und schau dann, ob du den Rechner wieder normal ohne den weissen Bildschirm starten kannst.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION 

C:\Documents and Settings\Admin\Application Data\cache.dat

C:\Documents and Settings\Admin\Application Data\cache.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

So, ich hoffe dass ich das richtig gemacht habe....

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03

Ran by Admin (administrator) on 20-08-2013 16:14:26

Running from D:\

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Safe Mode (minimal)
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)

HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)

HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)

HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()

Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)

HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)

HKCU\...\Run: [DrvUpdater] - C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe [192856 2011-09-05] ()

HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)

HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)

HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION 

MountPoints2: {570a61c0-4771-11e1-b151-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c0-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c2-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c4-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c6-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c8-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4ca-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c0-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c4-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c6-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {f2c24540-3837-11e1-93d9-485b399951c9} - D:\AutoRun.exe

MountPoints2: {f7a95340-476a-11e1-9b64-485b399951c9} - D:\.\Setup.exe AUTORUN=1

HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)

HKU\LocalService\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\LocalService\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)

Lsa: [Authentication Packages] msv1_0 nwprovau

Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk

ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk

ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND

URLSearchHook: (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}

SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 

SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = 

BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

Toolbar: HKCU -Ask Toolbar - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: ipp - No CLSID Value - 

Handler: msdaipp - No CLSID Value - 

Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8
 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml

FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
 

========================== Services (Whitelisted) =================
 

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)

S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)

S2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()

S2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)

S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
 

==================== Drivers (Whitelisted) ====================
 

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)

S3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)

S3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))

S2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)

S1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)

S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)

S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)

S1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)

S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)

S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)

S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)

S3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)

R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)

U4 ERSvc; 

S4 IntelIde; No ImagePath

U1 WS2IFSL; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro

2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST

2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable

2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
 

==================== One Month Modified Files and Folders =======
 

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache

2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST

2013-08-20 16:11 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt

2013-08-20 16:11 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-08-20 16:11 - 2011-12-28 18:06 - 01653895 _____ C:\WINDOWS\WindowsUpdate.log

2013-08-20 16:10 - 2013-07-17 19:21 - 00000004 _____ C:\Documents and Settings\Admin\Application Data\cache.ini

2013-08-20 16:10 - 2011-12-28 19:35 - 00000275 _____ C:\WINDOWS\wiadebug.log

2013-08-20 16:10 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini

2013-08-20 16:10 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin

2013-08-20 16:09 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log

2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-08-20 16:07 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable

2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

2013-08-20 15:40 - 2011-12-28 19:32 - 01039698 _____ C:\WINDOWS\setupapi.log

2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC

2013-08-19 19:00 - 2013-06-16 16:21 - 00000254 _____ C:\WINDOWS\Tasks\RMSchedule.job

2013-08-19 16:44 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data

2013-08-19 16:42 - 2012-01-05 19:30 - 00002400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe

[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d 
 

C:\Windows\System32\winlogon.exe

[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117 
 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe

[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a 
 

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Bis gleich

War natürlich falsch, glaube jetzt habe ich es geschnallt...

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-08-2013 03

Ran by Admin at 2013-08-20 16:40:45 Run:1

Running from D:\

Boot Mode: Safe Mode (minimal)
 

==============================================
 

Content of fixlist:

*****************

HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION 

C:\Documents and Settings\Admin\Application Data\cache.dat

C:\Documents and Settings\Admin\Application Data\cache.ini

         

*****************
 

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.

C:\Documents and Settings\Admin\Application Data\cache.dat => Moved successfully.

C:\Documents and Settings\Admin\Application Data\cache.ini => Moved successfully.
 

==== End of Fixlog ====

Echt genial! Rechner ließ sich starten, ohne dass der Bildschirm weiß wurde!!!!

Muss ich jetzt noch etwas beachten / unternehmen, oder ist meins System jetzt wieder clean / stabil?

Viele erleichterte Grüße!!!!

Ok, dann verschiebe die frst.exe vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

So hier die Daten:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2013 03

Ran by Admin at 2013-08-20 16:53:08

Running from C:\Documents and Settings\Admin\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

7-Zip 9.20 (Version: 9.20.00.0)

Adobe Flash Player 10 Plugin (Version: 10.2.152.26)

Adobe Reader 8 (Version: 8.0.0)

Ask Toolbar

ATK Hotkey (Version: 1.0.0054)

Ava Find (Version: 1.4.112)

Avira AntiVir Personal - Free Antivirus

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dream Aquarium 1.24 (Version: 1.2.4)

DriverPack Solution Updater (HKCU Version: 0.0.25)

Foxit Reader (Version: 5.0.2.718)

HashTab (Version: 3.0.0)

Internet Download Manager

Internet Everywhere (Version: Internet Everywhere)

Java(TM) 6 Update 22 (Version: 6.0.220)

K-Lite Codec Pack 7.5.0 (Full) (Version: 7.5.0)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - SP1 x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Mozilla Firefox 5.0.1 (x86 ru) (Version: 5.0.1)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

Nero 7 Ultra Edition (Version: 7.02.4712)

Opera 11.50 (Version: 11.50.1074)

Punto Switcher (Version: 3.1.1.72)

Realtek High Definition Audio Driver (Version: 5.10.0.6363)

Registry Mechanic 10.0.0.132 (Version: 10.0.0.132)

Unlocker 1.9.0 (Version: 1.9.0)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB2813347-v2) (Version: 2)

USB Disk Security 5.1.0.8

VLC media player 0.9.9 (Version: 0.9.9)

WebFldrs XP (Version: 9.50.7523)

Webshots Desktop

WinRAR archiver

 
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2008-04-14 15:00 - 2008-04-14 15:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: C:\WINDOWS\Tasks\RMSchedule.job => C:\Program Files\Registry Mechanic\RegMech.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller) (User: JOSH)

Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 - Update 'KB2467173' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Admin\LOCALS~1\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130820_164911734-MSI_vc_red.msi.txt.
 

Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller) (User: JOSH)

Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 -- Error 1316.A network error occurred while attempting to read from the file: f:\f708f12e9ae22bf25f836af960442ec1\vcredist.msi
 

Error: (08/20/2013 08:33:12 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

Error: (08/20/2013 08:33:07 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

Error: (08/20/2013 08:33:05 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

Error: (08/20/2013 08:33:05 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
 

System errors:

=============

Error: (08/20/2013 04:49:23 PM) (Source: Windows Update Agent) (User: )

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173).
 

Error: (08/20/2013 04:43:57 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
 

Error: (08/20/2013 04:38:51 PM) (Source: DCOM) (User: JOSH)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 

Error: (08/20/2013 04:32:03 PM) (Source: DCOM) (User: JOSH)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 

Error: (08/20/2013 04:27:20 PM) (Source: DCOM) (User: JOSH)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 

Error: (08/20/2013 04:21:41 PM) (Source: DCOM) (User: JOSH)

Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""

in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 

Error: (08/20/2013 04:13:59 PM) (Source: DCOM) (User: JOSH)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 

Error: (08/20/2013 04:13:39 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
 

Error: (08/20/2013 04:08:06 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
 

Error: (08/20/2013 04:07:50 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 

Microsoft Office Sessions:

=========================

Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller)(User: JOSH)

Description: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319KB24671731603C:\DOCUME~1\Admin\LOCALS~1\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130820_164911734-MSI_vc_red.msi.txt(NULL)
 

Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller)(User: JOSH)

Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 -- Error 1316.A network error occurred while attempting to read from the file: f:\f708f12e9ae22bf25f836af960442ec1\vcredist.msi(NULL)(NULL)(NULL)(NULL)
 

Error: (08/20/2013 08:33:12 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 

Error: (08/20/2013 08:33:07 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 

Error: (08/20/2013 08:33:05 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 

Error: (08/20/2013 08:33:05 PM) (Source: crypt32)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 19%

Total physical RAM: 3069.75 MB

Available physical RAM: 2468.89 MB

Total Pagefile: 4960.1 MB

Available Pagefile: 4516.7 MB

Total Virtual: 2047.88 MB

Available Virtual: 1947.79 MB
 

==================== Drives ================================
 

Drive c: (System) (Fixed) (Total:50.08 GB) (Free:39.21 GB) NTFS

Drive d: (HITMANPRO) (Removable) (Total:3.88 GB) (Free:3.86 GB) FAT32

Drive e: () (Fixed) (Total:97.66 GB) (Free:76.84 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive f: () (Fixed) (Total:150.33 GB) (Free:150.06 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 1929A332)

Partition 1: (Not Active) - (Size=50 GB) - (Type=OF Extended)

Partition 2: (Active) - (Size=98 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: D490A0DA)

Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 

==================== End Of Log ============================

und

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03

Ran by Admin (administrator) on 20-08-2013 16:52:57

Running from C:\Documents and Settings\Admin\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe

(zbshareware, Inc) C:\Program Files\USB Disk Security\USBGuard.exe

(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe

() C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe

(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe

() C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe

(Think Less Do More Services) C:\Program Files\AvaFind\AvaFind.exe

(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe

() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe

(Webshots.com) C:\PROGRA~1\Webshots\webshots.scr

(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)

HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)

HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)

HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()

Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)

HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)

HKCU\...\Run: [DrvUpdater] - C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe [192856 2011-09-05] ()

HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)

HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)

MountPoints2: {570a61c0-4771-11e1-b151-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c0-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c2-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c4-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c6-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4c8-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {ce98d4ca-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c0-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c4-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {df5743c6-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1

MountPoints2: {f2c24540-3837-11e1-93d9-485b399951c9} - D:\AutoRun.exe

MountPoints2: {f7a95340-476a-11e1-9b64-485b399951c9} - D:\.\Setup.exe AUTORUN=1

HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)

HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)

Lsa: [Authentication Packages] msv1_0 nwprovau

Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk

ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk

ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND

URLSearchHook: (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}

SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 

SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = 

BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

Toolbar: HKCU -Ask Toolbar - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: ipp - No CLSID Value - 

Handler: msdaipp - No CLSID Value - 

Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8
 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml

FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)

R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()

R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)

S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
 

==================== Drivers (Whitelisted) ====================
 

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)

R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)

R3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))

R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)

R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)

S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)

S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)

R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)

S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)

R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)

R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)

R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)

R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)

U4 ERSvc; 

S4 IntelIde; No ImagePath

U1 WS2IFSL; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro

2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST

2013-08-20 16:00 - 2013-08-20 16:01 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe

2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable

2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
 

==================== One Month Modified Files and Folders =======
 

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache

2013-08-20 16:51 - 2011-12-28 18:06 - 01693612 _____ C:\WINDOWS\WindowsUpdate.log

2013-08-20 16:45 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log

2013-08-20 16:45 - 2011-12-28 19:35 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-08-20 16:45 - 2011-12-28 19:33 - 00004016 _____ C:\WINDOWS\regopt.log

2013-08-20 16:45 - 2011-12-28 19:32 - 01039924 _____ C:\WINDOWS\setupapi.log

2013-08-20 16:45 - 2011-12-28 19:31 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG

2013-08-20 16:44 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-08-20 16:43 - 2011-12-28 18:25 - 00000042 ___SH C:\Documents and Settings\Admin\ntuser.ini

2013-08-20 16:22 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST

2013-08-20 16:11 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt

2013-08-20 16:10 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin

2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-08-20 16:01 - 2013-08-20 16:00 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe

2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable

2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC

2013-08-19 19:00 - 2013-06-16 16:21 - 00000254 _____ C:\WINDOWS\Tasks\RMSchedule.job

2013-08-19 16:44 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data

2013-08-19 16:42 - 2012-01-05 19:30 - 00002400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe

[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d 
 

C:\Windows\System32\winlogon.exe

[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117 
 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe

[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a 
 

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Und jetzt?

Wo kann man so was eigentlich lernen? Gibt es dafür Kurse? Echt genial!

So weiter:

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es eine Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Log von FRST

Adwcleaner lässt sich nicht installieren, wird blockiert von Avira

Kann ich es auch vom Stick aus starten?

Alles klar, habs hinbekommen