Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bildschirm bleibt weiß nach dem Hochfahren (https://www.trojaner-board.de/140135-bildschirm-bleibt-weiss-hochfahren.html)

Awadu03 20.08.2013 09:59
Bildschirm bleibt weiß nach dem Hochfahren
 
Hallo,

habe einen Laptop der Marke Asus. Seit Gestern bleibt aber der Bildschirm nach dem Hochfahren weiß. Kann mir einer helfen?

aharonov 20.08.2013 10:49
Hallo,

gehe bitte diese Anleitung durch, um nach einer der angegebenen Möglichkeiten einen Diagnosescan zu machen: http://www.trojaner-board.de/139230-...ml#post1124740

Awadu03 20.08.2013 13:32
Hallo,

habe wie beschrieben eine OTlep-CD gebrannt und versucht zu booten. Läuft auch an, bleibt dann aber hängen. Zweimal kam auch Bluescreen.

HitmanPro funktioniert auch nicht. Bildschirm wird nach dem Hochfahren immer noch weiß.

Gruß

aharonov 20.08.2013 13:39
Was hast du denn für ein Betriebssystem? Windows XP, Vista, 7, 8?
Und funktioniert der abgesicherte Modus mit Eingabeaufforderung noch, so dass du dort auf das schwarze Konsolenfenster gelangst?

Awadu03 20.08.2013 13:46
Laptop Asus, Windows xp.

Ja, komme noch in den abgesicherten Modus rein.

Gruß

aharonov 20.08.2013 13:51
Ok, dann mach es bitte so, wie es in der verlinkten Anleitung steht:
  • Abgesicherter Modus mit Eingabeaufforderung
    Kommst du in den abgesicherten Modus mit Eingabeaufforderung (ein schwarzes Eingabefenster erscheint)? Dann gib ein explorer (Enter), lade dir die nötigen Programme auf einen USB-Stick an einem sauberen Computer mit Internetzugang und folge so den Anweisungen der normalen Anleitung.

Awadu03 20.08.2013 14:03
Kann im abgesicherten Modus keinen Text (explorer) eingeben, gibt nur verschiedene Optionen zum auswählen....bin dort über F5 hingekommen, das meintest Du doch, oder?

aharonov 20.08.2013 14:09
Nein, mit dem abgesicherten Modus mit Eingabeaufforderung meine ich das: http://www.trojaner-board.de/63335-w...s-starten.html

Awadu03 20.08.2013 15:20
Ok, hab ich gemacht, es erschien zunächst ein schwarzer Bildschirm mit ganz viel Text, dann in jeder Ecke Safe Modus und xp startete wieder ganz normal, anfänglich, fuhr wieder runter und startet wieder und dann wieder weißer Bildschirm...was mache ich falsch?

Ah, jetzt hat es geklappt.

So jetzt habe ich einen Scan durchgeführt. Hurra!

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:58 on 20/08/2013 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
Code:
Checking file system on D:
The type of the file system is FAT32.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                       
Volume Serial Number is A249-E367
Windows has checked the file system and found no problems.

  4169248768 bytes total disk space.
      106496 bytes in 2 hidden files.
    21225472 bytes in 9 files.
  4147912704 bytes available on disk.

        4096 bytes in each allocation unit.
      1017883 total allocation units on disk.
      1012674 allocation units available on disk.
und zuletzt noch:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Admin (administrator) on 20-08-2013 16:14:26
Running from D:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)
HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)
HKCU\...\Run: [DrvUpdater] - C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe [192856 2011-09-05] ()
HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION
MountPoints2: {570a61c0-4771-11e1-b151-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c0-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c2-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c4-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c6-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c8-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4ca-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c0-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c4-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c6-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {f2c24540-3837-11e1-93d9-485b399951c9} - D:\AutoRun.exe
MountPoints2: {f7a95340-476a-11e1-9b64-485b399951c9} - D:\.\Setup.exe AUTORUN=1
HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
HKU\LocalService\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\LocalService\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND
URLSearchHook: (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL =
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKCU -Ask Toolbar - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)
S2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
S2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)
S3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
S3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))
S2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)
S1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)
S1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
S3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
U4 ERSvc;
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

==================== One Month Modified Files and Folders =======

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:11 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-20 16:11 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-20 16:11 - 2011-12-28 18:06 - 01653895 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-20 16:10 - 2013-07-17 19:21 - 00000004 _____ C:\Documents and Settings\Admin\Application Data\cache.ini
2013-08-20 16:10 - 2011-12-28 19:35 - 00000275 _____ C:\WINDOWS\wiadebug.log
2013-08-20 16:10 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-08-20 16:10 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin
2013-08-20 16:09 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-20 16:07 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-20 15:40 - 2011-12-28 19:32 - 01039698 _____ C:\WINDOWS\setupapi.log
2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC
2013-08-19 19:00 - 2013-06-16 16:21 - 00000254 _____ C:\WINDOWS\Tasks\RMSchedule.job
2013-08-19 16:44 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data
2013-08-19 16:42 - 2012-01-05 19:30 - 00002400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Warte in freudiger Erwartung auf Antwort. Ich kann nämlich damit nicht viel anfangen :)

Gruß

aharonov 20.08.2013 15:28
Da ist noch mehr drauf...
Mach bitte folgenden Fix und schau dann, ob du den Rechner wieder normal ohne den weissen Bildschirm starten kannst.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION
C:\Documents and Settings\Admin\Application Data\cache.dat
C:\Documents and Settings\Admin\Application Data\cache.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Awadu03 20.08.2013 15:47
So, ich hoffe dass ich das richtig gemacht habe....

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Admin (administrator) on 20-08-2013 16:14:26
Running from D:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)
HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)
HKCU\...\Run: [DrvUpdater] - C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe [192856 2011-09-05] ()
HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION
MountPoints2: {570a61c0-4771-11e1-b151-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c0-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c2-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c4-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c6-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c8-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4ca-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c0-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c4-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c6-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {f2c24540-3837-11e1-93d9-485b399951c9} - D:\AutoRun.exe
MountPoints2: {f7a95340-476a-11e1-9b64-485b399951c9} - D:\.\Setup.exe AUTORUN=1
HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
HKU\LocalService\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\LocalService\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND
URLSearchHook: (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL =
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKCU -Ask Toolbar - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)
S2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
S2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)
S3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
S3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))
S2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)
S1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)
S1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
S3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
U4 ERSvc;
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

==================== One Month Modified Files and Folders =======

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:11 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-20 16:11 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-20 16:11 - 2011-12-28 18:06 - 01653895 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-20 16:10 - 2013-07-17 19:21 - 00000004 _____ C:\Documents and Settings\Admin\Application Data\cache.ini
2013-08-20 16:10 - 2011-12-28 19:35 - 00000275 _____ C:\WINDOWS\wiadebug.log
2013-08-20 16:10 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-08-20 16:10 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin
2013-08-20 16:09 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-20 16:07 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-20 15:40 - 2011-12-28 19:32 - 01039698 _____ C:\WINDOWS\setupapi.log
2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC
2013-08-19 19:00 - 2013-06-16 16:21 - 00000254 _____ C:\WINDOWS\Tasks\RMSchedule.job
2013-08-19 16:44 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data
2013-08-19 16:42 - 2012-01-05 19:30 - 00002400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Bis gleich

War natürlich falsch, glaube jetzt habe ich es geschnallt...

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-08-2013 03
Ran by Admin at 2013-08-20 16:40:45 Run:1
Running from D:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Admin\Application Data\cache.dat [99328 2010-12-09] () <==== ATTENTION
C:\Documents and Settings\Admin\Application Data\cache.dat
C:\Documents and Settings\Admin\Application Data\cache.ini
       
*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.
C:\Documents and Settings\Admin\Application Data\cache.dat => Moved successfully.
C:\Documents and Settings\Admin\Application Data\cache.ini => Moved successfully.

==== End of Fixlog ====
Echt genial! Rechner ließ sich starten, ohne dass der Bildschirm weiß wurde!!!!

Muss ich jetzt noch etwas beachten / unternehmen, oder ist meins System jetzt wieder clean / stabil?

Viele erleichterte Grüße!!!!

aharonov 20.08.2013 15:47
Ok, dann verschiebe die frst.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Awadu03 20.08.2013 15:59
So hier die Daten:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2013 03
Ran by Admin at 2013-08-20 16:53:08
Running from C:\Documents and Settings\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20 (Version: 9.20.00.0)
Adobe Flash Player 10 Plugin (Version: 10.2.152.26)
Adobe Reader 8 (Version: 8.0.0)
Ask Toolbar
ATK Hotkey (Version: 1.0.0054)
Ava Find (Version: 1.4.112)
Avira AntiVir Personal - Free Antivirus
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dream Aquarium 1.24 (Version: 1.2.4)
DriverPack Solution Updater (HKCU Version: 0.0.25)
Foxit Reader (Version: 5.0.2.718)
HashTab (Version: 3.0.0)
Internet Download Manager
Internet Everywhere (Version: Internet Everywhere)
Java(TM) 6 Update 22 (Version: 6.0.220)
K-Lite Codec Pack 7.5.0 (Full) (Version: 7.5.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - SP1 x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 5.0.1 (x86 ru) (Version: 5.0.1)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
Nero 7 Ultra Edition (Version: 7.02.4712)
Opera 11.50 (Version: 11.50.1074)
Punto Switcher (Version: 3.1.1.72)
Realtek High Definition Audio Driver (Version: 5.10.0.6363)
Registry Mechanic 10.0.0.132 (Version: 10.0.0.132)
Unlocker 1.9.0 (Version: 1.9.0)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2813347-v2) (Version: 2)
USB Disk Security 5.1.0.8
VLC media player 0.9.9 (Version: 0.9.9)
WebFldrs XP (Version: 9.50.7523)
Webshots Desktop
WinRAR archiver
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2008-04-14 15:00 - 2008-04-14 15:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\RMSchedule.job => C:\Program Files\Registry Mechanic\RegMech.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller) (User: JOSH)
Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 - Update 'KB2467173' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Admin\LOCALS~1\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130820_164911734-MSI_vc_red.msi.txt.

Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller) (User: JOSH)
Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 -- Error 1316.A network error occurred while attempting to read from the file: f:\f708f12e9ae22bf25f836af960442ec1\vcredist.msi

Error: (08/20/2013 08:33:12 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/20/2013 08:33:07 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/20/2013 08:33:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/20/2013 08:33:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (08/20/2013 04:49:23 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173).

Error: (08/20/2013 04:43:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2013 04:38:51 PM) (Source: DCOM) (User: JOSH)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2013 04:32:03 PM) (Source: DCOM) (User: JOSH)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2013 04:27:20 PM) (Source: DCOM) (User: JOSH)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2013 04:21:41 PM) (Source: DCOM) (User: JOSH)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (08/20/2013 04:13:59 PM) (Source: DCOM) (User: JOSH)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/20/2013 04:13:39 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2013 04:08:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2013 04:07:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller)(User: JOSH)
Description: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319KB24671731603C:\DOCUME~1\Admin\LOCALS~1\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130820_164911734-MSI_vc_red.msi.txt(NULL)

Error: (08/20/2013 04:49:17 PM) (Source: MsiInstaller)(User: JOSH)
Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 -- Error 1316.A network error occurred while attempting to read from the file: f:\f708f12e9ae22bf25f836af960442ec1\vcredist.msi(NULL)(NULL)(NULL)(NULL)

Error: (08/20/2013 08:33:12 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/20/2013 08:33:07 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/20/2013 08:33:06 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/20/2013 08:33:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/20/2013 08:33:05 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3069.75 MB
Available physical RAM: 2468.89 MB
Total Pagefile: 4960.1 MB
Available Pagefile: 4516.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.79 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:50.08 GB) (Free:39.21 GB) NTFS
Drive d: (HITMANPRO) (Removable) (Total:3.88 GB) (Free:3.86 GB) FAT32
Drive e: () (Fixed) (Total:97.66 GB) (Free:76.84 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Fixed) (Total:150.33 GB) (Free:150.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 1929A332)
Partition 1: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: D490A0DA)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
und


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Admin (administrator) on 20-08-2013 16:52:57
Running from C:\Documents and Settings\Admin\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(zbshareware, Inc) C:\Program Files\USB Disk Security\USBGuard.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
() C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
() C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe
(Think Less Do More Services) C:\Program Files\AvaFind\AvaFind.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
(Webshots.com) C:\PROGRA~1\Webshots\webshots.scr
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)
HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)
HKCU\...\Run: [DrvUpdater] - C:\Documents and Settings\Admin\Application Data\DRPSu\DrvUpdater.exe [192856 2011-09-05] ()
HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
MountPoints2: {570a61c0-4771-11e1-b151-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c0-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c2-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c4-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c6-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4c8-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {ce98d4ca-e305-11e2-a58d-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c0-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c4-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {df5743c6-e321-11e2-bd3f-485b399951c9} - D:\.\Setup.exe AUTORUN=1
MountPoints2: {f2c24540-3837-11e1-93d9-485b399951c9} - D:\AutoRun.exe
MountPoints2: {f7a95340-476a-11e1-9b64-485b399951c9} - D:\.\Setup.exe AUTORUN=1
HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND
URLSearchHook: (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL =
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
Toolbar: HKCU -Ask Toolbar - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)
R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
R3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
U4 ERSvc;
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:00 - 2013-08-20 16:01 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

==================== One Month Modified Files and Folders =======

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 16:51 - 2011-12-28 18:06 - 01693612 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-20 16:45 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-20 16:45 - 2011-12-28 19:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-20 16:45 - 2011-12-28 19:33 - 00004016 _____ C:\WINDOWS\regopt.log
2013-08-20 16:45 - 2011-12-28 19:32 - 01039924 _____ C:\WINDOWS\setupapi.log
2013-08-20 16:45 - 2011-12-28 19:31 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2013-08-20 16:44 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-20 16:43 - 2011-12-28 18:25 - 00000042 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-08-20 16:22 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:11 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-20 16:10 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin
2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-20 16:01 - 2013-08-20 16:00 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC
2013-08-19 19:00 - 2013-06-16 16:21 - 00000254 _____ C:\WINDOWS\Tasks\RMSchedule.job
2013-08-19 16:44 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data
2013-08-19 16:42 - 2012-01-05 19:30 - 00002400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Und jetzt?

Wo kann man so was eigentlich lernen? Gibt es dafür Kurse? Echt genial!

aharonov 20.08.2013 15:59
So weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
    Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es eine Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von FRST

Awadu03 20.08.2013 16:09
Adwcleaner lässt sich nicht installieren, wird blockiert von Avira

Kann ich es auch vom Stick aus starten?

Alles klar, habs hinbekommen

aharonov 20.08.2013 16:12
Dann deaktiviere Avira temporär.

Awadu03 20.08.2013 16:48
So hier die Berichte vom ADWCleaner:
Code:
# AdwCleaner v3.000 - Report created 20/08/2013 at 17:09:32
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - JOSH
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\Admin\Application Data\registry mechanic
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\registry mechanic
Folder Found C:\Program Files\AskTBar
Folder Found C:\Program Files\registry mechanic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DrvUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v5.0.1 (ru)

[ File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2991 octets] - [20/08/2013 17:09:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3051 octets] ##########
und

Code:
# AdwCleaner v3.000 - Report created 20/08/2013 at 17:10:11
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - JOSH
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Documents and Settings\Admin\Application Data\registry mechanic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DrvUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v5.0.1 (ru)

[ File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3131 octets] - [20/08/2013 17:09:32]
AdwCleaner[S0].txt - [3110 octets] - [20/08/2013 17:10:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3170 octets] ##########
So, hier die Daten von ComboFix

Code:
ComboFix 13-08-19.02 - Admin 20.08.2013  17:34:08.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2446 [GMT 3:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((  Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 17:36 . 2013-08-20 17:36        --------        d-sh--w-        c:\documents and settings\Admin\IECompatCache
2013-08-20 17:30 . 2013-08-20 17:37        --------        d-----w-        c:\documents and settings\All Users\Application Data\HitmanPro
2013-08-20 14:08 . 2013-08-20 14:10        --------        d-----w-        C:\AdwCleaner
2013-08-20 13:14 . 2013-08-20 13:14        --------        d-----w-        C:\FRST
2013-08-20 12:45 . 2013-08-20 12:45        --------        d-----w-        c:\program files\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 21:56 . 2010-09-10 05:57        920064        ----a-w-        c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2010-09-09 18:03        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2011-12-28 15:05        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-06-07 20:55 . 2009-03-07 20:35        385024        ----a-w-        c:\windows\system32\html.iec
2013-06-04 07:23 . 2008-04-14 12:00        562688        ----a-w-        c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2010-08-31 13:38        1876736        ----a-w-        c:\windows\system32\win32k.sys
2011-07-08 07:52 . 2011-12-28 15:44        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-13 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-29 21:53        72336        ----a-w-        c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
"AvaFind"="c:\program files\AvaFind\AvaFind.exe" [2007-12-22 295936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-10-26 174720]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-08-16 798720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TimeServer"="c:\documents and settings\Admin\Application Data\Opera\WIN7.exe" [2013-07-15 135168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe  /t [2011-12-30 45056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Launcher.lnk - c:\program files\InternetEverywhere\InternetEverywhere_Launcher.exe [2012-1-25 472528]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages        REG_MULTI_SZ          msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders        schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [13.10.2010 07:47 189448]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [28.12.2011 18:03 78328]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.12.2011 20:15 108289]
R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\InternetEverywhere\InternetEverywhere_Service.exe [25.01.2012 19:29 316880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13.10.2010 07:47 101904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [28.12.2011 18:41 140376]
R3 JME;JMicron Ethernet Adapter NDIS5.1 Driver;c:\windows\system32\drivers\JME.sys [28.12.2011 18:40 83088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.12.2011 18:42 1691480]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [25.01.2012 19:29 100224]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25.01.2012 19:29 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [25.01.2012 19:29 103040]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.12.2011 18:07 436792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uDefault_Search_URL = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: NameServer = 41.190.192.172,8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-20 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,e0,14,a6,6c,b2,79,78,c6,08,dc,ee,1b,2c,de,34,19,81,00,14,d0,
  97,42,8f,20,97,e2,bf,f0,e6,39,c7,6c,f5,69,93,58,6b,c4,13,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f5fe3fea-a8d3-43b1-b068-546217191eb9}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
  1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-20  17:37:18
ComboFix-quarantined-files.txt  2013-08-20 14:37
ComboFix2.txt  2013-08-20 14:26
.
Pre-Run: 43.023.130.624 bytes free
Post-Run: 43.006.173.184 bytes free
.
- - End Of File - - B2A5B3CC3358405F867374FC5480796D
8F558EB6672622401DA993E1E865C861
So, und der letzte Bericht:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Admin (administrator) on 20-08-2013 17:44:58
Running from C:\Documents and Settings\Admin\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(zbshareware, Inc) C:\Program Files\USB Disk Security\USBGuard.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Think Less Do More Services) C:\Program Files\AvaFind\AvaFind.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
(Webshots.com) C:\PROGRA~1\Webshots\webshots.scr
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)
HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)
HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL =
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)
R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 ERSvc; %SystemRoot%\System32\ersvc.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
R3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:37 - 2013-08-20 17:37 - 00009983 _____ C:\ComboFix.txt
2013-08-20 17:32 - 2013-08-20 17:39 - 00000000 ____D C:\ComboFix
2013-08-20 17:20 - 2013-08-20 17:37 - 00000000 ____D C:\Qoobox
2013-08-20 17:20 - 2013-08-20 17:25 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:20 - 2011-06-26 09:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-20 17:20 - 2010-11-07 20:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-20 17:20 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-20 17:18 - 2013-08-20 17:19 - 05106564 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\ComboFix.exe
2013-08-20 17:08 - 2013-08-20 17:10 - 00000000 ____D C:\AdwCleaner
2013-08-20 17:01 - 2013-08-20 17:02 - 00975858 _____ C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:00 - 2013-08-20 16:01 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

==================== One Month Modified Files and Folders =======

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 17:45 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data
2013-08-20 17:45 - 2011-12-28 18:06 - 01727707 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-20 17:44 - 2012-01-05 19:30 - 00003000 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:43 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-20 17:43 - 2011-12-28 19:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\ime
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\Help
2013-08-20 17:43 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-20 17:42 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-08-20 17:42 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin
2013-08-20 17:42 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-20 17:39 - 2013-08-20 17:32 - 00000000 ____D C:\ComboFix
2013-08-20 17:37 - 2013-08-20 17:37 - 00009983 _____ C:\ComboFix.txt
2013-08-20 17:37 - 2013-08-20 17:20 - 00000000 ____D C:\Qoobox
2013-08-20 17:36 - 2008-04-14 15:00 - 00000246 _____ C:\WINDOWS\system.ini
2013-08-20 17:32 - 2011-12-28 18:04 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-08-20 17:25 - 2013-08-20 17:20 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:19 - 2013-08-20 17:18 - 05106564 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\ComboFix.exe
2013-08-20 17:10 - 2013-08-20 17:08 - 00000000 ____D C:\AdwCleaner
2013-08-20 17:02 - 2013-08-20 17:01 - 00975858 _____ C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
2013-08-20 16:45 - 2011-12-28 19:33 - 00004016 _____ C:\WINDOWS\regopt.log
2013-08-20 16:45 - 2011-12-28 19:32 - 01039924 _____ C:\WINDOWS\setupapi.log
2013-08-20 16:45 - 2011-12-28 19:31 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2013-08-20 16:22 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-20 16:01 - 2013-08-20 16:00 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Ich hoffe war alles richtig?

aharonov 20.08.2013 16:54
Bei Combofix hat die Installation der Wiederherstellungskonsole nicht geklappt. Diese braucht es aber:

Gehe auf die Mircosoft Seite => http://support.microsoft.com/?scid=kb%3Bde%3B310994&x=21&y=12

Wähle den Download, der für dein Betriebssystem bestimmt ist:
Hinweis: Für WinXP Sp3 wähle die Sp2 Version.

http://i94.photobucket.com/albums/l8...ungskonsol.png

Lade die Datei herunter und speichere diese mit dem original Namen, neben ComboFix.exe ab.

http://i94.photobucket.com/albums/l8...onsole_ani.gif

Nun schließe alle offenen Programme und Fenster, inklusive der Antiviren und Antimalware Programme. Dies ist notwendig, damit kein Program den Suchlauf von ComboFix behindert.
  • Ziehe die Setupdatei auf ComboFix.exe und lasse es los.
  • Folge den Aufforderungen um ComboFix zu starten und wenn Du dazu aufgefordert wirst, stimme den Nutzungsbedingungen zu um die Wiederherstellungskonsole zu installieren.
  • Bei der nächsten Eingabeaufforderung, klicke auf "Yes" um den vollständigen Suchlauf von ComboFix zu starten.
  • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Awadu03 20.08.2013 19:17
So, hier der neue Bericht:

Code:
ComboFix 13-08-19.02 - Admin 20.08.2013  18:19:21.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2443 [GMT 3:00]
Running from: c:\documents and settings\Admin\Desktop\Do not open!\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\Do not open!\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
.
(((((((((((((((((((((((((  Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 17:36 . 2013-08-20 17:36        --------        d-sh--w-        c:\documents and settings\Admin\IECompatCache
2013-08-20 17:30 . 2013-08-20 17:37        --------        d-----w-        c:\documents and settings\All Users\Application Data\HitmanPro
2013-08-20 14:43 . 2013-08-20 14:43        --------        d-----w-        c:\windows\system32\xircom
2013-08-20 14:43 . 2013-08-20 14:43        --------        d-----w-        c:\windows\system32\wbem\snmp
2013-08-20 14:43 . 2013-08-20 14:43        --------        d-----w-        c:\windows\srchasst
2013-08-20 14:43 . 2013-08-20 14:43        --------        d-----w-        c:\program files\microsoft frontpage
2013-08-20 14:08 . 2013-08-20 14:10        --------        d-----w-        C:\AdwCleaner
2013-08-20 13:14 . 2013-08-20 13:14        --------        d-----w-        C:\FRST
2013-08-20 12:45 . 2013-08-20 12:45        --------        d-----w-        c:\program files\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 21:56 . 2010-09-10 05:57        920064        ----a-w-        c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2010-09-09 18:03        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2011-12-28 15:05        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-06-07 20:55 . 2009-03-07 20:35        385024        ----a-w-        c:\windows\system32\html.iec
2013-06-04 07:23 . 2008-04-14 12:00        562688        ----a-w-        c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2010-08-31 13:38        1876736        ----a-w-        c:\windows\system32\win32k.sys
2011-07-08 07:52 . 2011-12-28 15:44        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-13 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-29 21:53        72336        ----a-w-        c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
"AvaFind"="c:\program files\AvaFind\AvaFind.exe" [2007-12-22 295936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-10-26 174720]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-08-16 798720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TimeServer"="c:\documents and settings\Admin\Application Data\Opera\WIN7.exe" [2013-07-15 135168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe  /t [2011-12-30 45056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Launcher.lnk - c:\program files\InternetEverywhere\InternetEverywhere_Launcher.exe [2012-1-25 472528]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages        REG_MULTI_SZ          msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders        schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [13.10.2010 07:47 189448]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [28.12.2011 18:03 78328]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.12.2011 20:15 108289]
R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\InternetEverywhere\InternetEverywhere_Service.exe [25.01.2012 19:29 316880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13.10.2010 07:47 101904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [28.12.2011 18:41 140376]
R3 JME;JMicron Ethernet Adapter NDIS5.1 Driver;c:\windows\system32\drivers\JME.sys [28.12.2011 18:40 83088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.12.2011 18:42 1691480]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [25.01.2012 19:29 100224]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25.01.2012 19:29 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [25.01.2012 19:29 103040]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.12.2011 18:07 436792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uDefault_Search_URL = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: NameServer = 41.190.192.172,8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-20 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,e0,14,a6,6c,b2,79,78,c6,08,dc,ee,1b,2c,de,34,19,81,00,14,d0,
  97,42,8f,20,97,e2,bf,f0,e6,39,c7,6c,f5,69,93,58,6b,c4,13,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f5fe3fea-a8d3-43b1-b068-546217191eb9}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
  1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-20  18:22:44
ComboFix-quarantined-files.txt  2013-08-20 15:22
ComboFix2.txt  2013-08-20 14:37
ComboFix3.txt  2013-08-20 14:26
.
Pre-Run: 43.008.516.096 bytes free
Post-Run: 42.991.951.872 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
.
- - End Of File - - C06241ED51784DF89BAA2E1B1F0569E6
8F558EB6672622401DA993E1E865C861
Bitte schön.

Ich sage schon einmal vielen, vieln Dank an dieser Stelle!

Werde das Forum hier auf alle Fälle weiterempfehlen.

Muss jetzt leider los einen anderen Termin wahrnehmen, schaue aber heute Abend nochmal rein.

Vielen Dank nochmal für die super Hilfe!

Hallo,

ist jetzt alles in Ordnung so?

Gruß

aharonov 20.08.2013 19:20
Da ist immer noch Malware drauf..


Schritt 1

Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
  • Klicke auf Wählen Sie eine.
  • Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
    Code:
    c:\windows\system32\drivers\tcpip.sys
    und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Solltest du folgende Meldung bekommen:
    Zitat:
    Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...
    dann klicke auf Neu analysieren.
  • Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Link zur VT-Analyse
  • Log von FRST

Awadu03 22.08.2013 07:48
Hallo,

bin zurzeit nicht zu Hause, dauert eventuell bis Montag, bis ich das machen kann.

Gruß Awadu

aharonov 22.08.2013 11:37
Ok, alles klar, danke für die Mitteilung.

Awadu03 23.08.2013 08:50
Hallo,
habe den Rechner jetzt wieder zur Verfügung. Wollte wie beschrieben weiter machen, komme aber nicht ins Internet rein mit dem Ding.

Kann man Virustotal auch irgendwo downloaden?

Gruß Awadu

aharonov 23.08.2013 12:09
Also ist der Rechner bewusst vom Internet getrennt oder sollte es eigentlich funktionieren aber tut es nicht?

Awadu03 23.08.2013 12:16
Sollte eigentlich funktionieren, tut es aber nicht.

aharonov 23.08.2013 12:18
ok.


Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



Awadu03 23.08.2013 12:31
So hier:

Code:
Farbar Service Scanner Version: 18-08-2013
Ran by Admin (administrator) on 23-08-2013 at 14:28:59
Running from "D:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2010-10-13 07:47] - [2010-10-13 07:47] - 0361600 ____A (Microsoft Corporation) 474D3DCCB57DEFCD917311EEC47204B9

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

aharonov 23.08.2013 12:35
Hm, da ist nichts zu sehen.
Mach bitte weiter mit dem Schritt 2 aus letzter Anleitung (frisches FRST-Log).

Awadu03 23.08.2013 12:44
Here you are:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Admin (administrator) on 23-08-2013 14:41:22
Running from C:\Documents and Settings\Admin\Desktop\Do not open!
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(zbshareware, Inc) C:\Program Files\USB Disk Security\USBGuard.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Think Less Do More Services) C:\Program Files\AvaFind\AvaFind.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
( ) C:\Documents and Settings\Admin\Local Settings\Minerd\reader.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Webshots.com) C:\PROGRA~1\Webshots\webshots.scr
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)
HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)
HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKCU\...\Policies\Explorer\Run: [1] C:\Documents and Settings\Admin\Local Settings\Minerd\reader.exe [186012 2013-08-21] ( ( ))
HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL =
SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL =
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)
R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 ERSvc; %SystemRoot%\System32\ersvc.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
R3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 10:25 - 2013-08-23 10:25 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2506212
2013-08-23 10:23 - 2013-08-23 10:23 - 00000501 _____ C:\WINDOWS\nsw.log
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\MPlayer2
2013-08-22 08:58 - 2013-08-23 10:07 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2536276-v2
2013-08-22 01:15 - 2013-08-22 01:15 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2510531-IE8
2013-08-21 19:38 - 2013-08-21 19:38 - 00000000 __SHD C:\Documents and Settings\Admin\Local Settings\Application Data\USB Disk Security_is1
2013-08-21 19:36 - 2013-08-21 19:37 - 00014417 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-21 19:35 - 2013-08-21 19:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-21 19:34 - 2013-08-21 19:34 - 00008742 _____ C:\WINDOWS\KB2859537.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00007854 _____ C:\WINDOWS\KB2863058.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-21 18:50 - 2013-08-21 18:50 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB931906
2013-08-21 17:49 - 2013-08-21 18:50 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2807986
2013-08-21 16:14 - 2013-05-28 04:59 - 00590848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcrt4.dll
2013-08-21 16:12 - 2013-08-23 14:26 - 00000000 ____D C:\DOCUME~1\Admin\LOCALS~1\Minerd
2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 18:22 - 2013-08-20 18:22 - 00010761 _____ C:\ComboFix.txt
2013-08-20 18:18 - 2013-08-20 18:23 - 00000000 ____D C:\ComboFix
2013-08-20 17:53 - 2013-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Admin\Desktop\Do not open!
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:20 - 2013-08-20 18:22 - 00000000 ____D C:\Qoobox
2013-08-20 17:20 - 2013-08-20 17:25 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:20 - 2011-06-26 09:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-20 17:20 - 2010-11-07 20:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-20 17:20 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-20 17:08 - 2013-08-20 17:10 - 00000000 ____D C:\AdwCleaner
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

==================== One Month Modified Files and Folders =======

2013-08-23 14:41 - 2013-08-20 17:53 - 00000000 ____D C:\Documents and Settings\Admin\Desktop\Do not open!
2013-08-23 14:27 - 2011-12-28 18:06 - 01163485 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-23 14:26 - 2013-08-21 16:12 - 00000000 ____D C:\DOCUME~1\Admin\LOCALS~1\Minerd
2013-08-23 14:25 - 2013-08-23 14:25 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2544893-v2
2013-08-23 14:25 - 2013-08-23 10:25 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2506212
2013-08-23 14:25 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-23 14:25 - 2011-12-28 19:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-23 14:25 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-23 13:05 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-08-23 10:33 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-23 10:32 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin
2013-08-23 10:25 - 2013-08-23 10:07 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\MPlayer2
2013-08-23 10:23 - 2013-08-23 10:23 - 00000501 _____ C:\WINDOWS\nsw.log
2013-08-23 10:23 - 2011-12-28 19:32 - 00007172 _____ C:\WINDOWS\setupapi.log
2013-08-23 10:07 - 2013-08-22 08:58 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2536276-v2
2013-08-23 10:06 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-22 08:58 - 2013-08-22 01:15 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2510531-IE8
2013-08-22 01:15 - 2013-08-21 19:38 - 00000000 __SHD C:\Documents and Settings\Admin\Local Settings\Application Data\USB Disk Security_is1
2013-08-21 19:39 - 2013-08-21 18:50 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB931906
2013-08-21 19:37 - 2013-08-21 19:36 - 00014417 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-21 19:37 - 2013-07-14 23:13 - 00017326 _____ C:\WINDOWS\updspapi.log
2013-08-21 19:37 - 2013-07-14 23:12 - 00000000 ____D C:\WINDOWS\ie8updates
2013-08-21 19:37 - 2011-12-28 19:33 - 00507077 _____ C:\WINDOWS\iis6.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00431083 _____ C:\WINDOWS\FaxSetup.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00290273 _____ C:\WINDOWS\ocgen.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00203999 _____ C:\WINDOWS\tsoc.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00159526 _____ C:\WINDOWS\comsetup.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00140582 _____ C:\WINDOWS\msmqinst.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00096395 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00029907 _____ C:\WINDOWS\MedCtrOC.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00024059 _____ C:\WINDOWS\ocmsn.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00022524 _____ C:\WINDOWS\tabletoc.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-21 19:36 - 2013-08-21 19:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-21 19:35 - 2010-10-12 14:14 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2013-08-21 19:34 - 2013-08-21 19:34 - 00008742 _____ C:\WINDOWS\KB2859537.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00007854 _____ C:\WINDOWS\KB2863058.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-21 19:34 - 2013-07-14 23:41 - 00012272 _____ C:\WINDOWS\system32\TZLog.log
2013-08-21 19:34 - 2011-12-28 19:33 - 00448398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-21 19:34 - 2011-12-28 19:33 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-21 18:51 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data
2013-08-21 18:50 - 2013-08-21 17:49 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2807986
2013-08-21 18:50 - 2012-01-05 19:30 - 00003400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG
2013-08-20 20:37 - 2013-08-20 20:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 20:22 - 2011-12-28 18:44 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\uTorrent
2013-08-20 18:23 - 2013-08-20 18:18 - 00000000 ____D C:\ComboFix
2013-08-20 18:22 - 2013-08-20 18:22 - 00010761 _____ C:\ComboFix.txt
2013-08-20 18:22 - 2013-08-20 17:20 - 00000000 ____D C:\Qoobox
2013-08-20 18:21 - 2008-04-14 15:00 - 00000246 _____ C:\WINDOWS\system.ini
2013-08-20 18:10 - 2011-12-28 19:32 - 01042759 _____ C:\WINDOWS\setupapi.log.0.old
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\ime
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\Help
2013-08-20 17:32 - 2011-12-28 18:04 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-08-20 17:25 - 2013-08-20 17:20 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:10 - 2013-08-20 17:08 - 00000000 ____D C:\AdwCleaner
2013-08-20 16:45 - 2011-12-28 19:33 - 00004016 _____ C:\WINDOWS\regopt.log
2013-08-20 16:45 - 2011-12-28 19:31 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC
2013-07-26 05:47 - 2013-07-14 18:25 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 06017536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 02005504 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-07-26 05:47 - 2013-07-14 18:25 - 01215488 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00759296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00105984 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-07-26 05:47 - 2011-12-28 18:05 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-26 05:47 - 2011-12-28 18:05 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-07-26 05:47 - 2011-12-28 18:05 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-07-26 05:47 - 2010-09-10 06:27 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-26 05:47 - 2010-09-09 21:03 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-07-26 05:47 - 2010-09-09 21:03 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-07-26 05:47 - 2009-03-07 23:34 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-07-25 21:23 - 2013-07-14 18:25 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-07-25 21:23 - 2010-09-09 09:17 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-25 18:52 - 2009-03-07 23:35 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

aharonov 25.08.2013 23:45
ok.


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aharonov 03.09.2013 08:37
Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

aharonov 06.09.2013 08:02
Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

Awadu03 10.09.2013 07:48
Guten Morgen,

sorry für die späte Rückmeldung. Da ich aber zunächst eine knappe Woche keine Antwort erhalten habe, habe ich die Festplatte neu formatiert und ein neues System aufgespielt. Anschließend war ich im Urlaub.

Aber nochmals vielen, vielen Dank für die Hilfe! Habe auch einiges lernen können.

Werde auf alle Fälle immer mal hier reinschauen, gibt ja jede Menge interessante Themen.

Gruß Awadu03

aharonov 10.09.2013 14:01
Ok, alles klar, danke für die Mitteilung. :)
Ich hatte tatsächlich dein Thema aus irgendeinem Grund 3 Tage aus den Augen verloren - sorry dafür.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131