Dann deaktiviere Avira temporär.

So hier die Berichte vom ADWCleaner:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.000 - Report created 20/08/2013 at 17:09:32
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - JOSH
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\Admin\Application Data\registry mechanic
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\registry mechanic
Folder Found C:\Program Files\AskTBar
Folder Found C:\Program Files\registry mechanic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DrvUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v5.0.1 (ru)

[ File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2991 octets] - [20/08/2013 17:09:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3051 octets] ##########
         

und

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.000 - Report created 20/08/2013 at 17:10:11
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - JOSH
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Documents and Settings\Admin\Application Data\registry mechanic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DrvUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v5.0.1 (ru)

[ File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3131 octets] - [20/08/2013 17:09:32]
AdwCleaner[S0].txt - [3110 octets] - [20/08/2013 17:10:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3170 octets] ##########
         

So, hier die Daten von ComboFix

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-08-19.02 - Admin 20.08.2013  17:34:08.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2446 [GMT 3:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 17:36 . 2013-08-20 17:36	--------	d-sh--w-	c:\documents and settings\Admin\IECompatCache
2013-08-20 17:30 . 2013-08-20 17:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\HitmanPro
2013-08-20 14:08 . 2013-08-20 14:10	--------	d-----w-	C:\AdwCleaner
2013-08-20 13:14 . 2013-08-20 13:14	--------	d-----w-	C:\FRST
2013-08-20 12:45 . 2013-08-20 12:45	--------	d-----w-	c:\program files\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 21:56 . 2010-09-10 05:57	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2010-09-09 18:03	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2011-12-28 15:05	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-07 20:55 . 2009-03-07 20:35	385024	----a-w-	c:\windows\system32\html.iec
2013-06-04 07:23 . 2008-04-14 12:00	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2010-08-31 13:38	1876736	----a-w-	c:\windows\system32\win32k.sys
2011-07-08 07:52 . 2011-12-28 15:44	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-13 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-29 21:53	72336	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
"AvaFind"="c:\program files\AvaFind\AvaFind.exe" [2007-12-22 295936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-10-26 174720]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-08-16 798720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TimeServer"="c:\documents and settings\Admin\Application Data\Opera\WIN7.exe" [2013-07-15 135168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe  /t [2011-12-30 45056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Launcher.lnk - c:\program files\InternetEverywhere\InternetEverywhere_Launcher.exe [2012-1-25 472528]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [13.10.2010 07:47 189448]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [28.12.2011 18:03 78328]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.12.2011 20:15 108289]
R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\InternetEverywhere\InternetEverywhere_Service.exe [25.01.2012 19:29 316880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13.10.2010 07:47 101904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [28.12.2011 18:41 140376]
R3 JME;JMicron Ethernet Adapter NDIS5.1 Driver;c:\windows\system32\drivers\JME.sys [28.12.2011 18:40 83088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.12.2011 18:42 1691480]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [25.01.2012 19:29 100224]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25.01.2012 19:29 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [25.01.2012 19:29 103040]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.12.2011 18:07 436792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uDefault_Search_URL = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: NameServer = 41.190.192.172,8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-20 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,e0,14,a6,6c,b2,79,78,c6,08,dc,ee,1b,2c,de,34,19,81,00,14,d0,
   97,42,8f,20,97,e2,bf,f0,e6,39,c7,6c,f5,69,93,58,6b,c4,13,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f5fe3fea-a8d3-43b1-b068-546217191eb9}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-20  17:37:18
ComboFix-quarantined-files.txt  2013-08-20 14:37
ComboFix2.txt  2013-08-20 14:26
.
Pre-Run: 43.023.130.624 bytes free
Post-Run: 43.006.173.184 bytes free
.
- - End Of File - - B2A5B3CC3358405F867374FC5480796D
8F558EB6672622401DA993E1E865C861
         

So, und der letzte Bericht:


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Admin (administrator) on 20-08-2013 17:44:58
Running from C:\Documents and Settings\Admin\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(zbshareware, Inc) C:\Program Files\USB Disk Security\USBGuard.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Think Less Do More Services) C:\Program Files\AvaFind\AvaFind.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
(Webshots.com) C:\PROGRA~1\Webshots\webshots.scr
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)
HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)
HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 
SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = 
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)
R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 ERSvc; %SystemRoot%\System32\ersvc.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
R3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:37 - 2013-08-20 17:37 - 00009983 _____ C:\ComboFix.txt
2013-08-20 17:32 - 2013-08-20 17:39 - 00000000 ____D C:\ComboFix
2013-08-20 17:20 - 2013-08-20 17:37 - 00000000 ____D C:\Qoobox
2013-08-20 17:20 - 2013-08-20 17:25 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:20 - 2011-06-26 09:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-20 17:20 - 2010-11-07 20:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-20 17:20 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-20 17:18 - 2013-08-20 17:19 - 05106564 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\ComboFix.exe
2013-08-20 17:08 - 2013-08-20 17:10 - 00000000 ____D C:\AdwCleaner
2013-08-20 17:01 - 2013-08-20 17:02 - 00975858 _____ C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:00 - 2013-08-20 16:01 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

==================== One Month Modified Files and Folders =======

2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 17:45 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data
2013-08-20 17:45 - 2011-12-28 18:06 - 01727707 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-20 17:44 - 2012-01-05 19:30 - 00003000 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:43 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-20 17:43 - 2011-12-28 19:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\ime
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\Help
2013-08-20 17:43 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-20 17:42 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-08-20 17:42 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin
2013-08-20 17:42 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-20 17:39 - 2013-08-20 17:32 - 00000000 ____D C:\ComboFix
2013-08-20 17:37 - 2013-08-20 17:37 - 00009983 _____ C:\ComboFix.txt
2013-08-20 17:37 - 2013-08-20 17:20 - 00000000 ____D C:\Qoobox
2013-08-20 17:36 - 2008-04-14 15:00 - 00000246 _____ C:\WINDOWS\system.ini
2013-08-20 17:32 - 2011-12-28 18:04 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-08-20 17:25 - 2013-08-20 17:20 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:19 - 2013-08-20 17:18 - 05106564 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\ComboFix.exe
2013-08-20 17:10 - 2013-08-20 17:08 - 00000000 ____D C:\AdwCleaner
2013-08-20 17:02 - 2013-08-20 17:01 - 00975858 _____ C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
2013-08-20 16:45 - 2011-12-28 19:33 - 00004016 _____ C:\WINDOWS\regopt.log
2013-08-20 16:45 - 2011-12-28 19:32 - 01039924 _____ C:\WINDOWS\setupapi.log
2013-08-20 16:45 - 2011-12-28 19:31 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2013-08-20 16:22 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-20 16:01 - 2013-08-20 16:00 - 01070241 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d 

C:\Windows\System32\winlogon.exe
[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117 

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a 

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         

--- --- ---

--- --- ---


Ich hoffe war alles richtig?

Bei Combofix hat die Installation der Wiederherstellungskonsole nicht geklappt. Diese braucht es aber:

Gehe auf die Mircosoft Seite => http://support.microsoft.com/?scid=kb%3Bde%3B310994&x=21&y=12

Wähle den Download, der für dein Betriebssystem bestimmt ist:
Hinweis: Für WinXP Sp3 wähle die Sp2 Version.



Lade die Datei herunter und speichere diese mit dem original Namen, neben ComboFix.exe ab.



Nun schließe alle offenen Programme und Fenster, inklusive der Antiviren und Antimalware Programme. Dies ist notwendig, damit kein Program den Suchlauf von ComboFix behindert.

• Ziehe die Setupdatei auf ComboFix.exe und lasse es los.
• Folge den Aufforderungen um ComboFix zu starten und wenn Du dazu aufgefordert wirst, stimme den Nutzungsbedingungen zu um die Wiederherstellungskonsole zu installieren.
• Bei der nächsten Eingabeaufforderung, klicke auf "Yes" um den vollständigen Suchlauf von ComboFix zu starten.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

So, hier der neue Bericht:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-08-19.02 - Admin 20.08.2013  18:19:21.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2443 [GMT 3:00]
Running from: c:\documents and settings\Admin\Desktop\Do not open!\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\Do not open!\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 17:36 . 2013-08-20 17:36	--------	d-sh--w-	c:\documents and settings\Admin\IECompatCache
2013-08-20 17:30 . 2013-08-20 17:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\HitmanPro
2013-08-20 14:43 . 2013-08-20 14:43	--------	d-----w-	c:\windows\system32\xircom
2013-08-20 14:43 . 2013-08-20 14:43	--------	d-----w-	c:\windows\system32\wbem\snmp
2013-08-20 14:43 . 2013-08-20 14:43	--------	d-----w-	c:\windows\srchasst
2013-08-20 14:43 . 2013-08-20 14:43	--------	d-----w-	c:\program files\microsoft frontpage
2013-08-20 14:08 . 2013-08-20 14:10	--------	d-----w-	C:\AdwCleaner
2013-08-20 13:14 . 2013-08-20 13:14	--------	d-----w-	C:\FRST
2013-08-20 12:45 . 2013-08-20 12:45	--------	d-----w-	c:\program files\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 21:56 . 2010-09-10 05:57	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2010-09-09 18:03	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2011-12-28 15:05	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-07 20:55 . 2009-03-07 20:35	385024	----a-w-	c:\windows\system32\html.iec
2013-06-04 07:23 . 2008-04-14 12:00	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2010-08-31 13:38	1876736	----a-w-	c:\windows\system32\win32k.sys
2011-07-08 07:52 . 2011-12-28 15:44	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-13 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-29 21:53	72336	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
"AvaFind"="c:\program files\AvaFind\AvaFind.exe" [2007-12-22 295936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-10-26 174720]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-08-16 798720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TimeServer"="c:\documents and settings\Admin\Application Data\Opera\WIN7.exe" [2013-07-15 135168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe  /t [2011-12-30 45056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Launcher.lnk - c:\program files\InternetEverywhere\InternetEverywhere_Launcher.exe [2012-1-25 472528]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [13.10.2010 07:47 189448]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [28.12.2011 18:03 78328]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.12.2011 20:15 108289]
R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\InternetEverywhere\InternetEverywhere_Service.exe [25.01.2012 19:29 316880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13.10.2010 07:47 101904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [28.12.2011 18:41 140376]
R3 JME;JMicron Ethernet Adapter NDIS5.1 Driver;c:\windows\system32\drivers\JME.sys [28.12.2011 18:40 83088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.12.2011 18:42 1691480]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [25.01.2012 19:29 100224]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25.01.2012 19:29 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [25.01.2012 19:29 103040]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.12.2011 18:07 436792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uDefault_Search_URL = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: NameServer = 41.190.192.172,8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-20 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,e0,14,a6,6c,b2,79,78,c6,08,dc,ee,1b,2c,de,34,19,81,00,14,d0,
   97,42,8f,20,97,e2,bf,f0,e6,39,c7,6c,f5,69,93,58,6b,c4,13,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f5fe3fea-a8d3-43b1-b068-546217191eb9}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-20  18:22:44
ComboFix-quarantined-files.txt  2013-08-20 15:22
ComboFix2.txt  2013-08-20 14:37
ComboFix3.txt  2013-08-20 14:26
.
Pre-Run: 43.008.516.096 bytes free
Post-Run: 42.991.951.872 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
.
- - End Of File - - C06241ED51784DF89BAA2E1B1F0569E6
8F558EB6672622401DA993E1E865C861
         

Bitte schön.

Ich sage schon einmal vielen, vieln Dank an dieser Stelle!

Werde das Forum hier auf alle Fälle weiterempfehlen.

Muss jetzt leider los einen anderen Termin wahrnehmen, schaue aber heute Abend nochmal rein.

Vielen Dank nochmal für die super Hilfe!

Hallo,

ist jetzt alles in Ordnung so?

Gruß

Da ist immer noch Malware drauf..


Schritt 1

Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:

• Klicke auf Wählen Sie eine.
• Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
  
  Code: Alles auswählenAufklappen

  ATTFilter

  c:\windows\system32\drivers\tcpip.sys
           

  und klicke auf Öffnen.
• Klicke auf Scannen!.
• Solltest du folgende Meldung bekommen:
  
  Zitat:

  Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...

  dann klicke auf Neu analysieren.
• Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.

Schritt 2

Starte noch einmal FRST.

• Ändere keine der Voreinstellungen und drücke auf Scan.
• Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
• Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

• Link zur VT-Analyse
• Log von FRST

Hallo,

bin zurzeit nicht zu Hause, dauert eventuell bis Montag, bis ich das machen kann.

Gruß Awadu

Ok, alles klar, danke für die Mitteilung.

Hallo,
habe den Rechner jetzt wieder zur Verfügung. Wollte wie beschrieben weiter machen, komme aber nicht ins Internet rein mit dem Ding.

Kann man Virustotal auch irgendwo downloaden?

Gruß Awadu

Also ist der Rechner bewusst vom Internet getrennt oder sollte es eigentlich funktionieren aber tut es nicht?

Sollte eigentlich funktionieren, tut es aber nicht.

ok.


Downloade dir bitte Farbar Service Scanner

• Starte das Tool mit Doppelklick auf die FSS.exe
• Gehe sicher, dass folgende Optionen angehakt sind.
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Klicke auf Scan.
• Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

So hier:

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 18-08-2013
Ran by Admin (administrator) on 23-08-2013 at 14:28:59
Running from "D:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2010-10-13 07:47] - [2010-10-13 07:47] - 0361600 ____A (Microsoft Corporation) 474D3DCCB57DEFCD917311EEC47204B9

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(3) 
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****
         

Hm, da ist nichts zu sehen.
Mach bitte weiter mit dem Schritt 2 aus letzter Anleitung (frisches FRST-Log).

Here you are:


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Admin (administrator) on 23-08-2013 14:41:22
Running from C:\Documents and Settings\Admin\Desktop\Do not open!
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(zbshareware, Inc) C:\Program Files\USB Disk Security\USBGuard.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Think Less Do More Services) C:\Program Files\AvaFind\AvaFind.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
() C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
( ) C:\Documents and Settings\Admin\Local Settings\Minerd\reader.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Webshots.com) C:\PROGRA~1\Webshots\webshots.scr
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20053608 2011-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ATKHOTKEY] - C:\Program Files\ASUS\ATK Hotkey\HControl.exe [174720 2009-10-26] (ASUS)
HKLM\...\Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-08-16] (zbshareware, Inc)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [TimeServer] - C:\Documents and Settings\Admin\Application Data\Opera\WIN7.exe [135168 2013-07-15] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3249504 2010-09-30] (Tonec Inc.)
HKCU\...\Run: [AvaFind] - C:\Program Files\AvaFind\AvaFind.exe [295936 2007-12-22] (Think Less Do More Services)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKCU\...\Policies\Explorer\Run: [1] C:\Documents and Settings\Admin\Local Settings\Minerd\reader.exe [186012 2013-08-21] ( ( ))
HKU\Administrator\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [ 2010-09-30] (Tonec Inc.)
HKU\Default User\...\RunOnce: [_nltide_3] - C:\Windows\System32\advpack.dll [ 2009-03-07] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.webshots.com/r/internal/start/client/RAND
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - DefaultScope {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {6B528F7B-1290-4F85-BA27-8515B393FF4B} URL = 
SearchScopes: HKCU - {6BA4BBC5-3A34-465E-A7AD-CA216AD72022} URL = 
BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\..\Interfaces\{763D3CAE-6300-49A7-9962-56732E0B7F18}: [NameServer]41.190.192.172,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5pvzvqwj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-ru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yandex.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2012-01-07] (Avira GmbH)
R2 InternetEverywhere_Service; C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 ERSvc; %SystemRoot%\System32\ersvc.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [189448 2010-10-13] (Advanced Micro Devices, Inc)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2010-10-13] (Advanced Micro Devices)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
R3 ASNDIS5; C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [16269 2004-05-27] (Printing Communications Assoc., Inc. (PCAUSA))
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-17] (Adaptec)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101904 2010-10-13] (ATI Technologies, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2012-01-07] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [100224 2012-01-25] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2012-01-25] (Huawei Technologies Co., Ltd.)
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [78328 2010-09-30] (Tonec Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2010-10-13] (ATK0100)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 Si3112; C:\Windows\System32\Drivers\Si3112.sys [74280 2010-10-13] (Silicon Image, Inc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-12-28] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 10:25 - 2013-08-23 10:25 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2506212
2013-08-23 10:23 - 2013-08-23 10:23 - 00000501 _____ C:\WINDOWS\nsw.log
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\MPlayer2
2013-08-22 08:58 - 2013-08-23 10:07 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2536276-v2
2013-08-22 01:15 - 2013-08-22 01:15 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2510531-IE8
2013-08-21 19:38 - 2013-08-21 19:38 - 00000000 __SHD C:\Documents and Settings\Admin\Local Settings\Application Data\USB Disk Security_is1
2013-08-21 19:36 - 2013-08-21 19:37 - 00014417 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-21 19:35 - 2013-08-21 19:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-21 19:34 - 2013-08-21 19:34 - 00008742 _____ C:\WINDOWS\KB2859537.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00007854 _____ C:\WINDOWS\KB2863058.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-21 18:50 - 2013-08-21 18:50 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB931906
2013-08-21 17:49 - 2013-08-21 18:50 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2807986
2013-08-21 16:14 - 2013-05-28 04:59 - 00590848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcrt4.dll
2013-08-21 16:12 - 2013-08-23 14:26 - 00000000 ____D C:\DOCUME~1\Admin\LOCALS~1\Minerd
2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 20:30 - 2013-08-20 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 18:22 - 2013-08-20 18:22 - 00010761 _____ C:\ComboFix.txt
2013-08-20 18:18 - 2013-08-20 18:23 - 00000000 ____D C:\ComboFix
2013-08-20 17:53 - 2013-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Admin\Desktop\Do not open!
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:20 - 2013-08-20 18:22 - 00000000 ____D C:\Qoobox
2013-08-20 17:20 - 2013-08-20 17:25 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:20 - 2011-06-26 09:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-20 17:20 - 2010-11-07 20:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-20 17:20 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-20 17:20 - 2000-08-31 03:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-20 17:08 - 2013-08-20 17:10 - 00000000 ____D C:\AdwCleaner
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 15:56 - 2013-08-20 15:58 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro

==================== One Month Modified Files and Folders =======

2013-08-23 14:41 - 2013-08-20 17:53 - 00000000 ____D C:\Documents and Settings\Admin\Desktop\Do not open!
2013-08-23 14:27 - 2011-12-28 18:06 - 01163485 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-23 14:26 - 2013-08-21 16:12 - 00000000 ____D C:\DOCUME~1\Admin\LOCALS~1\Minerd
2013-08-23 14:25 - 2013-08-23 14:25 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2544893-v2
2013-08-23 14:25 - 2013-08-23 10:25 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2506212
2013-08-23 14:25 - 2011-12-28 19:36 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-23 14:25 - 2011-12-28 19:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-23 14:25 - 2011-12-28 18:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-23 13:05 - 2011-12-28 18:25 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-08-23 10:33 - 2011-12-28 18:13 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-23 10:32 - 2011-12-28 18:25 - 00000000 ____D C:\Documents and Settings\Admin
2013-08-23 10:25 - 2013-08-23 10:07 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\MPlayer2
2013-08-23 10:23 - 2013-08-23 10:23 - 00000501 _____ C:\WINDOWS\nsw.log
2013-08-23 10:23 - 2011-12-28 19:32 - 00007172 _____ C:\WINDOWS\setupapi.log
2013-08-23 10:07 - 2013-08-22 08:58 - 00000000 __SHD C:\Documents and Settings\Admin\My Documents\KB2536276-v2
2013-08-23 10:06 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-22 08:58 - 2013-08-22 01:15 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2510531-IE8
2013-08-22 01:15 - 2013-08-21 19:38 - 00000000 __SHD C:\Documents and Settings\Admin\Local Settings\Application Data\USB Disk Security_is1
2013-08-21 19:39 - 2013-08-21 18:50 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB931906
2013-08-21 19:37 - 2013-08-21 19:36 - 00014417 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-21 19:37 - 2013-07-14 23:13 - 00017326 _____ C:\WINDOWS\updspapi.log
2013-08-21 19:37 - 2013-07-14 23:12 - 00000000 ____D C:\WINDOWS\ie8updates
2013-08-21 19:37 - 2011-12-28 19:33 - 00507077 _____ C:\WINDOWS\iis6.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00431083 _____ C:\WINDOWS\FaxSetup.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00290273 _____ C:\WINDOWS\ocgen.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00203999 _____ C:\WINDOWS\tsoc.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00159526 _____ C:\WINDOWS\comsetup.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00140582 _____ C:\WINDOWS\msmqinst.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00096395 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00029907 _____ C:\WINDOWS\MedCtrOC.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00024059 _____ C:\WINDOWS\ocmsn.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00022524 _____ C:\WINDOWS\tabletoc.log
2013-08-21 19:37 - 2011-12-28 19:33 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-21 19:36 - 2013-08-21 19:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-21 19:35 - 2010-10-12 14:14 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2013-08-21 19:34 - 2013-08-21 19:34 - 00008742 _____ C:\WINDOWS\KB2859537.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00007854 _____ C:\WINDOWS\KB2863058.log
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-21 19:34 - 2013-08-21 19:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-21 19:34 - 2013-07-14 23:41 - 00012272 _____ C:\WINDOWS\system32\TZLog.log
2013-08-21 19:34 - 2011-12-28 19:33 - 00448398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-21 19:34 - 2011-12-28 19:33 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-21 18:51 - 2011-12-28 20:00 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AvaFind Data
2013-08-21 18:50 - 2013-08-21 17:49 - 00000000 __SHD C:\Documents and Settings\Admin\Application Data\KB2807986
2013-08-21 18:50 - 2012-01-05 19:30 - 00003400 _____ C:\Documents and Settings\Admin\Desktop\AVAFIND_ERROR.LOG
2013-08-20 20:37 - 2013-08-20 20:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-20 20:36 - 2013-08-20 20:36 - 00000000 __SHD C:\Documents and Settings\Admin\IECompatCache
2013-08-20 20:22 - 2011-12-28 18:44 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\uTorrent
2013-08-20 18:23 - 2013-08-20 18:18 - 00000000 ____D C:\ComboFix
2013-08-20 18:22 - 2013-08-20 18:22 - 00010761 _____ C:\ComboFix.txt
2013-08-20 18:22 - 2013-08-20 17:20 - 00000000 ____D C:\Qoobox
2013-08-20 18:21 - 2008-04-14 15:00 - 00000246 _____ C:\WINDOWS\system.ini
2013-08-20 18:10 - 2011-12-28 19:32 - 01042759 _____ C:\WINDOWS\setupapi.log.0.old
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\WINDOWS\srchasst
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\xerox
2013-08-20 17:43 - 2013-08-20 17:43 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\ime
2013-08-20 17:43 - 2011-12-28 19:27 - 00000000 ____D C:\WINDOWS\Help
2013-08-20 17:32 - 2011-12-28 18:04 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-08-20 17:25 - 2013-08-20 17:20 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-20 17:10 - 2013-08-20 17:08 - 00000000 ____D C:\AdwCleaner
2013-08-20 16:45 - 2011-12-28 19:33 - 00004016 _____ C:\WINDOWS\regopt.log
2013-08-20 16:45 - 2011-12-28 19:31 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2013-08-20 16:14 - 2013-08-20 16:14 - 00000000 ____D C:\FRST
2013-08-20 16:07 - 2011-12-28 19:32 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-20 15:58 - 2013-08-20 15:56 - 00000020 _____ C:\Documents and Settings\Admin\defogger_reenable
2013-08-20 15:45 - 2013-08-20 15:45 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 15:41 - 2013-07-15 18:28 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-20 15:12 - 2012-04-02 14:38 - 00000000 __SHD C:\WINDOWS\CSC
2013-07-26 05:47 - 2013-07-14 18:25 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 06017536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 02005504 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-07-26 05:47 - 2013-07-14 18:25 - 01215488 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00759296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00105984 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-07-26 05:47 - 2013-07-14 18:25 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-07-26 05:47 - 2011-12-28 18:05 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-26 05:47 - 2011-12-28 18:05 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-07-26 05:47 - 2011-12-28 18:05 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-07-26 05:47 - 2010-09-10 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-07-26 05:47 - 2010-09-10 06:27 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-26 05:47 - 2010-09-09 21:03 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-07-26 05:47 - 2010-09-09 21:03 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-07-26 05:47 - 2009-03-07 23:34 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-07-25 21:23 - 2013-07-14 18:25 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-07-25 21:23 - 2010-09-09 09:17 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-25 18:52 - 2009-03-07 23:35 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 14:38] - [2008-07-03 14:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d 

C:\Windows\System32\winlogon.exe
[2009-04-02 17:56] - [2009-04-02 17:56] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117 

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-12-23 18:05] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a 

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         

--- --- ---

ok.


Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers