Trojaner-Board - Win Vista: BKA Trojaner (100€)

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Win Vista: BKA Trojaner (100€) (https://www.trojaner-board.de/140937-win-vista-bka-trojaner-100-a.html)

Win Vista: BKA Trojaner (100€)

Guten Tag Trojaner-Boarder,
ich habe einen Laptop von einem Freund bekommen, auf dem sich wohl der BKA Trojaner befindet, der 100€ von einem verlangt.
Ich habe es selber schon mit den herkömmlichen Methoden probiert: Systemwiederherstellung (rstrui.exe kann nicht initialisiert werden) und Malware-Bytes (kann ebenfalls wegen einem DLL Fehler nicht ausgeführt werden).
Wenn ich den PC normal booten lasse, kommt lediglich ein schwarzer Bildschirm + der Mauszeiger (ich habe keine Internetverbindung). Relevante Dinge kann ich also nur im abgesicherten Modus anstellen.

Ich würde zwar gerne bereits einige Logs nach dem "Zu beachten" Guide posten, habe allerdings gesehen das viele Helfer unterschiedliche Programme bevorzugen.
Ich bedanke mich im Vorraus für eure Hilfe.

Gruß
Runifl

Hi,

Zitat:

Ich würde zwar gerne bereits einige Logs nach dem "Zu beachten" Guide posten, habe allerdings gesehen das viele Helfer unterschiedliche Programme bevorzugen.

Nein, für die erste Diagnose werden keine unterschiedlichen Programme bevorzugt.. :)
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.

Alles klar, hier sind auch schon die Logs.
Das FRST konnte auf dem Laptop leider nicht zum laufen gebracht werden.

defogger_disable.log

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:43 on 02/09/2013 (****)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

gmer.txt

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-09-02 20:59:20

Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD32 rev.11.0 298,09GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldipod.sys
 
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys

AttachedDevice  \FileSystem\fastfat \Fat                 fltmgr.sys
 

Device          \FileSystem\cdfs \Cdfs                   90AFB05C

Device          \FileSystem\cdfs \Cdfs                   90B00797
 

---- EOF - GMER 2.1 ----

Das ist leider alles was die beiden funktionierenden Tools ausspucken wollten :daumenrunter:

Dann versuch bitte OTL:

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Das dürften dann die hier sein:

otl.txt
OTL Logfile:

Code:

OTL logfile created on: 02.09.2013 22:32:37 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = F:\

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,25 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 76,27% Memory free

4,71 Gb Paging File | 4,41 Gb Available in Paging File | 93,56% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 282,27 Gb Total Space | 224,03 Gb Free Space | 79,37% Space Free | Partition Type: NTFS

Drive D: | 15,81 Gb Total Space | 4,74 Gb Free Space | 29,97% Space Free | Partition Type: FAT32

Drive F: | 1,83 Gb Total Space | 1,82 Gb Free Space | 99,52% Space Free | Partition Type: FAT

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.09.03 22:11:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 04:24:36 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe

PRC - [2008.01.21 04:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.06.28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013.06.11 20:54:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash
 

\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- 
 

(AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe 
 

-- (AntiVirService)

SRV - [2011.05.08 17:35:39 | 000,330,696 | ---- | M] () [Auto | Stopped] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort
 

\SeaPort.exe -- (SeaPort)

SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live
 

\WLIDSVC.EXE -- (wlidsvc)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- 
 

(WMPNetworkSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\****\AppData\Local\Temp\kxldipod.sys -- (kxldipod)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2013.09.02 20:46:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers
 

\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- 
 

(avgntflt)

DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers
 

\athr.sys -- (athr)

DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- 
 

(hamachi)

DRV - [2008.09.25 09:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers
 

\NxpCap.sys -- (NxpCap)

DRV - [2008.09.17 15:24:00 | 007,590,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- 
 

(nvlddmkm)

DRV - [2008.09.05 13:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- 
 

(NVHDA)

DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- 
 

(nvsmu)

DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- 
 

(nvstor32)

DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers
 

\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- 
 

(NVENETFD)

DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys 
 

-- (WSDPrintDevice)

DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers
 

\x10ufx2.sys -- (XUIF)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q=
 

{searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB C3 36 AE 0F ED CB 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q=
 

{searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft 
 

Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 
 

(Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing
 

\MozillaAddOn3 [2011.06.17 17:13:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack
 

\Search Helper\firefoxextension\SearchHelperExtension\ [2011.06.18 19:52:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack
 

\Default Manager\DMExtension\ [2011.06.18 19:52:44 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 
 

[2011.06.17 17:13:53 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 
 

(Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live
 

\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN 
 

Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [{798BAFBA-9D5B-7F5B-2FC3-956586D864AD}] C:\Users\****\AppData\Roaming\Ebzyop\lexosap.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23AFE571-FC9B-41D0-81A4-878E3D968A12}: DhcpNameServer = 217.0.43.49 217.0.43.33

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80807254-2426-492D-97F7-0A2F4BF8FC23}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll 
 

(Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\Users\****\AppData\Roaming\cache.dat) - C:\Users\****\AppData\Roaming\cache.dat ()

O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O31 - SafeBoot: UseAlternatShell - 1

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{16d1d679-7986-11e0-a2f1-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{16d1d679-7986-11e0-a2f1-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{16d1d69f-7986-11e0-a2f1-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{16d1d69f-7986-11e0-a2f1-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff1f-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff1f-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff31-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff31-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff3e-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff3e-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff3f-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff3f-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2013.09.02 00:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.09.02 00:42:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.09.02 00:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.09.02 00:40:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013.09.02 00:40:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2013.09.02 00:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.09.02 00:26:31 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013.07.16 17:57:02 | 000,000,000 | -HSD | C] -- C:\found.002

[2013.07.11 09:33:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013.07.11 09:33:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013.07.11 09:33:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013.07.11 09:33:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013.07.11 09:33:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013.07.11 09:32:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013.07.11 09:32:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013.07.11 09:32:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013.07.10 03:01:12 | 000,000,000 | ---D | C] -- C:\c5068efb0817b4a6f49da0767431

[2013.07.09 21:05:22 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013.07.09 21:05:00 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013.07.09 21:04:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2013.07.09 21:04:59 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2013.07.09 21:04:59 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2013.07.09 21:04:59 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2013.07.09 21:04:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2013.07.09 21:04:59 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2013.07.09 21:04:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2013.07.09 21:04:58 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2013.07.09 21:04:58 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll

[2013.07.04 14:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2013.07.04 14:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2013.06.11 21:09:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll

[2013.06.11 21:09:47 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe

[2013.06.11 21:09:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll

[2013.06.11 21:09:41 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013.06.11 21:09:41 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013.06.11 21:09:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll

[2013.03.25 15:09:37 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\icq.dat

[2012.10.09 12:15:42 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\dbu32.ocx

[2012.05.27 05:13:23 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\ldr.mcb

[2011.03.28 09:18:19 | 000,067,368 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\nvModes.001

 
 ========== Files - Modified Within 90 Days ==========

 

[2013.09.02 20:46:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013.09.02 20:46:21 | 000,000,013 | ---- | M] () -- C:\Users\****\AppData\Roaming\mbam.context.scan

[2013.09.02 20:43:36 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable

[2013.09.02 20:36:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.09.02 20:33:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.09.02 20:33:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.09.02 00:42:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.09.01 23:04:36 | 000,000,004 | ---- | M] () -- C:\Users\****\AppData\Roaming\cache.ini

[2013.09.01 22:32:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.09.01 22:15:43 | 000,067,368 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\nvModes.001

[2013.09.01 22:15:43 | 000,067,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2013.08.06 20:54:11 | 000,002,032 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat

[2013.07.11 16:09:45 | 000,280,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013.07.11 09:42:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.07.11 09:42:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.07.11 09:42:10 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.07.11 09:42:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.07.03 23:12:18 | 000,089,398 | ---- | M] () -- C:\Users\****\Desktop\1005175_10200830907648944_2137366586_n[1].jpg

[2013.06.22 21:21:57 | 000,030,206 | ---- | M] () -- C:\Users\****\Desktop\9929a25f05fd267e4978261977c7f7fe[1].jpg

[2013.06.16 19:08:35 | 000,022,241 | ---- | M] () -- C:\Users\****\Desktop\185128_4196686409382_1803667377_n[2].jpg

[2013.06.16 17:32:34 | 000,030,011 | ---- | M] () -- C:\Users\****\Desktop\1005249_581218088576264_873848389_n[1].jpg

[2013.06.11 20:54:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.06.11 20:54:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013.06.10 12:50:26 | 000,082,915 | ---- | M] () -- C:\Users\****\Desktop\IMG-20130610-WA0001.jpg

 
 ========== Files Created - No Company Name ==========

 

[2013.09.02 20:46:21 | 000,000,013 | ---- | C] () -- C:\Users\****\AppData\Roaming\mbam.context.scan

[2013.09.02 20:43:36 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable

[2013.09.02 14:24:35 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2013.09.02 00:42:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.07.14 23:07:05 | 000,000,004 | ---- | C] () -- C:\Users\****\AppData\Roaming\cache.ini

[2013.07.01 13:44:35 | 000,082,915 | ---- | C] () -- C:\Users\****\Desktop\IMG-20130610-WA0001.jpg

[2013.06.29 18:49:48 | 000,089,398 | ---- | C] () -- C:\Users\****\Desktop\1005175_10200830907648944_2137366586_n[1].jpg

[2013.06.22 21:22:55 | 000,030,206 | ---- | C] () -- C:\Users\****\Desktop\9929a25f05fd267e4978261977c7f7fe[1].jpg

[2013.06.16 19:15:32 | 000,022,241 | ---- | C] () -- C:\Users\****\Desktop\185128_4196686409382_1803667377_n[2].jpg

[2013.06.16 17:27:21 | 000,030,011 | ---- | C] () -- C:\Users\****\Desktop\1005249_581218088576264_873848389_n[1].jpg

[2012.12.25 17:55:34 | 000,002,864 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2012.12.25 17:55:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.01.10 20:13:51 | 000,089,600 | ---- | C] () -- C:\Users\****\AppData\Roaming\cache.dat

[2011.10.12 23:50:48 | 000,004,096 | ---- | C] () -- C:\Windows\System32\oleaccrc.dll

[2011.05.08 13:41:23 | 000,077,312 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.05 20:24:15 | 000,001,120 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat

[2011.03.28 09:18:04 | 000,067,368 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2011.03.27 15:56:12 | 000,002,032 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat

 
 ========== ZeroAccess Check ==========

 

[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\@

[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\L

[2013.01.18 21:42:55 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\U

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"ThreadingModel" = Both

"" = C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\n.

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-1253280714-2017419058-2238026550-1000\$e616ae02b60d555116ebeedf449d2993\n.

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\$Recycle.Bin\S-1-5-18\$e616ae02b60d555116ebeedf449d2993\n.

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\****\Desktop\asdmovie.avi:TOC.WMV
 
 

< End of report >

--- --- ---

extras.txt
OTL Logfile:

Code:

OTL Extras logfile created on: 02.09.2013 22:32:37 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = F:\

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,25 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 76,27% Memory free

4,71 Gb Paging File | 4,41 Gb Available in Paging File | 93,56% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 282,27 Gb Total Space | 224,03 Gb Free Space | 79,37% Space Free | Partition Type: NTFS

Drive D: | 15,81 Gb Total Space | 4,74 Gb Free Space | 29,97% Space Free | Partition Type: FAT32

Drive F: | 1,83 Gb Total Space | 1,82 Gb Free Space | 99,52% Space Free | Partition Type: FAT

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module

"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch

"{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Avira AntiVir Desktop" = Avira Free Antivirus

"BitTorrent" = BitTorrent

"Counter-Strike 1.6 v28 - DigitalZone" = Counter-Strike 1.6 v28 - DigitalZone

"Counter-Strike: Source v17" = Counter-Strike: Source v17

"EW : Cossacks" = EW : Cossacks

"Führerschein Lernsoftware" = Führerschein Lernsoftware

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"iLivid" = iLivid

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

"Searchqu Toolbar" = Searchqu Toolbar

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Verbindungsassistent" = Verbindungsassistent

"VLC media player" = VLC media player 1.1.8

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)

"JNLP" = JNLP

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 05.07.2013 07:19:20 | Computer Name = ****-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 9.0.8112.16490 arbeitet nicht mehr 

mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet

 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 

über das Problem zu suchen.  Prozess-ID: 68c  Anfangszeit: 01ce797174cc9140  Zeitpunkt

 der Beendigung: 0

 

Error - 05.07.2013 07:51:24 | Computer Name = ****-PC | Source = EventSystem | ID = 4622

Description = 

 

Error - 05.07.2013 18:48:20 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x698, Anwendungsstartzeit

 01ce79d13512ec88.

 

Error - 06.07.2013 04:46:43 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x654, Anwendungsstartzeit

 01ce7a252870d76a.

 

Error - 07.07.2013 04:02:18 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x66c, Anwendungsstartzeit

 01ce7ae822de87eb.

 

Error - 08.07.2013 11:56:47 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x654, Anwendungsstartzeit

 01ce7bf3954cd772.

 

Error - 09.07.2013 12:24:18 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x670, Anwendungsstartzeit

 01ce7cc096e8f4d4.

 

Error - 09.07.2013 15:39:49 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x66c, Anwendungsstartzeit

 01ce7cdbe77df07e.

 

Error - 11.07.2013 03:07:37 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x634, Anwendungsstartzeit

 01ce7e05252a5b5f.

 

Error - 11.07.2013 03:11:08 | Computer Name = ****-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b0e1, fehlerhaftes Modul NVSVC.DLL, Version 7.15.11.7654, Zeitstempel 0x48d102de,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c6b,  Prozess-ID 0x654, Anwendungsstartzeit

 01ce7e05a3f9740b.

 

[ System Events ]

Error - 01.09.2013 18:55:12 | Computer Name = ****-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 01.09.2013 18:57:41 | Computer Name = ****-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 02.09.2013 08:21:52 | Computer Name = ****-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 02.09.2013 08:29:32 | Computer Name = ****-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 02.09.2013 08:31:09 | Computer Name = ****-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 02.09.2013 14:38:23 | Computer Name = ****-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 02.09.2013 14:49:33 | Computer Name = ****-PC | Source = nvstor32 | ID = 262149

Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

 

Error - 02.09.2013 14:52:19 | Computer Name = ****-PC | Source = nvstor32 | ID = 262149

Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

 

Error - 02.09.2013 14:54:47 | Computer Name = ****-PC | Source = nvstor32 | ID = 262149

Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.

 

Error - 02.09.2013 16:23:45 | Computer Name = ****-PC | Source = DCOM | ID = 10005

Description = 

 

 

< End of report >

--- --- ---

Hi,

da ist doch einiges an Malware drauf..
Kannst du den Rechner nach diesem Fix wieder in den normalen Modus starten?

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

O20 - HKCU Winlogon: Shell - (C:\Users\****\AppData\Roaming\cache.dat) - C:\Users\****\AppData\Roaming\cache.dat ()

[2013.07.14 23:07:05 | 000,000,004 | ---- | C] () -- C:\Users\****\AppData\Roaming\cache.ini
 

:commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Auch nach dem Fix bleibt es bei dem schwarze Bildschirm beim normalen Start.

Hier der Log:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\****\AppData\Roaming\cache.dat deleted successfully.

C:\Users\****\AppData\Roaming\cache.dat moved successfully.

C:\Users\****\AppData\Roaming\cache.ini moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: ******

->Temp folder emptied: 373448 bytes

->Temporary Internet Files folder emptied: 48241066 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 121217 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: ****

->Temp folder emptied: 170980069 bytes

->Temporary Internet Files folder emptied: 4705733607 bytes

->Java cache emptied: 5506661 bytes

->Flash cache emptied: 202409 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2447355542 bytes

RecycleBin emptied: 902750 bytes

 

Total Files Cleaned = 7.038,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09032013_153432

Dann mach bitte im abgesicherten Modus ein neues OTL-Log:

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Code:

OTL logfile created on: 03.09.2013 16:37:40 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = F:\

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 84,66% Memory free

4,71 Gb Paging File | 4,51 Gb Available in Paging File | 95,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 282,27 Gb Total Space | 230,88 Gb Free Space | 81,79% Space Free | Partition Type: NTFS

Drive D: | 15,81 Gb Total Space | 4,74 Gb Free Space | 29,97% Space Free | Partition Type: FAT32

Drive F: | 1,83 Gb Total Space | 1,82 Gb Free Space | 99,50% Space Free | Partition Type: FAT

 

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.09.03 22:11:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 04:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.06.28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013.06.11 20:54:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash
 

\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- 
 

(AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe 
 

-- (AntiVirService)

SRV - [2011.05.08 17:35:39 | 000,330,696 | ---- | M] () [Auto | Stopped] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort
 

\SeaPort.exe -- (SeaPort)

SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live
 

\WLIDSVC.EXE -- (wlidsvc)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- 
 

(WMPNetworkSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2013.09.02 20:46:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers
 

\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys 
 

-- (athr)

DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- 
 

(hamachi)

DRV - [2008.09.25 09:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers
 

\NxpCap.sys -- (NxpCap)

DRV - [2008.09.17 15:24:00 | 007,590,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- 
 

(nvlddmkm)

DRV - [2008.09.05 13:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- 
 

(NVHDA)

DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- 
 

(nvsmu)

DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- 
 

(nvstor32)

DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers
 

\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- 
 

(NVENETFD)

DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- 
 

(WSDPrintDevice)

DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers
 

\x10ufx2.sys -- (XUIF)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q=
 

{searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB C3 36 AE 0F ED 
 

CB 01  [binary data]

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q=
 

{searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?
 

src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft 
 

Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 
 

(Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 
 

[2011.06.17 17:13:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack
 

\Search Helper\firefoxextension\SearchHelperExtension\ [2011.06.18 19:52:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack
 

\Default Manager\DMExtension\ [2011.06.18 19:52:44 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 
 

[2011.06.17 17:13:53 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 
 

(Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live
 

\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN 
 

Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000..\Run: [{798BAFBA-9D5B-7F5B-2FC3-956586D864AD}] C:\Users\****\AppData\Roaming\Ebzyop\lexosap.exe 
 

File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23AFE571-FC9B-41D0-81A4-878E3D968A12}: DhcpNameServer = 217.0.43.49 217.0.43.33

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80807254-2426-492D-97F7-0A2F4BF8FC23}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll 
 

(Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O31 - SafeBoot: UseAlternatShell - 1

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{16d1d679-7986-11e0-a2f1-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{16d1d679-7986-11e0-a2f1-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{16d1d69f-7986-11e0-a2f1-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{16d1d69f-7986-11e0-a2f1-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff1f-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff1f-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff31-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff31-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff3e-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff3e-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{bdd0ff3f-8ea7-11e0-9f65-00222002cfd1}\Shell - "" = AutoRun

O33 - MountPoints2\{bdd0ff3f-8ea7-11e0-9f65-00222002cfd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.09.02 00:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.09.02 00:42:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.09.02 00:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.09.02 00:40:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013.09.02 00:40:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes

[2013.09.02 00:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.09.02 00:26:31 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013.03.25 15:09:37 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\icq.dat

[2012.10.09 12:15:42 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\dbu32.ocx

[2012.05.27 05:13:23 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\ldr.mcb

[2011.03.28 09:18:19 | 000,067,368 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\nvModes.001

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.09.03 16:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.09.03 15:58:05 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.09.03 15:58:05 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.09.02 20:46:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013.09.02 20:46:21 | 000,000,013 | ---- | M] () -- C:\Users\****\AppData\Roaming\mbam.context.scan

[2013.09.02 20:43:36 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable

[2013.09.02 00:42:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.09.01 22:32:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.09.01 22:15:43 | 000,067,368 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2013.08.06 20:54:11 | 000,002,032 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat

 
 ========== Files Created - No Company Name ==========

 

[2013.09.02 20:46:21 | 000,000,013 | ---- | C] () -- C:\Users\****\AppData\Roaming\mbam.context.scan

[2013.09.02 20:43:36 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable

[2013.09.02 14:24:35 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2013.09.02 00:42:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.25 17:55:34 | 000,002,864 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2012.12.25 17:55:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2011.10.12 23:50:48 | 000,004,096 | ---- | C] () -- C:\Windows\System32\oleaccrc.dll

[2011.05.08 13:41:23 | 000,077,312 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.05 20:24:15 | 000,001,120 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat

[2011.03.28 09:18:04 | 000,067,368 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2011.03.27 15:56:12 | 000,002,032 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat

 
 ========== ZeroAccess Check ==========

 

[2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\@

[2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\L

[2013.01.18 21:42:55 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\U

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"ThreadingModel" = Both

"" = C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\n.

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-1253280714-2017419058-2238026550-1000\$e616ae02b60d555116ebeedf449d2993\n.

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\$Recycle.Bin\S-1-5-18\$e616ae02b60d555116ebeedf449d2993\n.

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2013.05.12 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BitTorrent

[2011.03.28 09:03:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited

[2012.03.18 20:33:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ebzyop

[2012.03.17 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sey

[2011.04.05 20:29:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Template

[2011.05.10 20:26:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Verbindungsassistent

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\****\Desktop\asdmovie.avi:TOC.WMV
 

< End of report >

Ändert sich was nach diesem Fix?

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

[2012.03.18 20:33:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ebzyop

[2012.03.17 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sey

[2011.04.05 20:24:15 | 000,001,120 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat

[2012.12.25 17:55:34 | 000,002,864 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2012.12.25 17:55:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2013.03.25 15:09:37 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\icq.dat

[2012.10.09 12:15:42 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\dbu32.ocx

[2012.05.27 05:13:23 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Users\****\AppData\Roaming\ldr.mcb

O4 - HKU\S-1-5-21-1253280714-2017419058-2238026550-1000..\Run: [{798BAFBA-9D5B-7F5B-2FC3-956586D864AD}] C:\Users\****\AppData\Roaming\Ebzyop\lexosap.exe File not found 
 

:commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Auch nach dem Fix bleibt es bei einem schwarzen Bildschirm + Zeiger.

log:

Code:

All processes killed

========== OTL ==========

C:\Users\****\AppData\Roaming\Ebzyop folder moved successfully.

C:\Users\****\AppData\Roaming\Sey folder moved successfully.

C:\Users\****\AppData\Roaming\wklnhst.dat moved successfully.

C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.

C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.

C:\Users\****\AppData\Roaming\icq.dat moved successfully.

C:\Users\****\AppData\Roaming\dbu32.ocx moved successfully.

C:\Users\****\AppData\Roaming\ldr.mcb moved successfully.

Registry value HKEY_USERS\S-1-5-21-1253280714-2017419058-2238026550-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{798BAFBA-9D5B-7F5B-2FC3-956586D864AD} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{798BAFBA-9D5B-7F5B-2FC3-956586D864AD}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: ******

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: ****

->Temp folder emptied: 31832 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 407 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09032013_165857

ok.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bei der Erstellung der File tauchte häufiger eine Fehlermeldung wie "NIRKMD.3XE - FEHLER IN ANWENDUNG" (ebenfalls: NirCmd.3XE) auf, falls es relevant ist.

ComboFix.txt:

Code:

ComboFix 13-09-02.02 - **** 03.09.2013  17:19:12.1.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2301.1870 [GMT 2:00]

ausgeführt von:: c:\users\****\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Searchqu Toolbar\Datamngr

c:\program files\Searchqu Toolbar\Datamngr\BrowserConnection.dll

c:\program files\Searchqu Toolbar\Datamngr\datamngr.dll

c:\program files\Searchqu Toolbar\Datamngr\datamngrUI.exe

c:\program files\Searchqu Toolbar\Datamngr\DnsBHO.dll

c:\program files\Searchqu Toolbar\Datamngr\IEBHO.dll

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe

c:\programdata\nvModes.001

.

Infizierte Kopie von c:\windows\System32\audiodg.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\audiodg.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-08-03 bis 2013-09-03  ))))))))))))))))))))))))))))))

.

.

2013-09-03 15:27 . 2013-09-03 15:27        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2013-09-03 15:27 . 2013-09-03 15:27        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2013-09-03 15:27 . 2013-09-03 15:27        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2013-09-03 15:27 . 2013-09-03 15:27        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2013-09-03 15:27 . 2013-09-03 15:27        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2013-09-03 15:25 . 2013-09-03 15:33        --------        d-----w-        c:\users\****\AppData\Local\temp

2013-09-03 15:25 . 2013-09-03 15:25        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-09-03 15:25 . 2013-09-03 15:25        --------        d-----w-        c:\users\******\AppData\Local\temp

2013-09-01 22:42 . 2013-09-01 22:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2013-09-01 22:42 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-09-01 22:40 . 2013-09-02 18:46        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2013-09-01 22:40 . 2013-09-01 22:40        --------        d-----w-        c:\users\****\AppData\Roaming\Malwarebytes

2013-09-01 22:40 . 2013-09-01 22:40        --------        d-----w-        c:\programdata\Malwarebytes

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-11 18:54 . 2012-08-04 12:36        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-11 18:54 . 2012-08-04 12:36        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-04 1033512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Skytel"="Skytel.exe" [2008-09-18 1833504]

"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13552160]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-07 348664]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

"OTL"="F:\OTL.exe" [2013-09-03 602112]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll 

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

HPService        REG_MULTI_SZ           HPSLPSVC

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 18:54]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.searchnu.com/406

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE

AddRemove-iLivid - c:\program files\iLivid\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2013-09-03 17:33

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2013-09-03  17:42:30 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-09-03 15:42

.

Vor Suchlauf: 9 Verzeichnis(se), 247.753.076.736 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 247.610.138.624 Bytes frei

.

- - End Of File - - 90D7097942C74ED946AE0FC109EE9253

5C616939100B85E558DA92B899A0FC36

Rechner startet immer noch nicht in den normalen Modus?

Nein, Schluss ist weiterhin beim schwarzen Bildschirm.

Kannst du mir bitte genau schildern, wann dieser schwarze Bildschirm genau kommt?
Nach dem Anmelden? Oder zuvor?

Noch vor dem Login Fenster.

Ich sehe also noch den http://www.winboard.org/attachments/...ei-vista-2.jpg, danach ist Schluss.

EDIT: Ganz am Anfang wird mir beim booten noch eine Recovery Option (F3) angeboten (auf der Festplatte ist dafür extra eine 2. Partition drauf). Falls ich diese mal ausführen soll, bescheid geben.

Hi,

dann versuchen wir mal, mit FRST über die Reperaturoptionen reinzuschauen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

So, das ganze hat jetzt etwas länger gedauert, ich musste noch einen Stick mit der Recovery ISO von Vista vorbereiten.

frst.txt:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 02

Ran by SYSTEM on MINWINPC on 03-09-2013 21:52:00

Running from F:\#STUFF

Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet003
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-04] (Synaptics, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)

HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-09-17] (NVIDIA Corporation)

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13552160 2008-09-17] (NVIDIA Corporation)

HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)

HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-07] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM\...\Runonce: [OTL] - "F:\OTL.exe" [x]

HKLM\...\Policies\Explorer: [NoDrives] 0

HKU\******\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)

HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)

HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)

HKU\****\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
 

========================== Services (Whitelisted) =================
 

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)

S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-01] (Avira Operations GmbH & Co. KG)

S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080 2013-06-28] (LogMeIn Inc.)

S2 WTGService; C:\Program Files\Verbindungsassistent\wtgservice.exe [330696 2011-05-08] ()
 

==================== Drivers (Whitelisted) ====================
 

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-04-24] (Avira GmbH)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-04-27] (Avira GmbH)

S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-04-16] (Avira GmbH)

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-02] (Malwarebytes Corporation)

S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1332576 2008-09-25] (NXP Semiconductors Germany GmbH)

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-09-03 16:43 - 2013-09-03 16:43 - 00048331 _____ C:\ComboFix.txt

2013-09-03 16:18 - 2013-09-03 16:43 - 00000000 ____D C:\ComboFix

2013-09-03 16:18 - 2013-09-03 00:23 - 05119472 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe

2013-09-03 16:13 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-09-03 16:13 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-09-03 16:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-09-03 16:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-09-03 16:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-09-03 16:13 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-09-03 16:13 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-09-03 16:13 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-09-03 16:12 - 2013-09-03 16:43 - 00000000 ____D C:\Qoobox

2013-09-03 16:12 - 2013-09-03 16:38 - 00000000 ____D C:\Windows\erdnt

2013-09-02 19:46 - 2013-09-02 19:46 - 00000013 _____ C:\Users\****\AppData\Roaming\mbam.context.scan

2013-09-02 19:43 - 2013-09-02 19:43 - 00000000 _____ C:\Users\****\defogger_reenable

2013-09-01 23:42 - 2013-09-01 23:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-09-01 23:42 - 2013-09-01 23:42 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-01 23:42 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-09-01 23:40 - 2013-09-02 19:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\Users\****\AppData\Roaming\Malwarebytes

2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-01 23:26 - 2013-09-02 13:24 - 00000000 ____D C:\Windows\pss
 

==================== One Month Modified Files and Folders =======
 

2013-09-03 21:51 - 2013-09-03 21:51 - 00000000 ____D C:\FRST

2013-09-03 17:34 - 2008-01-21 08:16 - 01445310 _____ C:\Windows\System32\PerfStringBackup.INI

2013-09-03 17:18 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-03 17:18 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-03 16:43 - 2013-09-03 16:43 - 00048331 _____ C:\ComboFix.txt

2013-09-03 16:43 - 2013-09-03 16:18 - 00000000 ____D C:\ComboFix

2013-09-03 16:43 - 2013-09-03 16:12 - 00000000 ____D C:\Qoobox

2013-09-03 16:43 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public

2013-09-03 16:38 - 2013-09-03 16:12 - 00000000 ____D C:\Windows\erdnt

2013-09-03 16:33 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini

2013-09-03 16:31 - 2008-01-21 03:47 - 00089414 _____ C:\Windows\PFRO.log

2013-09-03 16:24 - 2012-06-02 10:36 - 00000000 ____D C:\Program Files\Searchqu Toolbar

2013-09-03 00:23 - 2013-09-03 16:18 - 05119472 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe

2013-09-02 19:46 - 2013-09-02 19:46 - 00000013 _____ C:\Users\****\AppData\Roaming\mbam.context.scan

2013-09-02 19:46 - 2013-09-01 23:40 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-09-02 19:43 - 2013-09-02 19:43 - 00000000 _____ C:\Users\****\defogger_reenable

2013-09-02 19:43 - 2011-03-27 14:56 - 00000000 ____D C:\users\****

2013-09-02 13:24 - 2013-09-01 23:26 - 00000000 ____D C:\Windows\pss

2013-09-01 23:45 - 2013-09-01 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-09-01 23:42 - 2013-09-01 23:42 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\Users\****\AppData\Roaming\Malwarebytes

2013-09-01 23:40 - 2013-09-01 23:40 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-01 21:57 - 2008-01-21 02:35 - 01148047 _____ C:\Windows\WindowsUpdate.log

2013-09-01 21:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-09-01 21:15 - 2011-03-28 08:18 - 00067368 _____ C:\ProgramData\nvModes.dat

2013-08-06 19:54 - 2011-03-27 14:56 - 00002032 _____ C:\Users\****\AppData\Local\d3d9caps.dat
 

ZeroAccess:

C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}

C:\Users\****\AppData\Local\{e616ae02-b60d-5551-16eb-eedf449d2993}\@
 

Files to move or delete:

====================

C:\ProgramData\nvModes.dat
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-09-01 22:00:55
 

==================== Memory info =========================== 
 

Percentage of memory in use: 11%

Total physical RAM: 3837.44 MB

Available physical RAM: 3381.48 MB

Total Pagefile: 3590.28 MB

Available Pagefile: 3436.18 MB

Total Virtual: 2047.88 MB

Available Virtual: 1966.3 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:282.27 GB) (Free:230.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVER) (Fixed) (Total:15.81 GB) (Free:4.74 GB) FAT32

Drive f: (VISTZA) (Removable) (Total:1.83 GB) (Free:1.69 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: DAE4C35C)

Partition 1: (Active) - (Size=282 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=16 GB) - (Type=0C)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=2 GB) - (Type=0B)
 
 

LastRegBack: 2013-09-03 17:47
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Soll ich mal per Recovery Disc versuchen eine Systemwiederherstellung durchzuführen? Vielleicht löst das ja schon mal einen Teil der Probleme.

Versuch zuerst mal, mit der "letzten als funktionierend bekannten Konfiguration" zu booten. Also beim Aufstarten F8 drücken (wie wenn du in die abgesicherten Modi wolltest) und dann diese Option auswählen. Klappt das?

Bringt leider nichts -> schwarzer Bildschirm + Mauszeiger

Ok, dann versuch mal eine Systemwiederherstellung auf einen Punkt vor diesem Vorfall.

Okay, das wird wohl nicht wirklich weiter helfen.
Ich habe lediglich einen Punkt von vor 4 Tagen, der Vorfall liegt schon ein ganzes Stück weiter zurück.
Eine andere Möglichkeit wäre noch die Recovery Funktion des Laptops (wohl über die Recovery Partition, die er beim Bootvorgang mit F3 starten will), soll ich mich mal an diese wagen?

EDIT: Ich gehe auch mal davon aus, das der FRST log (von Seite 2) nicht viel geholfen hat?

Mach bitte im abgesicherten Modus mal das folgende:

Gehe zu Start --> Alle Programme --> Zubehör, mache einen Rechtsklick auf Eingabeaufforderung und wähle "als Administrator ausführen".
Gib dann in die sich öffnende Konsole den Befehl
sfc /scannow
ein und bestätige mit Enter. Folge den weiteren Anweisungen.

Hallo aharonov,
ich habe mich gestern Abend dazu entschieden, den Laptop doch einfach einer Formatierung zu unterwerfen, da er für einen anstehenden Urlaub benötigt wird.
Ich danke dir trotzdem für deine eifrige Hilfe!

Ok, alles klar, danke für die Mitteilung.
Tut mir leid, dass es nicht anders geklappt hat, aber manchmal will es halt nicht..

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.