Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger (https://www.trojaner-board.de/146074-windows-7-hp-x64-startet-schwarzen-bildschirm-mauszeiger.html)

golf30 14.12.2013 13:05
Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger
 
Sehr geehrtes Board-Team,
nach langem Lesen eueres gute Forums und vielen Tipps und Infos habe ich jetzt auch ein Problem :

Mein zweit Rechner verweigert leider den Dienst :
Hier die tec-Daten:
Acer Aspire M3870
Windows 7 HP x64
CPU : i3
RAM 4 GB
1 TB HDD
Nvidia Geforce GT330

Dieser bootet ganz normal und startet dann in ein schwarzes Bild mit weißem Mauszeiger.
Im Abgesicherten Modus genau das gleiche Spiel.

Über diesen Thread :
http://www.trojaner-board.de/131309-...auszeiger.html habe ich die FRST64 Log erzeugt, welche ich euch anhänge. Ich hoffe Ihr könnt mir helfen.
Bin seit einer Woche am probieren:crazy:
Vielen Dank im voraus.
Gruß
Golf30
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-53FQF1E on 14-12-2013 12:02:11
Running from M:\
WIN_7 Service Pack 1 (X64) OS Language: German Standard
Boot Mode: Recovery
Attention: Could not load system hive.
==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is not loaded.


==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


========================== Drivers MD5 =======================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:04 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 03:04 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:04 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 03:04 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-13 13:11 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\System32\logishrd
2013-12-13 13:10 - 2010-05-26 19:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:40 - 2011-10-22 15:43 - 00000000 ____D C:\Windows\Minidump
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-12-11 08:03 - 2013-09-15 01:35 - 00000000 ____D C:\Users\Daniel\Desktop\Dark-Mt2 2012
2013-12-11 08:03 - 2011-04-09 17:09 - 00000000 ___RD C:\Users\Daniel\Desktop\andere sachen
2013-12-03 18:47 - 2012-12-27 10:27 - 00015310 _____ C:\Windows\setupact.log
2013-12-03 18:47 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-12-03 18:47 - 2010-10-05 18:40 - 00000346 _____ C:\Windows\Tasks\RegistryBooster.job
2013-12-03 18:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:46 - 2010-05-26 19:02 - 01770302 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:40 - 2010-09-14 12:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000UA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000Core.job
2013-12-03 18:39 - 2010-09-14 12:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 17:43 - 2013-05-04 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-11-17 17:38 - 2012-09-01 23:52 - 00000000 ____D C:\Users\Daniel\Tracing
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:28 - 2010-05-25 04:19 - 00697300 _____ C:\Windows\System32\perfh007.dat
2013-11-14 03:28 - 2010-05-25 04:19 - 00148338 _____ C:\Windows\System32\perfc007.dat
2013-11-14 03:28 - 2009-07-14 06:13 - 01614964 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:00 - 2010-10-09 20:39 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\AutoRun.exe
C:\Users\Daniel\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Daniel\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Daniel\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Daniel\AppData\Local\Temp\EAInstall.dll
C:\Users\Daniel\AppData\Local\Temp\eauninstall.exe
C:\Users\Daniel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\tbNCH_.dll
C:\Users\Daniel\AppData\Local\Temp\unwise.exe
C:\Users\Daniel\AppData\Local\Temp\_is7C9E.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points  =========================


==================== BCD ================================


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4023.11 MB
Available physical RAM: 3471.91 MB
Total Pagefile: 4021.31 MB
Available Pagefile: 3477.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.45 GB) (Free:282.86 GB) NTFS
Drive e: (DATA) (Fixed) (Total:453.96 GB) (Free:453.86 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:24 GB) (Free:5.81 GB) NTFS
Drive g: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive m: () (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 18EB46D9)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 30 GB) (Disk ID: 6E652072)
Partition 1: (Active) - (Size=811 GB) - (Type=6E)
Partition 2: (Not Active) - (Size=468 GB) - (Type=FF)
Partition 3: (Not Active) - (Size=80 GB) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


LastRegBack: 2013-09-21 21:06

==================== End Of Log ============================

schrauber 14.12.2013 13:39
Hi,

bitte einen neuen Scan machen, FRST konnte die Registry nicht lesen.

golf30 14.12.2013 13:48
Hi,

Danke für die flotte Antwort.
Hier der neue Auszug. Ich hoffe der stimmt nun :


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-0110POU on 14-12-2013 13:46:02
Running from M:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ocs_SM] - C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-08-21] (OCS)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [G DATA AntiVirus Trayapplication] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252136 2011-05-04] (Sun Microsystems, Inc.)
HKU\Daniel\...\Run: [RegistryBooster] - C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe [67448 2010-09-15] (Uniblue Systems Limited)
HKU\Daniel\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\Daniel\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2011-02-26] (NEXON Inc.)
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Daniel\...\Run: [Akamai NetSession Interface] - C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Daniel\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Daniel\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Daniel\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4728320 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [aSQw8ccL0] - C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs:        [ ] ()
AppInit_DLLs-x32:        [ ] ()

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-25] ()
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
S2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG)
S2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [1731504 2009-11-25] (G Data Software AG)
S3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [36864 2010-04-17] (Realtek)
S2 SearchAnonymizer; C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-08-21] ()
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [34760 2010-09-14] (G Data Software AG)
S3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [74184 2010-09-14] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd64.sys [48584 2010-09-14] (G DATA Software AG)
S1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-09-19] (G Data Software)
S1 GRD; C:\Windows\SysWow64\drivers\GRD.sys [106224 2011-02-13] (G Data Software)
S3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [42952 2010-09-14] (G Data Software AG)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 13:23 - 2013-11-22 08:42 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:04 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 03:04 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:04 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 03:04 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-13 13:11 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\System32\logishrd
2013-12-13 13:10 - 2010-05-26 19:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:40 - 2011-10-22 15:43 - 00000000 ____D C:\Windows\Minidump
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-12-11 08:03 - 2013-09-15 01:35 - 00000000 ____D C:\Users\Daniel\Desktop\Dark-Mt2 2012
2013-12-11 08:03 - 2011-04-09 17:09 - 00000000 ___RD C:\Users\Daniel\Desktop\andere sachen
2013-12-03 18:47 - 2012-12-27 10:27 - 00015310 _____ C:\Windows\setupact.log
2013-12-03 18:47 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-12-03 18:47 - 2010-10-05 18:40 - 00000346 _____ C:\Windows\Tasks\RegistryBooster.job
2013-12-03 18:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:46 - 2010-05-26 19:02 - 01770302 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:40 - 2010-09-14 12:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000UA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000Core.job
2013-12-03 18:39 - 2010-09-14 12:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 08:42 - 2013-12-14 13:23 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-11-17 17:43 - 2013-05-04 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-11-17 17:38 - 2012-09-01 23:52 - 00000000 ____D C:\Users\Daniel\Tracing
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:28 - 2010-05-25 04:19 - 00697300 _____ C:\Windows\System32\perfh007.dat
2013-11-14 03:28 - 2010-05-25 04:19 - 00148338 _____ C:\Windows\System32\perfc007.dat
2013-11-14 03:28 - 2009-07-14 06:13 - 01614964 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:00 - 2010-10-09 20:39 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4023.11 MB
Available physical RAM: 3377.77 MB
Total Pagefile: 4021.31 MB
Available Pagefile: 3383.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.45 GB) (Free:282.96 GB) NTFS
Drive e: (DATA) (Fixed) (Total:453.96 GB) (Free:453.86 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:24 GB) (Free:5.81 GB) NTFS
Drive g: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive m: () (Removable) (Total:29.67 GB) (Free:29.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 18EB46D9)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 30 GB) (Disk ID: 6E652072)
Partition 1: (Active) - (Size=811 GB) - (Type=6E)
Partition 2: (Not Active) - (Size=468 GB) - (Type=FF)
Partition 3: (Not Active) - (Size=80 GB) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


LastRegBack: 2013-09-21 21:06

==================== End Of Log ============================
--- --- ---


Vielen Dank

schrauber 15.12.2013 07:21
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Daniel\...\Run: [aSQw8ccL0] - C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.

golf30 15.12.2013 21:22
Hi Schrauber,

danke für deinen Post :
Hier die Fixlog.txt :
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-12-2013
Ran by SYSTEM at 2013-12-15 21:21:07 Run:1
Running from M:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Daniel\...\Run: [aSQw8ccL0] - C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
*****************

HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\aSQw8ccL0 => Value deleted successfully.
"C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg" => File/Directory not found.

==== End of Fixlog ====

Rechner normal start bringt leider das gleiche : schwarzer Bildschirm und weißer Mauszeiger :(


Thanks

schrauber 16.12.2013 11:57
What? Gibts doch gar nit. Frisches Scanlog aus der Recovery bitte.

golf30 16.12.2013 19:18
Hallo Schrauber,

vielen Dank für deine Bemühungen . Hier der neue Scan :


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-12-2013
Ran by SYSTEM on MININT-3JOQ3UO on 16-12-2013 19:15:21
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ocs_SM] - C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-08-21] (OCS)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [G DATA AntiVirus Trayapplication] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252136 2011-05-04] (Sun Microsystems, Inc.)
HKU\Daniel\...\Run: [RegistryBooster] - C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe [67448 2010-09-15] (Uniblue Systems Limited)
HKU\Daniel\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\Daniel\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2011-02-26] (NEXON Inc.)
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Daniel\...\Run: [Akamai NetSession Interface] - C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Daniel\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Daniel\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Daniel\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4728320 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs:        [ ] ()
AppInit_DLLs-x32:        [ ] ()

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-25] ()
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
S2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG)
S2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [1731504 2009-11-25] (G Data Software AG)
S3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [36864 2010-04-17] (Realtek)
S2 SearchAnonymizer; C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-08-21] ()
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [34760 2010-09-14] (G Data Software AG)
S3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [74184 2010-09-14] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd64.sys [48584 2010-09-14] (G DATA Software AG)
S1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-09-19] (G Data Software)
S1 GRD; C:\Windows\SysWow64\drivers\GRD.sys [106224 2011-02-13] (G Data Software)
S3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [42952 2010-09-14] (G Data Software AG)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 13:23 - 2013-11-22 08:42 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP

==================== One Month Modified Files and Folders =======

2013-12-15 21:23 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\System32\logishrd
2013-12-15 21:23 - 2010-05-26 19:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:40 - 2011-10-22 15:43 - 00000000 ____D C:\Windows\Minidump
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-12-11 08:03 - 2013-09-15 01:35 - 00000000 ____D C:\Users\Daniel\Desktop\Dark-Mt2 2012
2013-12-11 08:03 - 2011-04-09 17:09 - 00000000 ___RD C:\Users\Daniel\Desktop\andere sachen
2013-12-03 18:47 - 2012-12-27 10:27 - 00015310 _____ C:\Windows\setupact.log
2013-12-03 18:47 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-12-03 18:47 - 2010-10-05 18:40 - 00000346 _____ C:\Windows\Tasks\RegistryBooster.job
2013-12-03 18:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:46 - 2010-05-26 19:02 - 01770302 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:40 - 2010-09-14 12:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000UA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000Core.job
2013-12-03 18:39 - 2010-09-14 12:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 08:42 - 2013-12-14 13:23 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-11-17 17:43 - 2013-05-04 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-11-17 17:38 - 2012-09-01 23:52 - 00000000 ____D C:\Users\Daniel\Tracing

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4023.11 MB
Available physical RAM: 3360.89 MB
Total Pagefile: 4021.31 MB
Available Pagefile: 3350.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.45 GB) (Free:282.96 GB) NTFS
Drive e: (DATA) (Fixed) (Total:453.96 GB) (Free:453.86 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:24 GB) (Free:5.81 GB) NTFS
Drive g: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive h: (dban-1.0.7) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 18EB46D9)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 981 MB) (Disk ID: 59C07261)
Partition 1: (Active) - (Size=-60073121792) - (Type=01)
Partition 2: (Not Active) - (Size=-127445736960) - (Type=42)
Partition 3: (Not Active) - (Size=322 MB) - (Type=6F)
Partition 4: (Not Active) - (Size=526 GB) - (Type=49)


LastRegBack: 2013-09-21 21:06

==================== End Of Log ============================
--- --- ---

schrauber 17.12.2013 10:29
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Wenn er jetzt immer noch nicht normal startet ist es kein Malware Problem.

golf30 17.12.2013 17:41
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-12-2013
Ran by SYSTEM at 2013-12-17 17:36:04 Run:3
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll
       
*****************

HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll => Moved successfully.

==== End of Fixlog ====
und er startet leider nicht :(...

schrauber 18.12.2013 10:23
Win DVD da? Systemstartreparatur schon versucht?

golf30 18.12.2013 21:59
Hi,
Jop schon alles ausprobiert :( es bleibt wohl oder übel nichts über die kiste muss neu..
Oder es hat noch jemand eine zündende Idee ? :)

Danke für jeden Hinweis

schrauber 19.12.2013 13:12
Ich würd ne Windowsinstallation von DVD drüber ziehen, dan bleiben mit Glück auch deine Daten erhalten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131