Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 7 started nicht! Nur schwarzer Bildschirm mit Cursor oben links! (https://www.trojaner-board.de/145707-win-7-started-nur-schwarzer-bildschirm-cursor-oben-links.html)

Bohne 06.12.2013 19:04
Win 7 started nicht! Nur schwarzer Bildschirm mit Cursor oben links!
 
Hallo :)
Ich habe das Problem das beim starten von windows 7 nur ein schwarzer Bildschirm mit Cursor oben links! Ich habe mein pc schon auseinandergebaut und habe mir identische Foren durchgelesen! Auf der Seite http://www.trojaner-board.de/104065-...ben-links.html habe ich eine ausführlich Anleitung gefunden! Ich habe alles gemacht was der Herr Cosinus geschrieben hat :) Ich habe grade einen Run Scan gemacht! OTL Logfile:
Code:
OTL logfile created on: 12/5/2013 6:13:12 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 73.50 Mb Free Space | 73.50% Space Free | Partition Type: NTFS
Drive D: | 288.09 Gb Total Space | 111.77 Gb Free Space | 38.80% Space Free | Partition Type: NTFS
Drive E: | 97.56 Gb Total Space | 32.59 Gb Free Space | 33.41% Space Free | Partition Type: NTFS
Drive F: | 545.77 Gb Total Space | 17.55 Gb Free Space | 3.22% Space Free | Partition Type: NTFS
Drive G: | 29.67 Gb Total Space | 29.67 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/09/21 03:36:28 | 000,239,616 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/09/20 20:58:34 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/10/08 07:17:48 | 003,032,032 | ---- | M] () [Auto] -- E:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard)
SRV - [2013/10/07 13:48:17 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/30 23:50:46 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/30 23:50:25 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/09/30 23:50:19 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/30 10:20:17 | 000,076,888 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/23 20:18:26 | 000,164,816 | ---- | M] (APN LLC.) [Auto] -- E:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/09/21 13:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/31 03:22:55 | 003,233,806 | ---- | M] () [Auto] -- E:\Program Files (x86)\Tor\tor.exe -- (tor)
SRV - [2013/06/21 02:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/20 12:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand] -- E:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/08 17:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/30 23:50:59 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/09/30 23:50:59 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/09/30 23:50:59 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/09/21 04:38:34 | 012,653,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/09/21 03:06:04 | 000,617,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/07/05 03:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/06/18 21:39:40 | 000,034,816 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:64bit: - [2011/08/23 08:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/17 05:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/08/17 05:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/09/16 01:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/11/22 07:48:46 | 010,733,184 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=8AD000FFADEDE16E&affID=121564&tsp=4956
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1749322d-8c8a-419b-9322-6e0d4f52d81e&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=24/05/2013
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1749322d-8c8a-419b-9322-6e0d4f52d81e&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=24/05/2013
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 75 7F 52 BC 21 CE 01  [binary data]
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1749322d-8c8a-419b-9322-6e0d4f52d81e&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=24/05/2013
IE - HKU\Bohne_ON_E\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1749322d-8c8a-419b-9322-6e0d4f52d81e&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=24/05/2013
IE - HKU\Bohne_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: E:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.7: E:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0: E:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: E:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: E:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: E:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/03 10:54:39 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/07 13:48:18 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/07 13:48:18 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/12/05 18:10:05 | 000,000,098 | ---- | M]) - E:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - E:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - E:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - E:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (WhiteSmoke New V6 Toolbar) - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - E:\Program Files (x86)\WhiteSmoke_New_V6\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - E:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - E:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke New V6 Toolbar) - {da7f5ae1-3be3-43c0-8098-c1d183616e97} - E:\Program Files (x86)\WhiteSmoke_New_V6\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\Bohne_ON_E\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - E:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp325] E:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [ApnTBMon] E:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FixCamera] E:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] E:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [snpstd3] E:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnp325] E:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [tsnpstd3] E:\Windows\tsnpstd3.exe ()
O4 - HKU\Bohne_ON_E..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Bohne_ON_E..\Run: [Browser Infrastructure Helper] E:\Users\Bohne\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4 - HKU\Bohne_ON_E..\Run: [ConduitFloatingPlugin_ibcgjcbeckcdemelifnledhihpaighfk] E:\Program Files (x86)\Conduit\CT3311268\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKU\Bohne_ON_E..\Run: [EADM] E:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\Bohne_ON_E..\Run: [HP Officejet 6700 (NET)] E:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\Bohne_ON_E..\Run: [NTRedirect] E:\Users\Bohne\AppData\Roaming\BabSolution\Shared\enhancedNT.dll ()
O4 - HKU\Bohne_ON_E..\Run: [Raptr] E:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - E:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/05 18:10:04 | 000,000,000 | ---D | C] -- E:\_OTL
[2013/04/12 11:44:32 | 000,147,456 | ---- | C] ( ) -- E:\Windows\SysWow64\rsnp325.dll
[2013/04/12 11:44:32 | 000,057,344 | ---- | C] ( ) -- E:\Windows\SysWow64\vsnp325.dll
[2013/04/12 11:44:32 | 000,053,248 | ---- | C] ( ) -- E:\Windows\SysWow64\csnp325.dll
[2013/04/12 11:31:46 | 000,163,840 | ---- | C] ( ) -- E:\Windows\SysWow64\rsnpstd3.dll
[2013/04/12 11:31:46 | 000,061,440 | ---- | C] ( ) -- E:\Windows\SysWow64\vsnpstd3.dll
[2013/04/12 11:31:46 | 000,053,248 | ---- | C] ( ) -- E:\Windows\csnpstd3.dll
[2013/03/29 13:17:10 | 000,216,064 | ---- | C] ( ) -- E:\Windows\SysWow64\lagarith.dll
[3 E:\Users\Bohne\Documents\*.tmp files -> E:\Users\Bohne\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/05 18:10:05 | 000,000,098 | ---- | M] () -- E:\Windows\System32\drivers\etc\Hosts
[2013/11/15 16:28:11 | 000,000,618 | ---- | M] () -- E:\Users\Bohne\Desktop\Fraps.lnk
[2013/11/15 16:28:09 | 000,002,731 | ---- | M] () -- E:\Users\Bohne\Desktop\Search.lnk
[2013/11/15 16:28:09 | 000,001,842 | ---- | M] () -- E:\Users\Bohne\Desktop\DivX Movies.lnk
[2013/11/15 16:28:09 | 000,001,537 | ---- | M] () -- E:\Users\Bohne\Desktop\8-bit_ Gorillaz - Feel Good Inc. - Verknüpfung.lnk
[3 E:\Users\Bohne\Documents\*.tmp files -> E:\Users\Bohne\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/21 04:23:02 | 000,995,342 | ---- | C] () -- E:\Windows\SysWow64\amdocl_as32.exe
[2013/09/21 04:23:02 | 000,798,734 | ---- | C] () -- E:\Windows\SysWow64\amdocl_ld32.exe
[2013/09/21 03:00:44 | 000,204,952 | ---- | C] () -- E:\Windows\SysWow64\ativvsvl.dat
[2013/09/21 03:00:44 | 000,157,144 | ---- | C] () -- E:\Windows\SysWow64\ativvsva.dat
[2013/09/20 22:28:48 | 000,038,912 | ---- | C] () -- E:\Windows\SysWow64\kdbsdk32.dll
[2013/06/20 11:44:37 | 000,000,017 | ---- | C] () -- E:\Users\Bohne\AppData\Local\resmon.resmoncfg
[2013/04/23 12:25:03 | 000,002,623 | ---- | C] () -- E:\Windows\Irremote.ini
[2013/04/12 11:44:33 | 000,835,584 | ---- | C] () -- E:\Windows\vsnp325.exe
[2013/04/12 11:44:33 | 000,270,336 | ---- | C] () -- E:\Windows\tsnp325.exe
[2013/04/12 11:44:33 | 000,015,498 | ---- | C] () -- E:\Windows\snp325.ini
[2013/04/12 11:39:29 | 000,003,968 | ---- | C] () -- E:\Windows\SysWow64\drivers\DeNoise.sys
[2013/04/12 11:31:47 | 000,835,584 | ---- | C] () -- E:\Windows\vsnpstd3.exe
[2013/04/12 11:31:47 | 000,360,448 | ---- | C] () -- E:\Windows\tsnpstd3.exe
[2013/04/12 11:31:47 | 000,015,498 | ---- | C] () -- E:\Windows\snpstd3.ini
[2013/04/12 11:23:29 | 000,020,480 | ---- | C] () -- E:\Windows\FixCamera.exe
[2013/03/29 13:17:10 | 000,715,038 | ---- | C] () -- E:\Windows\unins000.exe
[2013/03/29 13:17:10 | 000,001,990 | ---- | C] () -- E:\Windows\unins000.dat
[2013/03/20 13:19:46 | 000,000,057 | ---- | C] () -- E:\ProgramData\Ament.ini
[2013/03/15 16:10:04 | 001,592,628 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/15 15:40:24 | 002,580,552 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe
[2013/03/15 15:40:24 | 000,282,296 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2013/03/15 15:40:24 | 000,076,888 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2013/03/15 15:24:52 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2008/10/07 02:13:30 | 000,197,912 | ---- | C] () -- E:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 02:13:22 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- E:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2013/10/01 15:16:30 | 000,000,000 | ---D | M] -- E:\ProgramData\AMD
[2013/03/15 15:15:12 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2013/09/30 23:54:07 | 000,000,000 | ---D | M] -- E:\ProgramData\APN
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2013/03/27 09:31:39 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2013/09/30 23:54:22 | 000,000,000 | ---D | M] -- E:\ProgramData\AskPartnerNetwork
[2013/03/15 15:52:18 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon
[2013/03/31 11:55:15 | 000,000,000 | ---D | M] -- E:\ProgramData\Battle.net
[2013/10/09 13:09:28 | 000,000,000 | ---D | M] -- E:\ProgramData\BitGuard
[2013/04/23 12:53:39 | 000,000,000 | ---D | M] -- E:\ProgramData\Canneverbe Limited
[2013/10/08 16:33:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Conduit
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2013/03/15 15:15:12 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2013/03/15 16:03:13 | 000,000,000 | ---D | M] -- E:\ProgramData\EA Core
[2013/03/16 03:43:38 | 000,000,000 | ---D | M] -- E:\ProgramData\EA Logs
[2013/03/15 16:03:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2013/03/15 15:15:12 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2013/10/01 12:23:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Origin
[2013/10/01 13:10:49 | 000,000,000 | ---D | M] -- E:\ProgramData\Package Cache
[2013/03/16 14:22:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Sony
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2013/03/15 15:15:12 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2013/03/27 11:03:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Tunngle
[2013/03/15 15:15:12 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/09/21 02:27:30 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


Meine Frage ist jetzt wie es weiter gehen soll :) muss ich die den gleichen Run Fix wie auf der oben geposteten Seite machen oder ist das individuell?
Wie ist es möglich, dass Windows wieder Fehlerfrei startet?

Vielen Dank Bohne :)

schrauber 07.12.2013 11:02
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


Bohne 07.12.2013 16:02
Hallo :) Vielen Vielen Dank für die schnelle Rückmeldung!

Ich habe alles gemacht was in Ihrer Anleitung stand! Hier ist das das Ergebnis des Scans :
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 01
Ran by SYSTEM on MININT-90A487L on 06-12-2013 14:54:17
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [snp325] - C:\Windows\vsnp325.exe [835584 2007-05-10] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [tsnpstd3] - C:\Windows\tsnpstd3.exe [360448 2009-04-24] ()
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM-x32\...\Run: [tsnp325] - C:\Windows\tsnp325.exe [270336 2007-04-21] ()
HKLM-x32\...\Run: [NWEReboot] - [x]
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-09-24] (APN)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-21] (Advanced Micro Devices, Inc.)
HKU\Bohne\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3551576 2013-10-01] (Electronic Arts)
HKU\Bohne\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Bohne\...\Run: [Google Update] - C:\Users\Bohne\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-15] (Google Inc.)
HKU\Bohne\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Bohne\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\Bohne\...\Run: [Browser Infrastructure Helper] - C:\Users\Bohne\AppData\Local\Smartbar\Application\Linkury.exe [20248 2013-06-05] (Smartbar)
HKU\Bohne\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe  "C:\Users\Bohne\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\Bohne\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-09-27] (Raptr, Inc)
HKU\Bohne\...\Run: [ConduitFloatingPlugin_ibcgjcbeckcdemelifnledhihpaighfk] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3311268\plugins\TBVerifier.dll",RunConduitFloatingPlugin ibcgjcbeckcdemelifnledhihpaighfk
AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll  [2704352 2013-10-08] ()

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-21] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-09-24] (APN LLC.)
S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-30] ()
S2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-31] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [34816 2013-06-19] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-10-01] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-10-01] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10733184 2007-11-22] (Sonix Co. Ltd.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\FRST
2013-12-06 00:10 - 2013-12-06 00:10 - 00000000 ____D C:\_OTL
2013-12-05 23:43 - 2013-12-06 00:15 - 00060078 _____ C:\OTL.Txt

==================== One Month Modified Files and Folders =======

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\FRST
2013-12-06 00:15 - 2013-12-05 23:43 - 00060078 _____ C:\OTL.Txt
2013-12-06 00:10 - 2013-12-06 00:10 - 00000000 ____D C:\_OTL
2013-12-05 23:40 - 2013-03-15 21:15 - 00000000 ____D C:\users\Bohne
2013-11-15 22:28 - 2013-10-02 05:40 - 00000618 _____ C:\Users\Bohne\Desktop\Fraps.lnk
2013-11-15 22:28 - 2013-06-10 13:50 - 00002731 _____ C:\Users\Bohne\Desktop\Search.lnk
2013-11-15 22:28 - 2013-06-04 15:35 - 00001537 _____ C:\Users\Bohne\Desktop\8-bit_ Gorillaz - Feel Good Inc. - Verknüpfung.lnk
2013-11-15 22:28 - 2013-03-15 21:16 - 00001842 _____ C:\Users\Bohne\Desktop\DivX Movies.lnk

Some content of TEMP:
====================
C:\Users\Bohne\AppData\Local\Temp\APNStub.exe
C:\Users\Bohne\AppData\Local\Temp\AskSLib.dll
C:\Users\Bohne\AppData\Local\Temp\dlLogic.exe
C:\Users\Bohne\AppData\Local\Temp\i4jdel1.exe
C:\Users\Bohne\AppData\Local\Temp\JavaIC.dll
C:\Users\Bohne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Bohne\AppData\Local\Temp\msscct32.dll
C:\Users\Bohne\AppData\Local\Temp\raptrpatch.exe
C:\Users\Bohne\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Bohne\AppData\Local\Temp\setup__3862.exe
C:\Users\Bohne\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bohne\AppData\Local\Temp\sonarinst.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4093.55 MB
Available physical RAM: 3445.36 MB
Total Pagefile: 4091.75 MB
Available Pagefile: 3431.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:97.56 GB) (Free:32.5 GB) NTFS
Drive d: (Record) (Fixed) (Total:288.09 GB) (Free:111.77 GB) NTFS
Drive f: (Daten) (Fixed) (Total:545.77 GB) (Free:17.54 GB) NTFS
Drive g: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6EF4A4E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=546 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=288 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)


LastRegBack: 2013-10-12 14:54

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Lg Bohne :) Vielen Dank für die schnelle Rückmeldung!

schrauber 08.12.2013 07:30
Starte nochmal in die Recovery > Eingabeaufforderung. Nicht FRST starten, sondern folgendes eintippen:

bootrec.exe /FixBoot
bootrec.exe /FixMbr

nach jeder Zeile Enter. dann Rechner versuchen normal zu starten.

Bohne 08.12.2013 13:49
Leider started er immer noch nicht! Er zeigt jetzt an Windows wird gestartet! und 1 sec später fährt er sich wieder herunter! Ich habe mal versucht nach dem starten f8 zu drücken! und automatisches Herunterfahren zu deaktivieren! Dann kam ein blue screen mit der Fehlermeldung, start: 0*0000007b .

Vielen Dank :)

So ich habe gute Nachrichten! Ich habe über windows Cd gebootet und die partition wo mein windows installiert ist/war, formatiert! Habe dann windows neu installiert! Habe system c, die daten zwar verloren, aber er started wieder normal! Ich bedanke mich bei dir schrauber, dankeschön ich habe viel dazu gelernt! ich denke somit ist das hier erstmal------ closed---
lg bohne, Vielen Dank!

schrauber 08.12.2013 16:51
Ah einen Versuch häte ich noch gern gehabt :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:54 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24