Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 14.12.2013, 13:05   #1
golf30
 
Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Sehr geehrtes Board-Team,
nach langem Lesen eueres gute Forums und vielen Tipps und Infos habe ich jetzt auch ein Problem :

Mein zweit Rechner verweigert leider den Dienst :
Hier die tec-Daten:
Acer Aspire M3870
Windows 7 HP x64
CPU : i3
RAM 4 GB
1 TB HDD
Nvidia Geforce GT330

Dieser bootet ganz normal und startet dann in ein schwarzes Bild mit weißem Mauszeiger.
Im Abgesicherten Modus genau das gleiche Spiel.

Über diesen Thread :
http://www.trojaner-board.de/131309-...auszeiger.html habe ich die FRST64 Log erzeugt, welche ich euch anhänge. Ich hoffe Ihr könnt mir helfen.
Bin seit einer Woche am probieren
Vielen Dank im voraus.
Gruß
Golf30
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-53FQF1E on 14-12-2013 12:02:11
Running from M:\
WIN_7 Service Pack 1 (X64) OS Language: German Standard
Boot Mode: Recovery
Attention: Could not load system hive.
==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is not loaded.


==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


========================== Drivers MD5 =======================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:04 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 03:04 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:04 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 03:04 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-13 13:11 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\System32\logishrd
2013-12-13 13:10 - 2010-05-26 19:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:40 - 2011-10-22 15:43 - 00000000 ____D C:\Windows\Minidump
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-12-11 08:03 - 2013-09-15 01:35 - 00000000 ____D C:\Users\Daniel\Desktop\Dark-Mt2 2012
2013-12-11 08:03 - 2011-04-09 17:09 - 00000000 ___RD C:\Users\Daniel\Desktop\andere sachen
2013-12-03 18:47 - 2012-12-27 10:27 - 00015310 _____ C:\Windows\setupact.log
2013-12-03 18:47 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-12-03 18:47 - 2010-10-05 18:40 - 00000346 _____ C:\Windows\Tasks\RegistryBooster.job
2013-12-03 18:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:46 - 2010-05-26 19:02 - 01770302 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:40 - 2010-09-14 12:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000UA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000Core.job
2013-12-03 18:39 - 2010-09-14 12:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 17:43 - 2013-05-04 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-11-17 17:38 - 2012-09-01 23:52 - 00000000 ____D C:\Users\Daniel\Tracing
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:28 - 2010-05-25 04:19 - 00697300 _____ C:\Windows\System32\perfh007.dat
2013-11-14 03:28 - 2010-05-25 04:19 - 00148338 _____ C:\Windows\System32\perfc007.dat
2013-11-14 03:28 - 2009-07-14 06:13 - 01614964 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:00 - 2010-10-09 20:39 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\AutoRun.exe
C:\Users\Daniel\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Daniel\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Daniel\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Daniel\AppData\Local\Temp\EAInstall.dll
C:\Users\Daniel\AppData\Local\Temp\eauninstall.exe
C:\Users\Daniel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\tbNCH_.dll
C:\Users\Daniel\AppData\Local\Temp\unwise.exe
C:\Users\Daniel\AppData\Local\Temp\_is7C9E.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points  =========================


==================== BCD ================================


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4023.11 MB
Available physical RAM: 3471.91 MB
Total Pagefile: 4021.31 MB
Available Pagefile: 3477.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.45 GB) (Free:282.86 GB) NTFS
Drive e: (DATA) (Fixed) (Total:453.96 GB) (Free:453.86 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:24 GB) (Free:5.81 GB) NTFS
Drive g: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive m: () (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 18EB46D9)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 30 GB) (Disk ID: 6E652072)
Partition 1: (Active) - (Size=811 GB) - (Type=6E)
Partition 2: (Not Active) - (Size=468 GB) - (Type=FF)
Partition 3: (Not Active) - (Size=80 GB) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


LastRegBack: 2013-09-21 21:06

==================== End Of Log ============================
         

Alt 14.12.2013, 13:39   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Hi,

bitte einen neuen Scan machen, FRST konnte die Registry nicht lesen.
__________________

__________________

Alt 14.12.2013, 13:48   #3
golf30
 
Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Hi,

Danke für die flotte Antwort.
Hier der neue Auszug. Ich hoffe der stimmt nun :


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-0110POU on 14-12-2013 13:46:02
Running from M:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ocs_SM] - C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-08-21] (OCS)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [G DATA AntiVirus Trayapplication] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252136 2011-05-04] (Sun Microsystems, Inc.)
HKU\Daniel\...\Run: [RegistryBooster] - C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe [67448 2010-09-15] (Uniblue Systems Limited)
HKU\Daniel\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\Daniel\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2011-02-26] (NEXON Inc.)
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Daniel\...\Run: [Akamai NetSession Interface] - C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Daniel\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Daniel\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Daniel\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4728320 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [aSQw8ccL0] - C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs:        [ ] ()
AppInit_DLLs-x32:        [ ] ()

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-25] ()
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
S2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG)
S2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [1731504 2009-11-25] (G Data Software AG)
S3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [36864 2010-04-17] (Realtek)
S2 SearchAnonymizer; C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-08-21] ()
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [34760 2010-09-14] (G Data Software AG)
S3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [74184 2010-09-14] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd64.sys [48584 2010-09-14] (G DATA Software AG)
S1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-09-19] (G Data Software)
S1 GRD; C:\Windows\SysWow64\drivers\GRD.sys [106224 2011-02-13] (G Data Software)
S3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [42952 2010-09-14] (G Data Software AG)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 13:23 - 2013-11-22 08:42 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:04 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 03:04 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 03:04 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:04 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:04 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:04 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:04 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 03:04 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-13 13:11 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\System32\logishrd
2013-12-13 13:10 - 2010-05-26 19:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:40 - 2011-10-22 15:43 - 00000000 ____D C:\Windows\Minidump
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-12-11 08:03 - 2013-09-15 01:35 - 00000000 ____D C:\Users\Daniel\Desktop\Dark-Mt2 2012
2013-12-11 08:03 - 2011-04-09 17:09 - 00000000 ___RD C:\Users\Daniel\Desktop\andere sachen
2013-12-03 18:47 - 2012-12-27 10:27 - 00015310 _____ C:\Windows\setupact.log
2013-12-03 18:47 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-12-03 18:47 - 2010-10-05 18:40 - 00000346 _____ C:\Windows\Tasks\RegistryBooster.job
2013-12-03 18:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:46 - 2010-05-26 19:02 - 01770302 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:40 - 2010-09-14 12:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000UA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000Core.job
2013-12-03 18:39 - 2010-09-14 12:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 08:42 - 2013-12-14 13:23 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-11-17 17:43 - 2013-05-04 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-11-17 17:38 - 2012-09-01 23:52 - 00000000 ____D C:\Users\Daniel\Tracing
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:29 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 03:28 - 2010-05-25 04:19 - 00697300 _____ C:\Windows\System32\perfh007.dat
2013-11-14 03:28 - 2010-05-25 04:19 - 00148338 _____ C:\Windows\System32\perfc007.dat
2013-11-14 03:28 - 2009-07-14 06:13 - 01614964 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-14 03:22 - 2013-11-14 03:22 - 00000000 _____ C:\Windows\SysWOW64\shoB35F.tmp
2013-11-14 03:00 - 2010-10-09 20:39 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4023.11 MB
Available physical RAM: 3377.77 MB
Total Pagefile: 4021.31 MB
Available Pagefile: 3383.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.45 GB) (Free:282.96 GB) NTFS
Drive e: (DATA) (Fixed) (Total:453.96 GB) (Free:453.86 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:24 GB) (Free:5.81 GB) NTFS
Drive g: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive m: () (Removable) (Total:29.67 GB) (Free:29.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 18EB46D9)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 30 GB) (Disk ID: 6E652072)
Partition 1: (Active) - (Size=811 GB) - (Type=6E)
Partition 2: (Not Active) - (Size=468 GB) - (Type=FF)
Partition 3: (Not Active) - (Size=80 GB) - (Type=74)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


LastRegBack: 2013-09-21 21:06

==================== End Of Log ============================
         
--- --- ---


Vielen Dank
__________________

Alt 15.12.2013, 07:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Daniel\...\Run: [aSQw8ccL0] - C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.12.2013, 21:22   #5
golf30
 
Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Hi Schrauber,

danke für deinen Post :
Hier die Fixlog.txt :
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-12-2013
Ran by SYSTEM at 2013-12-15 21:21:07 Run:1
Running from M:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Daniel\...\Run: [aSQw8ccL0] - C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg
*****************

HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\aSQw8ccL0 => Value deleted successfully.
"C:\Users\Daniel\AppData\Local\mafksrwstdsaujrjwbt.bfg" => File/Directory not found.

==== End of Fixlog ====

Rechner normal start bringt leider das gleiche : schwarzer Bildschirm und weißer Mauszeiger


Thanks


Alt 16.12.2013, 11:57   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



What? Gibts doch gar nit. Frisches Scanlog aus der Recovery bitte.
__________________
--> Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger

Alt 16.12.2013, 19:18   #7
golf30
 
Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Hallo Schrauber,

vielen Dank für deine Bemühungen . Hier der neue Scan :


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-12-2013
Ran by SYSTEM on MININT-3JOQ3UO on 16-12-2013 19:15:21
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ocs_SM] - C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-08-21] (OCS)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [G DATA AntiVirus Trayapplication] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-12-22] (Acer Corp.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252136 2011-05-04] (Sun Microsystems, Inc.)
HKU\Daniel\...\Run: [RegistryBooster] - C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe [67448 2010-09-15] (Uniblue Systems Limited)
HKU\Daniel\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\Daniel\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2011-02-26] (NEXON Inc.)
HKU\Daniel\...\Run: [Facebook Update] - C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Daniel\...\Run: [Akamai NetSession Interface] - C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Daniel\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Daniel\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Daniel\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4728320 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-25] (Spotify Ltd)
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs:        [ ] ()
AppInit_DLLs-x32:        [ ] ()

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-25] ()
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
S2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG)
S2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [1731504 2009-11-25] (G Data Software AG)
S3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [36864 2010-04-17] (Realtek)
S2 SearchAnonymizer; C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-08-21] ()
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [34760 2010-09-14] (G Data Software AG)
S3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [74184 2010-09-14] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd64.sys [48584 2010-09-14] (G DATA Software AG)
S1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-09-19] (G Data Software)
S1 GRD; C:\Windows\SysWow64\drivers\GRD.sys [106224 2011-02-13] (G Data Software)
S3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [42952 2010-09-14] (G Data Software AG)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 13:23 - 2013-11-22 08:42 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP

==================== One Month Modified Files and Folders =======

2013-12-15 21:23 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\System32\logishrd
2013-12-15 21:23 - 2010-05-26 19:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-14 12:01 - 2013-12-14 12:01 - 00000000 ___DC C:\FRST
2013-12-12 08:40 - 2013-12-12 08:40 - 00450968 _____ C:\Windows\Minidump\121213-26925-01.dmp
2013-12-12 08:40 - 2011-10-22 15:43 - 00000000 ____D C:\Windows\Minidump
2013-12-12 08:39 - 2013-12-12 08:39 - 307425428 _____ C:\Windows\MEMORY.DMP
2013-12-11 08:03 - 2013-09-15 01:35 - 00000000 ____D C:\Users\Daniel\Desktop\Dark-Mt2 2012
2013-12-11 08:03 - 2011-04-09 17:09 - 00000000 ___RD C:\Users\Daniel\Desktop\andere sachen
2013-12-03 18:47 - 2012-12-27 10:27 - 00015310 _____ C:\Windows\setupact.log
2013-12-03 18:47 - 2010-12-26 14:35 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-12-03 18:47 - 2010-10-05 18:40 - 00000346 _____ C:\Windows\Tasks\RegistryBooster.job
2013-12-03 18:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:46 - 2010-05-26 19:02 - 01770302 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:40 - 2010-09-14 12:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001142 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000UA.job
2013-12-03 18:39 - 2011-10-30 14:14 - 00001120 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3667366086-543603560-2415944112-1000Core.job
2013-12-03 18:39 - 2010-09-14 12:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 08:42 - 2013-12-14 13:23 - 05910296 ____C (Piriform Ltd) C:\CCleaner64.exe
2013-11-17 17:43 - 2013-05-04 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-11-17 17:38 - 2012-09-01 23:52 - 00000000 ____D C:\Users\Daniel\Tracing

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4023.11 MB
Available physical RAM: 3360.89 MB
Total Pagefile: 4021.31 MB
Available Pagefile: 3350.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.45 GB) (Free:282.96 GB) NTFS
Drive e: (DATA) (Fixed) (Total:453.96 GB) (Free:453.86 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:24 GB) (Free:5.81 GB) NTFS
Drive g: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive h: (dban-1.0.7) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 18EB46D9)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 981 MB) (Disk ID: 59C07261)
Partition 1: (Active) - (Size=-60073121792) - (Type=01)
Partition 2: (Not Active) - (Size=-127445736960) - (Type=42)
Partition 3: (Not Active) - (Size=322 MB) - (Type=6F)
Partition 4: (Not Active) - (Size=526 GB) - (Type=49)


LastRegBack: 2013-09-21 21:06

==================== End Of Log ============================
         
--- --- ---

Alt 17.12.2013, 10:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Wenn er jetzt immer noch nicht normal startet ist es kein Malware Problem.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.12.2013, 17:41   #9
golf30
 
Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-12-2013
Ran by SYSTEM at 2013-12-17 17:36:04 Run:3
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Daniel\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll
         
*****************

HKU\Daniel\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
C:\Users\Daniel\AppData\Local\TBHostSupport\TBHostSupport.dll => Moved successfully.

==== End of Fixlog ====
         
und er startet leider nicht ...

Alt 18.12.2013, 10:23   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Win DVD da? Systemstartreparatur schon versucht?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.12.2013, 21:59   #11
golf30
 
Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Hi,
Jop schon alles ausprobiert es bleibt wohl oder übel nichts über die kiste muss neu..
Oder es hat noch jemand eine zündende Idee ?

Danke für jeden Hinweis

Alt 19.12.2013, 13:12   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Standard

Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger



Ich würd ne Windowsinstallation von DVD drüber ziehen, dan bleiben mit Glück auch deine Daten erhalten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger
appdata, association, bild, cdrom, check, desktop, dvd, explorer.exe, free, geforce, icon, log, microsoft, minidump, problem, rechner, registry, services.exe, software, startet, svchost.exe, system, system32, temp, tipps, windows, winlogon.exe



Ähnliche Themen: Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger


  1. Windows 7, schwarzer Bildschirm mit Mauszeiger, abgesicherter Modus funktioniert
    Alles rund um Windows - 02.09.2015 (6)
  2. Windows 7: Boot nicht möglich; schwarzer Bildschirm mit Mauszeiger nach Windowslogo
    Log-Analyse und Auswertung - 11.11.2014 (17)
  3. Windows 8.1: schwarzer Bildschirm nach Start, Mauszeiger da
    Alles rund um Windows - 27.08.2014 (2)
  4. Windows 7 startet nicht mehr - Schwarzer Bildschirm mit Mauszeiger
    Log-Analyse und Auswertung - 19.08.2014 (25)
  5. Windows 7 prof. bricht das booten ab und zeigt schwarzen Bildschirm anstatt Benutzeranmeldung
    Log-Analyse und Auswertung - 25.04.2014 (7)
  6. [Windows 7] Nach Login bei Windows erscheint nur noch ein schwarzer Bildschirm mit Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 12.03.2014 (1)
  7. Windows 7 schwarzer Bildschirm + Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 18.01.2014 (4)
  8. Windows 8 schwarzer Bildschirm + Mauszeiger
    Alles rund um Windows - 05.01.2014 (1)
  9. Windows 7: Schwarzer Bildschirm und Mauszeiger beim Starten
    Log-Analyse und Auswertung - 29.12.2013 (5)
  10. Beim starten schwarzer Bildschirm und bewegbarer Mauszeiger (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (9)
  11. Windows 7: Computer startet nicht - grauer Bildschirm, Mauszeiger reagiert
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (11)
  12. Windows 7 nach Start schwarzer Bildschirm + Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (15)
  13. Windows 7 startet nicht mehr, schwarzer Bildschirm beim Booten mit weißem Mauszeiger
    Log-Analyse und Auswertung - 19.03.2013 (0)
  14. Trojaner mit dem schwarzen Bildschirm, der Deutschlandflagge und 50€
    Log-Analyse und Auswertung - 15.04.2012 (3)
  15. Trojaner mit dem schwarzen Bildschirm, der Deutschlandflagge und 50€ zu bezahlen, eingefangen
    Mülltonne - 30.03.2012 (2)
  16. Win7 startet nicht wie sonst, weißer Balken blinkt auf schwarzen Hintergrund
    Alles rund um Windows - 19.07.2011 (24)
  17. WLAN Karte verursacht schwarzen Bildschirm am Notebook
    Netzwerk und Hardware - 26.04.2009 (4)

Zum Thema Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger - Sehr geehrtes Board-Team, nach langem Lesen eueres gute Forums und vielen Tipps und Infos habe ich jetzt auch ein Problem : Mein zweit Rechner verweigert leider den Dienst : Hier - Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger...
Archiv
Du betrachtest: Windows 7 HP x64 startet in schwarzen Bildschirm/Mauszeiger auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.