Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Windows 8 schwarzer Bildschirm + Mauszeiger (https://www.trojaner-board.de/147360-windows-8-schwarzer-bildschirm-mauszeiger.html)

kurtsvb 05.01.2014 10:24
Windows 8 schwarzer Bildschirm + Mauszeiger
 
Hallo

Ich habe einen schwarzen Bildschirm und kann nur die Maus bewegen.
Habe bei euch gelesen was ich machen soll und die Textdateien mit frst ausgelesen und angefügt. Für Hilfe wäre ich Dankbar.

Gruß Kurt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by SYSTEM on MININT-SP1D5GN on 05-01-2014 10:07:35
Running from F:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-01] (CyberLink Corp.)
HKLM\...\RunOnce: [Unattend0000000001{72D30617-8336-4527-BC5C-87A20AC2C462}] - C:\SWSetup\FLC\RUNCMDS.exe [16384 2008-04-14] (Hewlett-Packard Company)
HKLM\...\RunOnce: [Unattend0000000002{92D1D305-E469-4045-97A1-77525D920BDB}] - C:\SWSetup\FLC.LP\RUNCMDS.exe [16384 2008-04-14] (Hewlett-Packard Company)
HKLM\...\Runonce: [Unattend0000000003{06CC3A88-51E2-4826-9B14-0945D394448F}] - c:\system.sav\util\hputilck.exe cmd.exe /c rmdir /s /q C:\SWSetup\FLC
HKLM\...\Runonce: [Unattend0000000004{A7AD2AED-DABE-4E9B-9FAC-F1FD61A2D700}] - c:\system.sav\util\hputilck.exe cmd.exe /c rmdir /s /q C:\SWSetup\FLC.LP
HKLM-x32\...\RunOnce: [SymSilent] - "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service [925080 2012-06-19] (Symantec Corporation)

==================== Services (Whitelisted) =================

S2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-18] (Hewlett-Packard)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928 2012-06-14] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [120440 2012-06-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [2068600 2012-06-15] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSP64.SYS [753312 2012-05-24] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMDS64.SYS [485024 2012-05-24] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1400000.088\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymELAM; C:\Windows\system32\drivers\NISx64\1400000.088\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-10-15] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS [222368 2012-05-24] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS [431224 2012-05-09] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 10:07 - 2014-01-05 10:07 - 00000000 ____D C:\FRST
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Vorlagen
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Programme
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Vorlagen
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Dokumente und Einstellungen
2014-01-04 10:04 - 2014-01-04 10:04 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-01-04 10:03 - 2014-01-04 10:03 - 00000000 _____ C:\Recovery.txt

==================== One Month Modified Files and Folders =======

2014-01-05 10:07 - 2014-01-05 10:07 - 00000000 ____D C:\FRST
2014-01-05 00:51 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 00:37 - 2012-10-15 16:52 - 00745562 _____ C:\Windows\System32\perfh007.dat
2014-01-05 00:37 - 2012-10-15 16:52 - 00169488 _____ C:\Windows\System32\perfc007.dat
2014-01-05 00:37 - 2012-07-25 23:28 - 01752656 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Vorlagen
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Programme
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Vorlagen
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2014-01-04 10:05 - 2014-01-04 10:05 - 00000000 _SHDL C:\Dokumente und Einstellungen
2014-01-04 10:05 - 2012-08-01 18:02 - 00000000 ____D C:\Windows\Panther
2014-01-04 10:05 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Windows NT
2014-01-04 10:05 - 2012-07-25 21:37 - 00000000 __RHD C:\users\Default
2014-01-04 10:05 - 2012-07-25 21:26 - 00008192 ___SH C:\Windows\System32\config\BBI
2014-01-04 10:04 - 2014-01-04 10:04 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-01-04 10:04 - 2012-08-01 09:09 - 00009068 _____ C:\Windows\iis.log
2014-01-04 10:04 - 2012-07-26 00:13 - 00003608 _____ C:\Windows\DtcInstall.log
2014-01-04 10:04 - 2012-07-25 23:21 - 00032824 _____ C:\Windows\setupact.log
2014-01-04 10:03 - 2014-01-04 10:03 - 00000000 _____ C:\Recovery.txt
2014-01-04 10:03 - 2012-07-26 00:13 - 00262144 _____ C:\Windows\System32\config\BCD-Template

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8144.94 MB
Available physical RAM: 7213.4 MB
Total Pagefile: 8144.94 MB
Available Pagefile: 7220.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1850.18 GB) (Free:1825.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.02 GB) (Free:0.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:14.22 GB) NTFS
Drive f: (WDO_Media32) (Removable) (Total:0.23 GB) (Free:0.21 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 70DAF65D)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 78296EA4)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 241 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=240 MB) - (Type=07 NTFS)


LastRegBack: 2012-08-01 09:02

==================== End Of Log ============================

WinUser13 05.01.2014 18:54
Hallo! :)
Ich glaube du solltest besser hier ein neues Thema erstellen : Log-Analyse und Auswertung - Trojaner-Board


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131