Trojaner-Board - Windows Vista startet nur noch mit Mauzeiger

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows Vista startet nur noch mit Mauzeiger (https://www.trojaner-board.de/144323-windows-vista-startet-nur-noch-mauzeiger.html)

Windows Vista startet nur noch mit Mauzeiger

Guten Morgen,

habe alle mögliche Probiert alle Modis zum Starten ausgefür immer
wie das gleich Ergebniss. Sehr njur den Mauszeiger STRG + ALT + ENTF
geht auch nicht, auch kein WINDOWS TASTE + R.
Reperatur hat aucjh nicht Funktionier und ein Wiederherstellungs Punkt
gibt es auch nicht :(

Logfile wurde erstellt mit FRST.exe leider habe ich keine Anleitung
gefunden zum erstellen ein FIXLIST.TXT

Bitte um HILFE und vielen Dank im Voraus

Anhang 61889

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013

Ran by SYSTEM on MININT-29L1F3J on 10-11-2013 00:04:40

Running from C:\

Windows Vista (TM) Home Premium (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [HControlUser] - C:\Program Files\ATK Hotkey\HControlUser.exe [98304 2008-01-12] ()

HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [7651328 2008-07-15] (ASUS)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6183456 2008-06-13] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-07] (Synaptics, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)

HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-03-19] (Avira Operations GmbH & Co. KG)

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\RLehmann\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [ 2007-08-21] (Nero AG)

HKU\RLehmann\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-02-28] (Skype Technologies S.A.)

HKU\TEMP\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\TEMP.0811tbzkwlap01\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

AppInit_DLLs:   [ ] ()
 

========================== Services (Whitelisted) =================
 

S2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [374496 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()

S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)

S2 Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [57393 2004-01-09] (IBM Corp)
 

==================== Drivers (Whitelisted) ====================
 

S0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)

S2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)

S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [48128 2008-08-20] (ASIX Electronics Corp.)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )

S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-04-16] ()

S3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [x]

S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S4 vsdatant; a [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-11-10 00:40 - 2013-11-10 00:40 - 01089445 _____ (Farbar) C:\FRST.exe

2013-11-09 14:13 - 2013-11-09 14:13 - 00008636 _____ C:\FRSTLIST.txt

2013-11-09 13:59 - 2013-11-09 14:37 - 00000208 _____ C:\Search.txt

2013-11-09 13:49 - 2013-11-09 13:49 - 00000000 ____D C:\FRST

2013-11-08 02:57 - 2013-11-08 03:03 - 03282706 _____ C:\Win-Files.txt
 

==================== One Month Modified Files and Folders =======
 

2013-11-10 00:40 - 2013-11-10 00:40 - 01089445 _____ (Farbar) C:\FRST.exe

2013-11-09 14:37 - 2013-11-09 13:59 - 00000208 _____ C:\Search.txt

2013-11-09 14:13 - 2013-11-09 14:13 - 00008636 _____ C:\FRSTLIST.txt

2013-11-09 13:49 - 2013-11-09 13:49 - 00000000 ____D C:\FRST

2013-11-09 13:49 - 2008-11-05 12:57 - 00000000 ____D C:\users\ADMINI~1

2013-11-09 13:49 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public

2013-11-08 03:03 - 2013-11-08 02:57 - 03282706 _____ C:\Win-Files.txt

2013-11-08 02:55 - 2012-01-13 08:08 - 00000000 ____D C:\users\TEMP.0811tbzkwlap01

2013-11-08 02:43 - 2008-11-05 17:25 - 00000000 ____D C:\users\RLehmann

2013-11-08 01:56 - 2006-11-02 13:47 - 00406200 _____ C:\Windows\System32\FNTCACHE.DAT
 

Some content of TEMP:

====================

C:\Users\RLehmann\AppData\Local\Temp\BackupSetup.exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[1526].exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[2451].exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[7393].exe

C:\Users\RLehmann\AppData\Local\Temp\GLFB298.tmp.ConduitEngineSetup.exe

C:\Users\RLehmann\AppData\Local\Temp\IncrediMail_MediaBar_2.exe

C:\Users\RLehmann\AppData\Local\Temp\Installer.exe

C:\Users\RLehmann\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_au_aih.exe

C:\Users\RLehmann\AppData\Local\Temp\Optimizer_Pro.exe

C:\Users\RLehmann\AppData\Local\Temp\SNDunin.dll

C:\Users\RLehmann\AppData\Local\Temp\srtUnin.dll

C:\Users\RLehmann\AppData\Local\Temp\tbIncr.dll

C:\Users\RLehmann\AppData\Local\Temp\tekae-7z.dll

C:\Users\RLehmann\AppData\Local\Temp\vcredist_x86.exe

C:\Users\RLehmann\AppData\Local\Temp\_is2EEE.exe

C:\Users\RLehmann\AppData\Local\Temp\_is62B8.exe

C:\Users\RLehmann\AppData\Local\Temp\_is699B.exe

C:\Users\RLehmann\AppData\Local\Temp\{4F553086-05A8-4220-B2E5-DA4A151223CF}-27.0.1453.94_26.0.1410.64_chrome_updater.exe
 
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 24%

Total physical RAM: 1791.15 MB

Available physical RAM: 1348.26 MB

Total Pagefile: 1791.15 MB

Available Pagefile: 1354.93 MB

Total Virtual: 2047.88 MB

Available Virtual: 1951.76 MB
 

==================== Drives ================================
 

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:70.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:79.69 GB) NTFS

Drive e: (10 Nov 2013) (CDROM) (Total:2.32 GB) (Free:0 GB) UDF

Drive f: (MUSIK) (Removable) (Total:0.93 GB) (Free:0.01 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: 97646C29)

Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)

Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (Size: 952 MB) (Disk ID: 00653388)

Partition 1: (Active) - (Size=952 MB) - (Type=0B)
 
 

LastRegBack: 2013-11-07 23:42
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\TEMP\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\TEMP.0811tbzkwlap01\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

AppInit_DLLs:   [ ] ()

C:\Users\RLehmann\AppData\Local\Temp\BackupSetup.exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[1526].exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[2451].exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[7393].exe

C:\Users\RLehmann\AppData\Local\Temp\GLFB298.tmp.ConduitEngineSetup.exe

C:\Users\RLehmann\AppData\Local\Temp\IncrediMail_MediaBar_2.exe

C:\Users\RLehmann\AppData\Local\Temp\Installer.exe

C:\Users\RLehmann\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_au_aih.exe

C:\Users\RLehmann\AppData\Local\Temp\Optimizer_Pro.exe

C:\Users\RLehmann\AppData\Local\Temp\SNDunin.dll

C:\Users\RLehmann\AppData\Local\Temp\srtUnin.dll

C:\Users\RLehmann\AppData\Local\Temp\tbIncr.dll

C:\Users\RLehmann\AppData\Local\Temp\tekae-7z.dll

C:\Users\RLehmann\AppData\Local\Temp\vcredist_x86.exe

C:\Users\RLehmann\AppData\Local\Temp\_is2EEE.exe

C:\Users\RLehmann\AppData\Local\Temp\_is62B8.exe

C:\Users\RLehmann\AppData\Local\Temp\_is699B.exe

C:\Users\RLehmann\AppData\Local\Temp\{4F553086-05A8-4220-B2E5-DA4A151223CF}-27.0.1453.94_26.0.1410.64_chrome_updater.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

Guten Abend,

vielen dank für die schnelle Hilfe aber leider sehe ich immer noch nur die maus nix anderes :(
Anscheid ist wirklich nur eine Neuinstallation hilfreich oder.

Code:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013

Ran by SYSTEM at 2013-11-10 09:13:42 Run:5

Running from C:\

Boot Mode: Recovery
 

==============================================
 

Content of fixlist:

*****************

HKU\TEMP\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\TEMP.0811tbzkwlap01\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

AppInit_DLLs:   [ ] ()

C:\Users\RLehmann\AppData\Local\Temp\BackupSetup.exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[1526].exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[2451].exe

C:\Users\RLehmann\AppData\Local\Temp\fvw_k[7393].exe

C:\Users\RLehmann\AppData\Local\Temp\GLFB298.tmp.ConduitEngineSetup.exe

C:\Users\RLehmann\AppData\Local\Temp\IncrediMail_MediaBar_2.exe

C:\Users\RLehmann\AppData\Local\Temp\Installer.exe

C:\Users\RLehmann\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_au_aih.exe

C:\Users\RLehmann\AppData\Local\Temp\Optimizer_Pro.exe

C:\Users\RLehmann\AppData\Local\Temp\SNDunin.dll

C:\Users\RLehmann\AppData\Local\Temp\srtUnin.dll

C:\Users\RLehmann\AppData\Local\Temp\tbIncr.dll

C:\Users\RLehmann\AppData\Local\Temp\tekae-7z.dll

C:\Users\RLehmann\AppData\Local\Temp\vcredist_x86.exe

C:\Users\RLehmann\AppData\Local\Temp\_is2EEE.exe

C:\Users\RLehmann\AppData\Local\Temp\_is62B8.exe

C:\Users\RLehmann\AppData\Local\Temp\_is699B.exe

C:\Users\RLehmann\AppData\Local\Temp\{4F553086-05A8-4220-B2E5-DA4A151223CF}-27.0.1453.94_26.0.1410.64_chrome_updater.exe

         

*****************
 

HKU\TEMP\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value not found.

HKU\TEMP.0811tbzkwlap01\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value not found.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

"C:\Users\RLehmann\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\fvw_k[1526].exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\fvw_k[2451].exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\fvw_k[7393].exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\GLFB298.tmp.ConduitEngineSetup.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\IncrediMail_MediaBar_2.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\Installer.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_au_aih.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\Optimizer_Pro.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\SNDunin.dll" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\srtUnin.dll" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\tbIncr.dll" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\tekae-7z.dll" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\vcredist_x86.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\_is2EEE.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\_is62B8.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\_is699B.exe" => File/Directory not found.

"C:\Users\RLehmann\AppData\Local\Temp\{4F553086-05A8-4220-B2E5-DA4A151223CF}-27.0.1453.94_26.0.1410.64_chrome_updater.exe" => File/Directory not found.
 

==== End of Fixlog ====

Poste bitte mal ein frisches Scanlog aus der Recovery.

Guten Tag,

schön das es noch nicht ganz ausichtslos erscheint hier eine frische LOG Datei.
Besten Dank für die Mühe.

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013

Ran by SYSTEM on MINWINPC on 11-11-2013 01:40:30

Running from C:\

Windows Vista (TM) Home Premium (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [HControlUser] - C:\Program Files\ATK Hotkey\HControlUser.exe [98304 2008-01-11] ()

HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [7651328 2008-07-15] (ASUS)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6183456 2008-06-12] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)

HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-03-18] (Avira Operations GmbH & Co. KG)

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\RLehmann\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [ 2007-08-21] (Nero AG)

HKU\RLehmann\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-02-28] (Skype Technologies S.A.)
 

========================== Services (Whitelisted) =================
 

S2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [374496 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] ()

S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)

S2 Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [57393 2004-01-08] (IBM Corp)
 

==================== Drivers (Whitelisted) ====================
 

S0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-26] (AMD Technologies Inc.)

S2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)

S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [48128 2008-08-20] (ASIX Electronics Corp.)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )

S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-04-15] ()

S3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [x]

S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S4 vsdatant; a [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-11-09 15:40 - 2013-11-09 15:40 - 01089445 _____ (Farbar) C:\FRST.exe

2013-11-09 05:13 - 2013-11-09 05:13 - 00008636 _____ C:\FRSTLIST.txt

2013-11-09 04:59 - 2013-11-09 05:37 - 00000208 _____ C:\Search.txt

2013-11-09 04:49 - 2013-11-09 04:49 - 00000000 ____D C:\FRST

2013-11-07 17:57 - 2013-11-07 18:03 - 03282706 _____ C:\Win-Files.txt
 

==================== One Month Modified Files and Folders =======
 

2013-11-09 15:40 - 2013-11-09 15:40 - 01089445 _____ (Farbar) C:\FRST.exe

2013-11-09 05:37 - 2013-11-09 04:59 - 00000208 _____ C:\Search.txt

2013-11-09 05:13 - 2013-11-09 05:13 - 00008636 _____ C:\FRSTLIST.txt

2013-11-09 04:49 - 2013-11-09 04:49 - 00000000 ____D C:\FRST

2013-11-09 04:49 - 2008-11-05 03:57 - 00000000 ____D C:\users\ADMINI~1

2013-11-09 04:49 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public

2013-11-07 18:03 - 2013-11-07 17:57 - 03282706 _____ C:\Win-Files.txt

2013-11-07 17:55 - 2012-01-12 23:08 - 00000000 ____D C:\users\TEMP.0811tbzkwlap01

2013-11-07 17:43 - 2008-11-05 08:25 - 00000000 ____D C:\users\RLehmann

2013-11-07 16:56 - 2006-11-02 04:47 - 00406200 _____ C:\Windows\System32\FNTCACHE.DAT
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 23%

Total physical RAM: 1790.53 MB

Available physical RAM: 1370.44 MB

Total Pagefile: 1577.47 MB

Available Pagefile: 1447.38 MB

Total Virtual: 2047.88 MB

Available Virtual: 1977.85 MB
 

==================== Drives ================================
 

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:68.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:79.69 GB) NTFS

Drive f: (USB DISK) (Removable) (Total:0.93 GB) (Free:0.65 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: 97646C29)

Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)

Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (Size: 952 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=948 MB) - (Type=06)
 
 

LastRegBack: 2013-11-07 14:42
 

==================== End Of Log ============================

--- --- ---

[/CODE]

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S4 vsdatant; a [x]

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Was mich stört ist dass die üblichen Verdächtigen im Log fehlen. Bitte mal genau beschreiben:

Bis wohin bootet der Rechner normal? Vor der Useranmeldung, danach? Wieviele User-Konten gibt es?

Guten Abend,

also er bootet ganz normal mit untem dem Windows Balken, und danach
erscheint die Maus wo dann die Benutzer Anmeldung erscheinen sollte.
Aber man hat nur die Maus. Mit zweiten Bildschirm auch kein erfolg.
Er schaltet zwar um aber auch nur das der Mauszeiger zu sehen ist.

Im Vorfeld wurde eine Live CD mit Bitdefender durchgelaufen wenn ich mich
erinnere mit einem Fund.

Jetzt kann man ansceind nicht mehr viel machen oder.
Find es Klasse das sie so behilflich sind.

mfg thomas
......................

Hier das Fixlog

Code:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013

Ran by SYSTEM at 2013-11-11 05:05:52 Run:7

Running from C:\

Boot Mode: Recovery
 

==============================================
 

Content of fixlist:

*****************

S4 vsdatant; a [x]

*****************
 

vsdatant => Service deleted successfully.
 

==== End of Fixlog ====

und nochmal ein frisches LOG

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013

Ran by SYSTEM on MINWINPC on 11-11-2013 05:13:41

Running from C:\

Windows Vista (TM) Home Premium (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [HControlUser] - C:\Program Files\ATK Hotkey\HControlUser.exe [98304 2008-01-11] ()

HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [7651328 2008-07-15] (ASUS)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6183456 2008-06-12] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)

HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312 2013-03-18] (Avira Operations GmbH & Co. KG)

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\RLehmann\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [ 2007-08-21] (Nero AG)

HKU\RLehmann\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-02-28] (Skype Technologies S.A.)
 

========================== Services (Whitelisted) =================
 

S2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [374496 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-02-25] (Avira Operations GmbH & Co. KG)

S2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] ()

S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)

S2 Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [57393 2004-01-08] (IBM Corp)
 

==================== Drivers (Whitelisted) ====================
 

S0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-26] (AMD Technologies Inc.)

S2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)

S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [48128 2008-08-20] (ASIX Electronics Corp.)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )

S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()

S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-04-15] ()

S3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [x]

S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-11-09 15:40 - 2013-11-09 15:40 - 01089445 _____ (Farbar) C:\FRST.exe

2013-11-09 05:13 - 2013-11-09 05:13 - 00008636 _____ C:\FRSTLIST.txt

2013-11-09 04:59 - 2013-11-09 05:37 - 00000208 _____ C:\Search.txt

2013-11-09 04:49 - 2013-11-09 04:49 - 00000000 ____D C:\FRST

2013-11-07 17:57 - 2013-11-07 18:03 - 03282706 _____ C:\Win-Files.txt
 

==================== One Month Modified Files and Folders =======
 

2013-11-09 15:40 - 2013-11-09 15:40 - 01089445 _____ (Farbar) C:\FRST.exe

2013-11-09 05:37 - 2013-11-09 04:59 - 00000208 _____ C:\Search.txt

2013-11-09 05:13 - 2013-11-09 05:13 - 00008636 _____ C:\FRSTLIST.txt

2013-11-09 04:49 - 2013-11-09 04:49 - 00000000 ____D C:\FRST

2013-11-09 04:49 - 2008-11-05 03:57 - 00000000 ____D C:\users\ADMINI~1

2013-11-09 04:49 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public

2013-11-07 18:03 - 2013-11-07 17:57 - 03282706 _____ C:\Win-Files.txt

2013-11-07 17:55 - 2012-01-12 23:08 - 00000000 ____D C:\users\TEMP.0811tbzkwlap01

2013-11-07 17:43 - 2008-11-05 08:25 - 00000000 ____D C:\users\RLehmann

2013-11-07 16:56 - 2006-11-02 04:47 - 00406200 _____ C:\Windows\System32\FNTCACHE.DAT
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 23%

Total physical RAM: 1790.53 MB

Available physical RAM: 1370.69 MB

Total Pagefile: 1577.47 MB

Available Pagefile: 1448.79 MB

Total Virtual: 2047.88 MB

Available Virtual: 1977.85 MB
 

==================== Drives ================================
 

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:68.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:79.69 GB) NTFS

Drive f: (USB DISK) (Removable) (Total:0.93 GB) (Free:0.65 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: 97646C29)

Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)

Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (Size: 952 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=948 MB) - (Type=06)
 
 

LastRegBack: 2013-11-07 14:42
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

[/CODE]

Anhang: eigentlich nur ein User Konto, Administrator ist ja bekanntlich gesperrt.

Zitat:

Anhang: eigentlich nur ein User Konto, Administrator ist ja bekanntlich gesperrt.

also zu dem gesperrten Admin noch ein Konto? kannst Du da normal reinbooten?

Guten Tag,

nein also er bootet aber es kommt kein anmeldung ich sehe wie
gesagt nur den Mauszeiger und kann ihn bewegen.

Sonst nichts es sieht so aus als ob er auch normal hochfährt laut
Festplatten aktivität. Nur keider kommt keine Anmeldung sondern
nur schwarzer Hintergrund.

Kann man denn nicht versuchen einen neuen Benutzer anzulegen oder
den Administrator zu aktivieren. :confused:

Kann man alles, nur nit in der Recovery. Das Benutzerkonto scheint zerschossen.

Reparaturinstallation unter Windows Vista / Windows 7 » WinTotal.de

Vielen Dank für ihr Hilfe bin mit dem Problem nicht weitergekommen.
Irgendwas war FauL Reperatur Option ging auch nicht da ich das BS nicht Starten konnte.
Aber vielen Dank für ihre Mühe. Am Ende war nur noch ne Komplette neu Installation hilfreich.
Somit kann der Beitrag geschlossen wer. DANKE :dankeschoen: