Windows 7 32bit Home, schwarzer Bildschim auch im abgesicherten Modus
Hallo,
nach dem Start kommt ein schwarzer Bildschirm mit weißem Mauszeiger auch im abgesicherten Modus. Systemwiederherstellung geht auch nicht. Dann habe ich mit Kaspersky, Desinfect (von c´t) Boot-DVDs den Rechner mit Avira, Kaspersky, Bitdefender nach Viren gescannt und beseitigt. Dann die Systemreparatur ohne Erfolg.
Gem. eurer Beschreibung FRST im Recovery durchgeführt.
hier das Log: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by SYSTEM on MININT-564ARHO on 11-12-2013 15:40:41
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [snp2uvc] - C:\windows\vsnp2uvc.exe
HKLM\...\Run: [PLFSetL] - C:\windows\PLFSetL.exe
HKLM\...\Run: [VeriFaceManager] - C:\Program Files\Lenovo\VeriFace\PManage.exe
HKLM\...\Run: [UpdateP2GShortCut] - C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [167936 2005-03-22] (Nokia)
HKLM\...\Run: [DataLayer] - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [1106944 2005-03-31] (Nokia Mobile Phones Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Browser companion helper] - C:\Program Files\BrowserCompanion\BCHelper.exe [192304 2011-08-09] (Blabbers Communications LTD)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [591696 2008-05-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [FILSHtray] - C:\Program Files\FILSHtray\FILSHtray.exe [597504 2012-02-06] (FILSH Media GmbH)
HKLM\...\Run: [DATAMNGR] - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-12-06] (Bandoo Media, inc)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Iminent] - C:\Program Files\Iminent\Iminent.exe [1074736 2013-01-25] (Iminent)
HKLM\...\Run: [IminentMessenger] - C:\Program Files\Iminent\Iminent.Messengers.exe [884784 2013-01-25] (Iminent)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [SymInstallStub] - C:\ProgramData\DivX\Symantec\SymInstallStub.exe /partnerid=divx /productlist=rm /staging=false /delay=5 /lang=German /desktopshortcut=1 /startmenushortcut=1 /tasktries=1 [292792 2011-12-16] (Symantec Corporation)
HKLM\...\Runonce: [MessengerPlusLiveUninstall] - "C:\Users\Bossi\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup
HKLM\...\RunOnce: [SPUpdSentinel] - "C:\Program Files\Common Files\Umbrella\umbrella_bkp.exe" -SERVICEARGS=c [2864448 2013-11-07] (Iminent)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\RunOnce: [*Restore] - C:\windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
HKU\Alexa\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Alexa\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-07-26] (Samsung)
HKU\Bossi\...\Run: [PcSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Bossi\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Bossi\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [ 2013-07-26] (Samsung Electronics Co., Ltd.)
HKU\Bossi\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-07-26] (Samsung)
HKU\Bossi\...\Run: [phonostarTimer] - C:\Program Files\phonostar-Player\phonostarTimer.exe [ 2012-10-13] ()
HKU\Bossi\...\Run: [phonostar-PlayerTimer] - C:\Program Files\phonostar-Player\phonostarTimer.exe [ 2012-10-13] ()
HKU\Bossi\...\Run: [Pokki] - C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
HKU\Bossi\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-07-26] (Samsung)
HKU\Bossi\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-07-26] (Samsung)
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Isabo\...\Run: [ReadyComm5] - [x]
AppInit_DLLs: c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll [ ] ()
Startup: C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Bossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Isabo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
========================== Services (Whitelisted) =================
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-08-11] (Broadcom Corporation.)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-28] (NOS Microsystems Ltd.)
S2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2894144 2013-11-07] (Iminent)
S2 BitGuard; C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
==================== Drivers (Whitelisted) ====================
S3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-02] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-02] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-05] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2009-11-24] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759616 2009-03-13] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-10 11:47 - 2013-12-10 11:47 - 00000000 ____D C:\.Trash-999
2013-12-10 07:26 - 2013-12-10 07:26 - 00000000 ____D C:\FRST
2013-12-08 09:13 - 2013-12-10 12:40 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
==================== One Month Modified Files and Folders =======
2013-12-10 16:00 - 2009-07-13 20:34 - 00003072 _____ C:\Windows\System32\umstartup.etl
2013-12-10 12:40 - 2013-12-08 09:13 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-12-10 11:47 - 2013-12-10 11:47 - 00000000 ____D C:\.Trash-999
2013-12-10 07:26 - 2013-12-10 07:26 - 00000000 ____D C:\FRST
2013-12-09 09:58 - 2012-01-24 08:21 - 00000000 ____D C:\Program Files\iLivid
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
8
Restore point made on: 2013-09-11 12:04:50
Restore point made on: 2013-09-11 12:47:25
Restore point made on: 2013-09-11 12:48:15
Restore point made on: 2013-09-15 05:54:47
Restore point made on: 2013-10-26 15:12:38
Restore point made on: 2013-10-27 04:58:51
Restore point made on: 2013-10-27 10:56:03
Restore point made on: 2013-10-27 10:59:20
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4060.6 MB
Available physical RAM: 3382.17 MB
Total Pagefile: 4058.88 MB
Available Pagefile: 3535.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:252.89 GB) (Free:143.38 GB) NTFS
Drive d: (Daten-Treiber) (Fixed) (Total:30.25 GB) (Free:29.51 GB) NTFS
Drive g: (ULI_BACKUP) (Removable) (Total:14.92 GB) (Free:14.91 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2051D46A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=253 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
LastRegBack: 2013-07-03 11:14
==================== End Of Log ============================
Ich bitte um Hilfe
Danke und VG
Uli | 