Weißer Bildschirm Windows Vista

ArmeMotte · 09.02.2013, 21:35

Hallo,
habe den Laptop eines Bekannten der nachdem er permanent eine Zahlungsaufforderung bekam nur noch einen weißen Bildschirm hat, auch abgesicherter Modus klappt nicht.
Habe jetzt OTLPEN.exe heruntergeladen auf CD gebrannt und damit gebootet. Bekomme auch den REATOGO-X-PE Desktop angezeigt. Habe den Scan durchlaufen lassen und nun komme ich nicht weiter!!!! Ich lese immer dass ich die Daten nach dem Scan posten soll. Wo und wie geht es dann weiter.

Vielen Dank für Eure Hilfe!!!!

t'john · 09.02.2013, 21:37

Fuege die Logfiles hier in dein Thema ein.

ArmeMotte · 09.02.2013, 21:49

Sorry, verstehe ich nicht ganz. Ich soll hier das posten was er mir nach dem Scan - Durchlauf anzeigt?

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2/9/2013 9:59:22 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 148.51 Gb Free Space | 66.56% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 7.47 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/01 18:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 17:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/01 17:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/23 10:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/05/14 16:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/04/11 12:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/12/18 07:51:34 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/03/18 14:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/04/27 03:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/24 17:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 14:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/23 02:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/02/22 21:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/04 11:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/04 11:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/04 11:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/22 08:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/09/03 23:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 21:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A B3 35 D3 57 C4 CA 01  [binary data]
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\icke_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 06:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 19:04:32 | 000,000,000 | ---D | M]
 
[2011/06/02 06:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/02 06:22:46 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2011/07/01 06:58:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/06 19:04:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/06 19:04:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/06 19:04:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/06 19:04:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/09 19:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2011/05/06 19:04:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/06 19:04:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\icke_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\icke_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\icke_ON_C..\Run: [K0FnljCdupF1YvH] C:\Users\icke\AppData\Roaming\07F4HkiN.exe ()
O4 - HKU\icke_ON_C..\Run: [Userinit]  File not found
O4 - HKU\icke_ON_C..\Run: [Validator]  File not found
O4 - HKU\icke_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/09 12:18:57 | 000,000,000 | ---D | C] -- C:\Users\icke\Desktop\Neuer Ordner (2)
[2010/08/25 12:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/08/06 14:26:58 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\icke\AppData\Roaming\*.tmp files -> C:\Users\icke\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/09 12:51:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/09 12:40:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 12:40:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 12:18:06 | 005,428,834 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/09 12:18:06 | 001,701,898 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/09 12:18:06 | 000,586,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/09 12:18:06 | 000,004,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/09 12:14:36 | 000,007,728 | ---- | M] () -- C:\Users\icke\AppData\Local\d3d9caps.dat
[1 C:\Users\icke\AppData\Roaming\*.tmp files -> C:\Users\icke\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/07 04:14:48 | 000,212,480 | ---- | C] () -- C:\Users\icke\AppData\Roaming\07F4HkiN.exe
[2012/06/02 04:15:27 | 000,000,011 | ---- | C] () -- C:\Users\icke\AppData\Roaming\urhtps.dat
[2012/06/01 01:09:49 | 000,000,032 | ---- | C] () -- C:\Users\icke\AppData\Roaming\blckdom.res
[2011/12/21 14:39:29 | 000,017,089 | ---- | C] () -- C:\Users\icke\AppData\Roaming\UserTile.png
[2010/08/25 13:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 13:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 13:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 12:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 12:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 12:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/10/09 10:37:55 | 000,000,552 | ---- | C] () -- C:\Users\icke\AppData\Local\d3d8caps.dat
[2009/10/06 01:57:23 | 000,007,728 | ---- | C] () -- C:\Users\icke\AppData\Local\d3d9caps.dat
[2009/10/02 10:02:32 | 000,032,768 | ---- | C] () -- C:\Users\icke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/06 14:13:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009/08/06 14:13:44 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/08/06 14:13:44 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/08/06 05:56:23 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/08/06 05:41:08 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/08/06 05:41:08 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/08/06 05:41:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/12 05:47:51 | 005,428,834 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/03/12 05:47:51 | 001,701,898 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/03/12 05:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/03/12 05:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/03/12 05:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/11 21:09:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/11 21:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/11 15:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 15:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 15:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,295,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,586,736 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:33:01 | 000,004,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/03/17 01:05:31 | 000,000,000 | -HSD | M] -- C:\Users\icke\AppData\Roaming\.#
[2012/06/25 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05001.049
[2012/06/01 01:10:00 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05035
[2012/06/04 08:26:24 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05036
[2012/06/05 09:40:24 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05037
[2012/06/06 07:24:11 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05038
[2012/06/08 05:31:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05040
[2012/06/13 07:30:37 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05041
[2012/06/16 04:12:24 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05042
[2012/06/18 03:58:40 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05044
[2012/06/19 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05045
[2009/08/06 05:56:19 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\Acer GameZone Console
[2010/03/16 14:18:54 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\eSobi
[2012/06/01 01:09:37 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\kock
[2011/06/02 06:52:10 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\PhotoScape
[2009/10/05 09:05:01 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\PowerCinema
[2012/10/07 04:14:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\Roaming
[2009/10/05 09:05:14 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\SoftDMA
[2012/03/17 05:27:27 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\TeamViewer
[2012/06/12 07:28:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\UAs
[2012/06/12 07:29:32 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\xmldm
[2009/08/06 05:56:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/10/02 07:38:00 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2009/08/06 05:54:59 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2011/06/02 06:23:18 | 000,000,000 | ---D | M] -- C:\ProgramData\IMinent
[2011/05/28 03:29:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2010/04/28 07:13:15 | 000,000,000 | ---D | M] -- C:\ProgramData\MumboJumbo
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/04/24 09:58:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/11/10 16:56:52 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/06 15:02:42 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Pornstars - Best of classic Blowjobs Facial Fucking Cum Shots - John holmes ron jeremy ginger lynn christy canyon nina hartley.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\NICE GANG BANG 19 yr old & boyfriend having sex  (home movie; mpg; self-extracting)       incest xxx fuck porn sex fisting oral blow job teen asian big tits boobs breasts .mpeg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Girl gang banged in garage sex girl hardcore fuck incest preteen child porn young ass pussy vagina.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gina Wild 5 - Gang bang fur gina Ich will euch alle (Harry S. Morgan) [German].mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gina Wild - Pferd ficken und blasen.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gangbang - Reverse Gang-Bang - 7 Women For 3 Men.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gang_Bang_Gina_Wild.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gang Bang Audition (Big Black, Nice Girl).avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\cum shots - 16 of the best cumshots you ever saw - hardcore facials, internals cum leakers hot girls taking your cream right here.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Clara Morgane - Gang Bang.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Amateure - Sex - Gang Bang - Partyhardcore - 40 Housewifes drunk orgy.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\56- Cum Shots College Girls get 8min's of huge facials  cumshots (8min)(rr).mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\27 cum shots in the mouth(all swallow!)part 2.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\1 Gang Bang 15 Hommes 2 Femmes(1)Edith La Pute Tournante(Salope).mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\(porno) Gang Bang Party - Starrig Mit Marina (Extreme Piss-Fist).avi:TOC.WMV
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
< End of report >

--- --- ---

t'john · 09.02.2013, 23:06

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL

O4 - HKLM..\Run: [] File not found 
O4 - HKU\icke_ON_C..\Run: [K0FnljCdupF1YvH] C:\Users\icke\AppData\Roaming\07F4HkiN.exe () 
O4 - HKU\icke_ON_C..\Run: [Userinit] File not found 
O4 - HKU\icke_ON_C..\Run: [Validator] File not found 
[2012/10/07 04:14:48 | 000,212,480 | ---- | C] () -- C:\Users\icke\AppData\Roaming\07F4HkiN.exe 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914  
[2012/10/07 04:14:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\Roaming 
[2012/06/01 01:09:49 | 000,000,032 | ---- | C] () -- C:\Users\icke\AppData\Roaming\blckdom.res 
[2012/06/01 01:09:37 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\kock 
[2012/06/01 01:10:00 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05035 
[2010/03/17 01:05:31 | 000,000,000 | -HSD | M] -- C:\Users\icke\AppData\Roaming\.# 
[2012/06/12 07:28:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\UAs 
[2012/06/12 07:29:32 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\xmldm 

:Files 

ipconfig /flushdns /c
:Commands
[emptytemp]

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

ArmeMotte · 10.02.2013, 12:25

Kann das Skript nicht auf den Stick kopieren, auch nicht irgendwo anders

Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\K0FnljCdupF1YvH deleted successfully.
C:\Users\icke\AppData\Roaming\07F4HkiN.exe moved successfully.
Registry value HKEY_USERS\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
Registry value HKEY_USERS\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Validator deleted successfully.
File C:\Users\icke\AppData\Roaming\07F4HkiN.exe not found.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bugashax.com folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming folder moved successfully.
C:\Users\icke\AppData\Roaming\blckdom.res moved successfully.
C:\Users\icke\AppData\Roaming\kock folder moved successfully.
C:\Users\icke\AppData\Roaming\05035\components folder moved successfully.
C:\Users\icke\AppData\Roaming\05035 folder moved successfully.
C:\Users\icke\AppData\Roaming\.# folder moved successfully.
C:\Users\icke\AppData\Roaming\UAs folder moved successfully.
C:\Users\icke\AppData\Roaming\xmldm folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400807 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: icke
->Temp folder emptied: 13551090 bytes
->Temporary Internet Files folder emptied: 913041 bytes
->FireFox cache emptied: 58998486 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2836614 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes

Total Files Cleaned = 74.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 02102013_124911

t'john · 10.02.2013, 19:04

Sehr gut!

1. Schritt

Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.

Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

danach:

2. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

t'john · 10.04.2013, 00:42

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

09.02.2013, 21:37	#2
t'john /// Helfer-Team	Weißer Bildschirm Windows Vista Fuege die Logfiles hier in dein Thema ein. __________________ __________________

Weißer Bildschirm Windows Vista

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm Windows Vista