Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bildschirm weis nach windowsstart

Bildschirm weis nach windowsstart


Log-Analyse und Auswertung: Bildschirm weis nach windowsstart

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.04.2013, 09:52   #1
djdolla
 
Bildschirm weis nach windowsstart - Standard

Bildschirm weis nach windowsstart


Hallo zusammen,
ich hab mir da wohl was eingefangen. Nach dem Start von Windows ist der Bildschirm weis und ich kann nichts mehr machen. Auch im Abgesichtern Modus zeigen sich die selben Symthome.
Ich habe hier im board ueber ein aehnliches Problem gelesen und habe mal mit OTLPE einen Scan gemacht. Ich bitte euch um Hilfe.

Code:
ATTFilter
OTL logfile created on: 4/11/2013 12:46:09 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.62 Gb Total Space | 35.79 Gb Free Space | 9.16% Space Free | Partition Type: NTFS
Drive D: | 361.15 Gb Total Space | 360.49 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 372.61 Gb Total Space | 16.79 Gb Free Space | 4.51% Space Free | Partition Type: NTFS
Drive F: | 540.89 Gb Total Space | 18.89 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive G: | 337.48 Gb Total Space | 336.82 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet007
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/10 11:23:46 | 001,021,888 | ---- | M] (Enigma Software Group USA, LLC.) [Auto] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/14 10:56:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 12:00:49 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/28 16:14:49 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/25 08:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 15:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/06/22 07:01:30 | 000,022,704 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/23 08:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 18:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2006/10/02 22:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006/09/20 04:37:22 | 000,022,064 | ---- | M] (ABIT) [Kernel | System] -- C:\Windows\System32\drivers\uGuru.sys -- (UGURU)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\lech_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ask.com/?l=dis&o=101916/ [binary data]
IE - HKU\lech_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.daemon-search.com/
IE - HKU\lech_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\lech_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\lech_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\lech_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/03 15:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 16:14:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/19 16:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/08 13:57:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 16:14:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/19 16:18:57 | 000,000,000 | ---D | M]
 
[2011/06/18 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lech\AppData\Roaming\Mozilla\Extensions
[2011/06/18 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lech\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/29 04:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\extensions
[2013/02/19 18:50:33 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\extensions\toolbar@ask.com
[2013/03/29 04:17:18 | 000,001,050 | ---- | M] () -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\searchplugins\11-suche.xml
[2012/12/10 14:29:40 | 000,002,333 | ---- | M] () -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\searchplugins\askcom.xml
[2013/03/29 04:17:18 | 000,002,418 | ---- | M] () -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\searchplugins\englische-ergebnisse.xml
[2013/03/29 04:17:18 | 000,010,701 | ---- | M] () -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\searchplugins\gmx-suche.xml
[2013/03/29 04:17:18 | 000,002,432 | ---- | M] () -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\searchplugins\lastminute.xml
[2013/03/29 04:17:18 | 000,005,682 | ---- | M] () -- C:\Users\lech\AppData\Roaming\Mozilla\Firefox\Profiles\k7mjf65d.default\searchplugins\webde-suche.xml
[2012/12/13 15:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/02 14:41:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- C:\USERS\LECH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K7MJF65D.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012/10/28 16:14:50 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/03 07:28:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/28 16:14:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/03 07:28:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/03 07:28:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/03 07:28:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/03 07:28:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\lech_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\lech_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\lech_ON_C..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - lech_ON_C\..Trusted Domains: blank ([]about in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\lech_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\lech_ON_C Winlogon: Shell - (C:\Users\lech\AppData\Roaming\skype.dat) - C:\Users\lech\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/11 11:34:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/03 19:54:26 | 000,000,000 | ---D | C] -- C:\Users\lech\Desktop\www.byte.to...The.Man.with.the.Iron.Fists.Extended.2012.German.720p.BluRay.x264.SUBSFiX.REPACK-ENCOUNTERS
[2013/04/03 10:24:58 | 000,000,000 | ---D | C] -- C:\Users\lech\Desktop\4.2013
[2013/03/28 05:11:35 | 000,000,000 | ---D | C] -- C:\Users\lech\Desktop\3.2013 3
[2013/03/21 13:48:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/14 13:01:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2013/03/14 13:01:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/14 13:01:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/14 13:01:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/14 13:01:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/14 13:01:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/14 13:01:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/14 13:01:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/14 13:01:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/14 13:01:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/14 13:01:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/14 13:01:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/14 13:01:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/03/14 13:01:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/03/14 13:01:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/03/14 13:01:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/14 13:01:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/22 11:48:24 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Program Files (x86)\DTLite4402-0131.exe
[2011/06/21 12:40:51 | 003,082,400 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files (x86)\install_flash_player.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/11 11:15:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/04/11 11:15:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/04/11 05:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/11 05:38:45 | 000,000,004 | ---- | M] () -- C:\Users\lech\AppData\Roaming\skype.ini
[2013/04/11 05:38:38 | 000,000,680 | ---- | M] () -- C:\Users\lech\AppData\Local\d3d9caps.dat
[2013/04/11 05:36:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/11 05:36:35 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/11 05:36:35 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/11 05:36:26 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/09 09:11:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 09:05:32 | 003,646,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/09 09:05:32 | 001,515,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/09 09:05:32 | 001,091,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/09 09:05:32 | 000,985,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/09 01:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/08 09:53:52 | 000,235,520 | ---- | M] () -- C:\Users\lech\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/04 10:34:34 | 532,585,887 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/04 07:54:35 | 000,031,247 | ---- | M] () -- C:\Users\lech\Desktop\164213_496341750414474_1117131097_n.jpg
[2013/04/03 15:05:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/04/01 06:21:27 | 000,039,020 | ---- | M] () -- C:\Users\lech\Desktop\165464_446313012110312_2028995378_n.jpg
[2013/03/31 06:53:23 | 000,061,504 | ---- | M] () -- C:\Users\lech\Desktop\483987_494561003925882_457079120_n.jpg
[2013/03/30 12:38:02 | 000,556,813 | ---- | M] () -- C:\Users\lech\Desktop\18021_553466051351248_986728900_n.png
[2013/03/29 14:17:32 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/14 13:01:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 10:56:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/14 10:56:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/11 11:15:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/04/11 11:15:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/04/11 05:38:38 | 000,000,680 | ---- | C] () -- C:\Users\lech\AppData\Local\d3d9caps.dat
[2013/04/11 05:36:25 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/09 02:22:41 | 000,000,004 | ---- | C] () -- C:\Users\lech\AppData\Roaming\skype.ini
[2013/04/04 07:55:39 | 000,031,247 | ---- | C] () -- C:\Users\lech\Desktop\164213_496341750414474_1117131097_n.jpg
[2013/04/03 15:05:33 | 000,178,624 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/03 15:05:33 | 000,065,336 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/01 06:21:40 | 000,039,020 | ---- | C] () -- C:\Users\lech\Desktop\165464_446313012110312_2028995378_n.jpg
[2013/03/31 06:54:35 | 000,061,504 | ---- | C] () -- C:\Users\lech\Desktop\483987_494561003925882_457079120_n.jpg
[2013/03/30 12:38:42 | 000,556,813 | ---- | C] () -- C:\Users\lech\Desktop\18021_553466051351248_986728900_n.png
[2012/01/11 19:49:37 | 000,108,032 | ---- | C] () -- C:\Users\lech\AppData\Roaming\skype.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/18 18:34:06 | 000,235,520 | ---- | C] () -- C:\Users\lech\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/18 16:58:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/18 16:46:36 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2011/06/18 14:17:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/06/18 14:16:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/06/18 14:16:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/06/18 14:16:37 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/06/08 09:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010/06/08 09:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011/12/12 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\A1 Servicecenter
[2013/04/08 11:10:37 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\Azureus
[2012/10/18 15:48:43 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\DAEMON Tools Lite
[2012/06/11 16:15:39 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\EurekaLog
[2011/12/12 13:35:31 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\mquadr.at
[2012/12/23 13:52:46 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\TeamViewer
[2011/06/18 16:23:55 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\Thunderbird
[2012/05/26 15:55:46 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\TS3Client
[2012/05/26 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\lech\AppData\Roaming\ts3overlay
[2011/06/18 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/12/13 16:05:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2012/07/01 11:42:31 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012/04/22 09:22:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2012/06/07 09:08:44 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2011/10/10 08:55:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/08/08 12:33:30 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/06/18 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/06/18 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/03/05 12:57:09 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2011/06/21 16:31:57 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/12/12 13:35:31 | 000,000,000 | ---D | M] -- C:\ProgramData\m2backup
[2011/12/12 13:13:30 | 000,000,000 | ---D | M] -- C:\ProgramData\m2portal
[2011/12/12 13:34:47 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2013/03/05 12:57:08 | 000,000,000 | ---D | M] -- C:\ProgramData\SoftSafe
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/18 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/06/18 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/04/11 05:38:53 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Ich sag schon mal im Vorhinein danke fuer eure Bemuehungen!

 

Themen zu Bildschirm weis nach windowsstart
adobe, adobe flash player, antivirus, autorun, avast, bho, bildschirm, defender, enigma, error, esgscanner.sys, explorer, firefox, flash player, format, helper, intranet, logfile, microsoft, mozilla, plug-in, problem, realtek, registry, scan, software, start von windows, vista, windows, wmp


« Programme werden nicht mehr ausgeführt, Installationen laufen nicht... | Email-Anhang (ZIP) geöffnet »


Ähnliche Themen: Bildschirm weis nach windowsstart


  1. dauerhafte Bluescreens nach 5sec -2st nach windowsstart
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (3)
  2. weißer Bildschirm bei Windowsstart; abgesicherter Modus mit Eingabefunktion funktioniert nur noch
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (21)
  3. Weißer Bildschirm bei Windowsstart
    Log-Analyse und Auswertung - 31.05.2013 (9)
  4. Weißer Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (31)
  5. Weißer Bildschirm nach dem normalen Windowsstart und auch im abgesicherten Modus
    Log-Analyse und Auswertung - 30.05.2013 (23)
  6. Grauer Bildschirm nach Windowsstart
    Log-Analyse und Auswertung - 23.04.2013 (14)
  7. Wieder mal der weiße Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (5)
  8. Grauer Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (16)
  9. weisser Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (4)
  10. Windowsstart schwarzer Bildschirm, Maus funktioniert
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (8)
  11. Weißer Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (24)
  12. Virus(Trojaner)-weißer Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (11)
  13. "Weißer Bildschirm Trojaner", Nach dem Windowsstart nur weißer Bildschirm!
    Log-Analyse und Auswertung - 01.09.2012 (1)
  14. CMD wird nach Windowsstart kurz eingblendet. Infiziert?
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  15. Roter Bildschirm beim Windowsstart. OTL.txt erstellt
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (7)
  16. [müll] Roter Bildschirm beim Windowsstart:Loganalyse erfolgt
    Mülltonne - 05.10.2011 (4)
  17. Bluescreen nach normalem Windowsstart - Infektion
    Plagegeister aller Art und deren Bekämpfung - 03.05.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bildschirm weis nach windowsstart - Hallo zusammen, ich hab mir da wohl was eingefangen. Nach dem Start von Windows ist der Bildschirm weis und ich kann nichts mehr machen. Auch im Abgesichtern Modus zeigen sich - Bildschirm weis nach windowsstart...
Archiv
Du betrachtest: Bildschirm weis nach windowsstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131