| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm nach Anmeldung, Windows VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.05.2013, 15:44
| #1 |
| |  Weißer Bildschirm nach Anmeldung, Windows Vista Hallo zusammen, habe im Prinzip das gleiche Problem in grün wie bei einigen meiner Vorredner (http://www.trojaner-board.de/132617-...ows-vista.html). Kurz nach dem Systemstart überdeckt ein weißes Fenster den gesamten Bildschirm. Strg+Alt+Entf funktioniert zwar, wenn ich im folgenden Fenster dann den Task-Manager auswähle, verschwindet dieser (vermutlich) sofort hinter dem weißen Fenster. Alt+F4 zeigt ebenfalls keine Wirkung. Im Abgesicherten Modus verschwinden kurz nach dem Systemstart alle Desktopsymbole und nach ein paar Sekunden fährt der Rechner automatisch herunter. Hier schon mal die Ausgabe (FRST.txt) von FRST.exe: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2013
Ran by SYSTEM on 07-05-2013 15:56:59
Running from G:\
Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [34040 2008-04-06] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.)
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [875016 2008-07-24] (Dritek System Inc.)
HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eRecoveryService] [x]
HKLM\...\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" [6144 2008-09-22] (Acer)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-09-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\00schicker\...\Winlogon: [Shell] explorer.exe,C:\Users\00schicker\AppData\Roaming\skype.dat <==== ATTENTION
HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
Startup: C:\Users\00schicker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-09-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-12] (Avira Operations GmbH & Co. KG)
S2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-03] ()
S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-09-12] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-09-12] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-09-12] (Avira GmbH)
S2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-03-21] (Acer, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-09-12] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-07 15:56 - 2013-05-07 15:56 - 00000000 ____D C:\FRST
2013-05-06 05:53 - 2013-05-07 05:44 - 00000004 ____A C:\Users\00schicker\AppData\Roaming\skype.ini
2013-04-20 09:20 - 2013-04-20 09:20 - 00024439 ____A C:\Users\00schicker\Desktop\Kopie von Terminplan SJ 1213.xls 18.4.13.xlsx
2013-04-11 23:25 - 2013-04-11 23:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-11 22:33 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 22:33 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 22:33 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 22:33 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 22:33 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 22:33 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 22:33 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 22:33 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 22:33 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 22:32 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 22:32 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 22:32 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 22:32 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 22:32 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 22:32 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 22:32 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 01:21 - 2013-03-11 05:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-10 01:21 - 2013-03-11 05:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 01:21 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 01:21 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 01:21 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-10 01:20 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-04-10 01:20 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 01:20 - 2013-03-04 17:40 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== One Month Modified Files and Folders ========
2013-05-07 15:56 - 2013-05-07 15:56 - 00000000 ____D C:\FRST
2013-05-07 05:52 - 2006-11-02 04:58 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-07 05:52 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-07 05:51 - 2008-05-25 15:02 - 00000147 ____A C:\Windows\System32\agent.log
2013-05-07 05:51 - 2006-11-02 04:45 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-07 05:51 - 2006-11-02 04:45 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-07 05:44 - 2013-05-06 05:53 - 00000004 ____A C:\Users\00schicker\AppData\Roaming\skype.ini
2013-05-07 05:44 - 2009-01-18 04:04 - 01325594 ____A C:\Windows\WindowsUpdate.log
2013-05-07 05:43 - 2010-07-21 08:13 - 00000000 ____D C:\Users\00schicker\AppData\Roaming\Dropbox
2013-05-07 05:41 - 2009-01-18 09:13 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2013-05-06 06:00 - 2013-03-14 12:03 - 00000000 ___RD C:\Users\00schicker\Dropbox
2013-05-06 05:55 - 2013-03-12 06:36 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-06 04:01 - 2006-11-02 02:33 - 01445546 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-03 00:19 - 2013-03-14 23:45 - 00000000 ____D C:\Users\00schicker\Desktop\Schule
2013-05-01 16:06 - 2009-10-02 09:45 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 05:16 - 2013-03-15 10:32 - 00000000 ____D C:\Users\00schicker\Desktop\Notenlisten 2012-13
2013-04-30 05:07 - 2009-02-01 11:20 - 00000000 ____D C:\Users\00schicker\AppData\Local\Microsoft Help
2013-04-28 22:26 - 2006-11-02 04:49 - 00283656 ____A C:\Windows\setupact.log
2013-04-26 07:26 - 2010-01-28 00:45 - 00000000 ____D C:\Users\00schicker\Desktop\mischmasch
2013-04-20 09:26 - 2012-08-05 03:49 - 00000000 ____D C:\Users\00schicker\AppData\Roaming\BSW
2013-04-20 09:20 - 2013-04-20 09:20 - 00024439 ____A C:\Users\00schicker\Desktop\Kopie von Terminplan SJ 1213.xls 18.4.13.xlsx
2013-04-12 23:48 - 2006-11-02 04:44 - 01711784 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-12 23:46 - 2012-05-03 06:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-04-11 23:25 - 2013-04-11 23:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-11 22:35 - 2008-05-25 14:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-11 22:27 - 2006-11-02 02:24 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
Other Malware:
===========
C:\Users\00schicker\AppData\Roaming\skype.dat
C:\Users\00schicker\AppData\Roaming\skype.ini
C:\ProgramData\ezsidmv.dat
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-02 02:23:20
Restore point made on: 2013-05-02 23:19:23
Restore point made on: 2013-05-03 12:21:20
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 3000.12 MB
Available physical RAM: 2502.11 MB
Total Pagefile: 2723.49 MB
Available Pagefile: 2578.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:69.65 GB) (Free:10.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:59.4 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.97 GB) FAT32
Drive g: () (Removable) (Total:1.95 GB) (Free:1.95 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
============================== MBR & Partition Table ==================
====================================================================
Disk: 0 (Size: 149 GB) (Disk ID: 71781879)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
====================================================================
Disk: 1 (Size: 2 GB) (Disk ID: 49E2A461)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)
Last Boot: 2013-05-06 04:03
==================== End Of Log ============================
Viele Grüße bremer2k |
| Themen zu Weißer Bildschirm nach Anmeldung, Windows Vista |
| antivir, association, avg, bildschirm, conduitsearch, conduitsearch entfernen, defender, explorer, farbar, farbar recovery scan tool, fixlist.txt, flash player, frst.txt, home, launch, malware, mozilla, msiexec, popup, problem, scan, sekunden, services.exe, svchost.exe, task-manager, win32/kryptik.axpj, windows, winlogon.exe |
Baum-Darstellung