| |
| |||||||
Log-Analyse und Auswertung: Weisser Bildschirm, Abgesicherter Modus nur mit Eingabeaufforderung - Windows XP SP2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.07.2013, 18:26
| #1 |
| |  Weisser Bildschirm, Abgesicherter Modus nur mit Eingabeaufforderung - Windows XP SP2 Hallo zusammen, Ich habe folgendes Problem mit einem Laptop: (Windows XP SP2) Nach der Anmeldung des Benutzerkontos,folgt ein weisser Bildschirm und das System reagiert nicht mehr auf die Eingaben. Wenn man durch den Abgesicherten Modus startet, fährt das System runter. Ich habe mit dem Tool FRST durch den Abgesicherten Modus mit Eingabeaufforderung jedoch folgendes Logfile erstellen können. Vielen Dank für die Unterstützung. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2013 01
Ran by admin (administrator) on 13-07-2013 18:44:47
Running from E:\
Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMAXPnP] - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-07-27] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray [860160 2004-08-06] (Analog Devices, Inc.)
HKLM\...\Run: [AGRSMMSG] - AGRSMMSG.exe [x]
HKLM\...\Run: [Apoint] - C:\Programme\Apoint2K\Apoint.exe [159744 2005-02-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [794624 2005-04-11] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] - C:\Programme\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [278528 2004-10-13] (Apple Computer, Inc.)
HKLM\...\Run: [QuickTime Task] - "C:\Programme\QuickTime\qttask.exe" -atboottime [98304 2005-06-01] (Apple Computer, Inc.)
HKLM\...\Run: [LSBWatcher] - c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [eabconfg.cpl] - C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start [290816 2004-12-03] (Hewlett-Packard )
HKLM\...\Run: [Cpqset] - C:\Programme\HPQ\Default Settings\cpqset.exe [213054 2004-09-07] ()
HKLM\...\Run: [CONNECTScheduler] - "C:\Programme\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER [75336 2006-03-23] (Sony Corporation)
HKLM\...\Run: [SSBkgdUpdate] - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [323 2009-08-10] ()
HKLM\...\Run: [BrMfcWnd] - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Bing Bar] - "C:\Programme\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [243544 2010-04-27] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] - "C:\Programme\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
HKCU\...\Run: [MSMSGS] - "C:\Programme\Messenger\msmsgs.exe" /background [1694208 2004-10-13] (Microsoft Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - "C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433872 2011-10-21] (Sony Ericsson)
HKCU\...\Run: [SystweakASP] - "C:\Programme\RegClean Pro\SystweakASP.exe" /verysilent [x]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Dokumente und Einstellungen\admin\Anwendungsdaten\skype.dat <==== ATTENTION
HKU\Administrator\...\Run: [MSMSGS] - "C:\Programme\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation)
HKU\Default User\...\Run: [MSMSGS] - "C:\Programme\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - @C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
========================== Services (Whitelisted) =================
S3 hpqwmi; C:\Programme\HPQ\SHARED\HPQWMI.exe [98304 2005-03-04] (Hewlett-Packard Development Company, L.P.)
S3 iPodService; C:\Programme\iPod\bin\iPodService.exe [327680 2004-10-13] (Apple Computer, Inc.)
S2 LightScribeService; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [38912 2005-02-22] ()
S3 MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-08-30] (Sony Corporation)
S3 PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-08-30] (Sony Corporation)
S2 SeaPort; C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [249136 2010-05-14] (Microsoft Corporation)
S3 Sony Ericsson PCCompanion; C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 Sony SCSI Helper Service; C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2005-11-18] (Sony Corporation)
S2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S3 SPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [69718 2005-08-30] (Sony Corporation)
S2 wlidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE [1529728 2009-08-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [371712 2005-03-10] (Broadcom Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S1 eabfiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [7432 2004-04-14] (Hewlett-Packard Company)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5220 2003-06-06] (Hewlett-Packard Company)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-11-11] (FTDI Ltd.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [776157 2004-12-13] (Intel Corporation)
S3 MidiSyn; C:\Windows\System32\drivers\MidiSyn.sys [235100 2002-09-20] (Analog Devices Inc)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [14382 2005-02-16] (Anoto)
S3 pendfu; C:\Windows\System32\Drivers\pendfu.sys [32408 2005-02-14] (Anoto AB)
S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [69760 2004-06-28] (Realtek Semiconductor Corporation )
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
S3 senfilt; C:\Windows\System32\drivers\senfilt.sys [381056 2004-04-26] (Sensaura)
S3 SMCIRDA; C:\Windows\System32\DRIVERS\smcirda.sys [35913 2001-08-18] (SMC)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-13 18:44 - 2013-07-13 18:44 - 00000000 ____D C:\FRST
2013-07-06 00:33 - 2013-07-06 00:33 - 00000000 __SHD C:\found.000
2013-07-05 23:48 - 2013-07-06 00:16 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-07-05 23:48 - 2013-07-05 23:48 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-07-05 23:48 - 2011-01-02 03:26 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache
2013-07-05 23:48 - 2006-04-07 01:57 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü
2013-07-05 23:48 - 2006-04-07 01:57 - 00000000 ___HD C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2013-07-05 23:48 - 2006-04-07 01:57 - 00000000 ___HD C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2013-07-05 23:48 - 2006-04-07 01:57 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop
==================== One Month Modified Files and Folders =======
2013-07-13 18:44 - 2013-07-13 18:44 - 00000000 ____D C:\FRST
2013-07-13 18:41 - 2006-04-06 17:10 - 00000190 ___SH C:\Dokumente und Einstellungen\admin\ntuser.ini
2013-07-13 18:41 - 2004-08-07 07:32 - 01370677 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-13 18:39 - 2013-05-24 06:25 - 00000004 _____ C:\Dokumente und Einstellungen\admin\Anwendungsdaten\skype.ini
2013-07-13 18:39 - 2013-05-24 06:25 - 00000004 _____ C:\Dokumente und Einstellungen\admin\Anwendungsdaten\skype.ini
2013-07-13 18:39 - 2010-03-31 21:03 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{51C466DA-3BA4-48C6-A88C-BCD582C03C2B}.job
2013-07-13 18:37 - 2004-08-07 07:27 - 00898658 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-06 01:19 - 2004-08-07 08:07 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-07-06 01:19 - 2004-08-07 08:07 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-07-06 01:19 - 2004-08-07 07:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-06 00:33 - 2013-07-06 00:33 - 00000000 __SHD C:\found.000
2013-07-06 00:16 - 2013-07-05 23:48 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-07-05 23:58 - 2010-03-27 23:50 - 00676125 _____ C:\WINDOWS\setupapi.log
2013-07-05 23:48 - 2013-07-05 23:48 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2004-08-04 10:00] - [2004-08-04 10:00] - 1035264 ____A (Microsoft Corporation) 22fe1be02eadde1632e478e4125639e0
C:\Windows\System32\winlogon.exe
[2004-08-04 10:00] - [2004-08-04 10:00] - 0507392 ____A (Microsoft Corporation) 2b6a0baf33a9918f09442d873848ff72
C:\Windows\System32\svchost.exe
[2004-08-04 10:00] - [2004-08-04 10:00] - 0014336 ____A (Microsoft Corporation) 65a819b121eb6fdab4400ea42bdffe64
C:\Windows\System32\services.exe
[2004-08-04 10:00] - [2009-02-09 12:04] - 0111104 ____A (Microsoft Corporation) 65f6b774819bd727358157cedea67b8e
C:\Windows\System32\User32.dll
[2004-08-04 10:00] - [2005-03-02 20:09] - 0578560 ____A (Microsoft Corporation) 3751d7cf0e0a113d84414992146bce6a
C:\Windows\System32\userinit.exe
[2004-08-04 10:00] - [2004-08-04 10:00] - 0025088 ____A (Microsoft Corporation) d1e53dc57143f2584b1dd53b036c0633
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 10:00] - [2004-08-04 10:00] - 0053760 ____A (Microsoft Corporation) d6888520ff56d72a50437e371ca25fc9
==================== End Of Log ============================
|
| Themen zu Weisser Bildschirm, Abgesicherter Modus nur mit Eingabeaufforderung - Windows XP SP2 |
| administrator, adobe, bildschirm, computer, dateien, einstellungen, explorer, explorer.exe, farbar, farbar recovery scan tool, home, launch, logfile, messenger, msn, plug-in, problem, programme, realtek, regclean, regclean pro, registry, scan, software, system, system32, usb, windows, windows media player, windows xp, wmp |
Baum-Darstellung