| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Monitor nach Windows 7 AnmeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2013, 00:13
| #1 |
| |  Weißer Monitor nach Windows 7 Anmeldung Guten Morgen, wie ich im Forum gelesen habe, bin ich nicht alleine mit diesem Problem. Schon mal vielen Dank an das Forum, welches ich über eine Suchmaschine gefunden habe. Ich habe folgendes Problem. Nach dem Anmelden bei Windows 7 64Bit erscheint der Monitor komplett in weiß. Anmeldesound erklingt wie gewohnt und es ist nur noch der Mauszeiger zu sehen. Wie ich hier gelesen habe, soll ich mir Farbar's Recovery Scan Tool runterladen und ausführen. Das habe ich gemacht und ich habe die FRST.txt erhalten. Hier ist der Scan: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 01
Ran by user (administrator) on 30-07-2013 00:23:15
Running from D:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-17] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [Google Update] - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-03] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\user\AppData\Roaming\cache.dat [74240 2011-11-17] () <==== ATTENTION
MountPoints2: {6bcb7965-b5a0-11df-966c-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [x]
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-05-07] (Geek Software GmbH)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-06-29] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe [x]
HKU\Default\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [794448 2010-03-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [794448 2010-03-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShortCut.lnk
ShortcutTarget: ShortCut.lnk -> C:\Program Files (x86)\ShortCut\ShortCut.exe (Andreas Viebke)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3BE683C9-FB93-4D89-9251-CC8407A06FA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {BCC8E20D-28FF-45E7-80EB-14823F91911E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {BCC8E20D-28FF-45E7-80EB-14823F91911E} URL =
SearchScopes: HKCU - {BCC8E20D-28FF-45E7-80EB-14823F91911E} URL =
SearchScopes: HKCU - {C888C7AB-BE6C-4C2E-A016-8548A225F582} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=12B30C05-DB2D-478D-AE24-461A6CFBBC11&apn_sauid=4D4EE521-575F-40E7-81A1-F1A438E9DA21
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{626301C4-89A5-4205-85B3-CDD69DA99BAB}: [NameServer]139.7.30.126 139.7.30.125
Chrome:
=======
CHR HomePage: hxxp://start.icq.com/
CHR RestoreOnStartup: "hxxp://www.google.de/ig?hl=de&source=iglk"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (WiseConvert) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm\2.3.19.11_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Full Screen Weather) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Norton Identity Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\user\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\user\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\Exts\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-15] (Lenovo.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-06-29] ()
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
S2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-02-04] ()
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
S2 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1693128 2009-04-03] (UltraVNC)
==================== Drivers (Whitelisted) ====================
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-05-26] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130726.001\IDSvia64.sys [513184 2013-01-02] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130726.001\IDSvia64.sys [513184 2013-01-02] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130729.003\ENG64.SYS [126040 2013-05-26] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130729.003\ENG64.SYS [126040 2013-05-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130729.003\EX64.SYS [2098776 2013-05-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130729.003\EX64.SYS [2098776 2013-05-26] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2010-09-01] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2010-09-01] ()
S3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2010-04-26] (QUALCOMM Incorporated)
S3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
S3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2012-03-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-08-08] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2012-03-29] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2012-03-29] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S4 Wftelnsvsicen; No ImagePath
U2 wuaserv;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-29 23:04 - 2013-07-30 00:13 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini
2013-07-29 22:59 - 2013-07-29 23:02 - 00000000 ____D C:\Users\user\Downloads\mietvertrag-kuendigung
2013-07-25 18:32 - 2013-07-25 18:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-07-05 11:44 - 2013-07-07 21:28 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-07-05 11:44 - 2013-07-05 11:44 - 00000000 ____D C:\Users\user\AppData\Roaming\RavensburgerTipToi
2013-07-05 11:43 - 2013-07-07 21:28 - 00001087 _____ C:\Users\user\Desktop\tiptoi.lnk
2013-07-05 11:43 - 2013-07-05 11:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2013-07-05 11:43 - 2013-07-05 11:43 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi
18
==================== One Month Modified Files and Folders =======
2013-07-30 00:19 - 2013-07-30 00:19 - 00000000 ____D C:\FRST
2013-07-30 00:13 - 2013-07-29 23:04 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini
2013-07-30 00:13 - 2012-05-29 09:50 - 00000000 ____D C:\ProgramData\Kodak
2013-07-30 00:13 - 2010-09-01 10:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-30 00:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 00:12 - 2009-07-14 06:51 - 00167700 _____ C:\Windows\setupact.log
2013-07-29 23:18 - 2013-01-04 10:53 - 00000000 ____D C:\Program Files (x86)\ShortCut
2013-07-29 23:18 - 2012-05-08 10:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2013-07-29 23:10 - 2012-05-03 19:32 - 00000000 ____D C:\Users\user\AppData\Roaming\ShortCut
2013-07-29 23:05 - 2012-05-07 10:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-07-29 23:02 - 2013-07-29 22:59 - 00000000 ____D C:\Users\user\Downloads\mietvertrag-kuendigung
2013-07-29 22:59 - 2012-05-10 19:26 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-07-29 22:56 - 2012-12-14 00:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 22:56 - 2012-05-03 18:43 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2544768096-3903362788-2328349013-1000UA.job
2013-07-29 22:56 - 2010-09-01 10:36 - 02023304 _____ C:\Windows\WindowsUpdate.log
2013-07-29 20:37 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 20:37 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 20:34 - 2010-09-01 20:01 - 09545046 _____ C:\Windows\system32\perfh007.dat
2013-07-29 20:34 - 2010-09-01 20:01 - 02987286 _____ C:\Windows\system32\perfc007.dat
2013-07-29 20:34 - 2009-07-14 07:13 - 00005198 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 20:33 - 2012-05-08 11:06 - 00000000 ___RD C:\Users\user\Dropbox
2013-07-29 09:48 - 2012-05-03 18:43 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2544768096-3903362788-2328349013-1000Core.job
2013-07-25 18:32 - 2013-07-25 18:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-07-24 23:16 - 2011-07-18 18:05 - 00000000 ____D C:\Daten
2013-07-24 22:29 - 2010-09-01 10:22 - 00497106 _____ C:\Windows\PFRO.log
2013-07-22 20:35 - 2013-06-26 13:04 - 00000000 ____D C:\Users\user\Downloads\sSttaaccyy
2013-07-22 20:35 - 2012-06-01 22:25 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-07-22 13:31 - 2012-05-03 19:36 - 00000000 ____D C:\Users\user\AppData\Roaming\PTGui
2013-07-18 11:17 - 2012-05-03 18:43 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544768096-3903362788-2328349013-1000UA
2013-07-18 11:17 - 2012-05-03 18:43 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544768096-3903362788-2328349013-1000Core
2013-07-14 00:23 - 2012-05-03 20:16 - 00000000 ____D C:\ProgramData\Norton
2013-07-07 21:28 - 2013-07-05 11:44 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-07-07 21:28 - 2013-07-05 11:43 - 00001087 _____ C:\Users\user\Desktop\tiptoi.lnk
2013-07-05 11:44 - 2013-07-05 11:44 - 00000000 ____D C:\Users\user\AppData\Roaming\RavensburgerTipToi
2013-07-05 11:43 - 2013-07-05 11:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2013-07-05 11:43 - 2013-07-05 11:43 - 00000000 ____D C:\Program Files (x86)\Ravensburger tiptoi
2013-07-05 09:11 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
Files to move or delete:
====================
C:\Users\user\AppData\Roaming\cache.dat
C:\Users\user\AppData\Roaming\cache.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-24 12:46
==================== End Of Log ============================
bei meinem Problem helfen könnt. Über diesen Link bin ich auf dieses Forum aufmerksam geworden. http://www.trojaner-board.de/138945-...anmeldung.html Vielen Dank! |
|
30.07.2013, 05:57
| #2 |
| /// the machine /// TB-Ausbilder    | Weißer Monitor nach Windows 7 Anmeldung Drücke bitte die
__________________ + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\user\AppData\Roaming\cache.dat [74240 2011-11-17] () <==== ATTENTION
C:\Users\user\AppData\Roaming\cache.dat
C:\Users\user\AppData\Roaming\cache.ini
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. neu booten 
__________________ |
|
30.07.2013, 06:46
| #3 |
| | Weißer Monitor nach Windows 7 Anmeldung Guten Morgen!
__________________Das gibt es doch nicht, es funktioniert wieder. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 01
Ran by user at 2013-07-30 07:42:20 Run:2
Running from D:\
Boot Mode: Safe Mode (minimal)
==============================================
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\user\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\user\AppData\Roaming\cache.ini => Moved successfully.
==== End of Fixlog ====
|
|
30.07.2013, 08:00
| #4 |
| /// the machine /// TB-Ausbilder | Weißer Monitor nach Windows 7 Anmeldung Nicht verzagen, schrauber fragen  Kontrollscans im normalen Modus Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Weißer Monitor nach Windows 7 Anmeldung |
| administrator, adobe flash player, browser, chromium, desktop, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, google, helper, homepage, iexplore.exe, microsoft, monitor, nvidia, plug-in, pwmtr64v.dll, registry, rundll, rundll32, scan, security, services.exe, software, svchost.exe, symantec, system, windows, winlogon.exe |
Linear-Darstellung
