Nach Windows-Start kommt ein weißer Sperrbildschirm

user1 · 12.08.2013, 18:20

Hallo,
als ich meinen Rechner gestartet habe und mich Eingeloggt hab, kam nur ein weißer Bildschirm.
Ich habe mich im Forum ein wenig Informiert und bereits die ersten paar Schritte(mit FRST) gemacht(bis ich Gelsen habe man sollte nichts auf eigene Faust unternehmen), jedoch ohne Erfolg.... .
Die Dateien habe ich noch, wenn Der/Die Helfer/in sie noch sehen will kann ich sie gerne anhängen(oder wie er sie sonst haben möchte)

Ich bitte um hilfe.
Ein großes Dankeschön im Vorraus

markusg · 12.08.2013, 18:20

Hi,
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

user1 · 12.08.2013, 18:24

DAnke für die schnelle Antwort
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013
Ran by SYSTEM on 11-08-2013 16:53:47
Running from H:\
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] - C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-05-20] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Tobias\...\Run: [ASRockOCTuner] -  [x]
HKU\Tobias\...\Run: [ASRockIES] -  [x]
HKU\Tobias\...\Run: [zASRockInstantBoot] -  [x]
HKU\Tobias\...\Run: [Steam] - D:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-26] (Valve Corporation)
HKU\Tobias\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-17] ()
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
S2 DisplayFusionService; "D:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [x]

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-25] (Symantec Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-05-21] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-05-20] (FNet Co., Ltd.)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-10] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-10] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-05-20] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 17:20 - 2013-07-25 17:31 - 00000000 ____D C:\Users\Tobias\Desktop\Backup Walkman
2013-07-20 14:07 - 2013-07-20 14:07 - 08775080 _____ (Wargaming.net                                               ) C:\Users\Tobias\Downloads\WoWP_internet_install_eu.exe
2013-07-18 18:44 - 2013-07-18 18:44 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2013-08-11 11:38 - 2009-07-14 18:58 - 00653928 _____ C:\Windows\System32\perfh007.dat
2013-08-11 11:38 - 2009-07-14 18:58 - 00129800 _____ C:\Windows\System32\perfc007.dat
2013-08-11 11:38 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-11 11:29 - 2013-05-28 17:35 - 00000000 ____D C:\Users\Tobias\AppData\Local\LogMeIn Hamachi
2013-08-11 11:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-11 11:29 - 2009-07-14 05:51 - 00035805 _____ C:\Windows\setupact.log
2013-08-11 10:02 - 2013-05-20 14:56 - 01945165 _____ C:\Windows\WindowsUpdate.log
2013-08-11 09:49 - 2013-06-20 14:45 - 00000000 ____D C:\Users\Tobias\AppData\Local\Pokki
2013-08-11 09:45 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-11 09:45 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-11 09:41 - 2013-06-14 20:38 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-08-10 21:17 - 2013-05-24 18:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 21:11 - 2013-05-28 17:33 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\.minecraft
2013-08-10 20:22 - 2013-05-24 22:03 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-26 17:36 - 2013-06-16 18:00 - 00000000 ____D C:\Users\Tobias\AppData\Local\Warframe
2013-07-25 17:31 - 2013-07-25 17:20 - 00000000 ____D C:\Users\Tobias\Desktop\Backup Walkman
2013-07-20 14:30 - 2013-05-21 18:40 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Wargaming.net
2013-07-20 14:08 - 2013-05-21 18:06 - 00000000 ___RD C:\Users\Tobias\Desktop\Spiele Tobi
2013-07-20 14:08 - 2013-05-20 19:18 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-20 14:07 - 2013-07-20 14:07 - 08775080 _____ (Wargaming.net                                               ) C:\Users\Tobias\Downloads\WoWP_internet_install_eu.exe
2013-07-18 18:44 - 2013-07-18 18:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-18 18:44 - 2013-05-28 17:33 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-18 18:44 - 2013-05-28 17:33 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-18 18:44 - 2013-05-28 17:33 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-18 18:44 - 2013-05-28 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-18 18:44 - 2013-05-28 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-18 18:44 - 2013-05-28 17:33 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-17 18:47 - 2013-06-14 20:44 - 00000000 ____D C:\Users\Tobias\AppData\Local\Adobe
2013-07-17 18:47 - 2013-05-24 18:05 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-17 18:47 - 2013-05-24 18:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-17 18:47 - 2013-05-24 18:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-14 15:59 - 2013-05-20 19:28 - 00133191 _____ C:\Windows\DirectX.log
2013-07-14 15:57 - 2013-05-20 15:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-14 09:56 - 2013-06-14 20:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-14 09:56 - 2013-06-14 20:37 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 14:01 - 2013-06-16 15:54 - 00000000 ____D C:\Users\Tobias\AppData\Local\ArmA 2 OA
2013-07-13 13:52 - 2013-07-10 20:20 - 00000000 ____D C:\ProgramData\WarThunder
2013-07-13 10:55 - 2013-05-21 18:52 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\TS3Client

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-04 17:52:09
Restore point made on: 2013-07-09 16:44:04
Restore point made on: 2013-07-10 20:48:02
Restore point made on: 2013-07-13 18:27:45
Restore point made on: 2013-07-14 15:59:08
Restore point made on: 2013-07-14 15:59:44
Restore point made on: 2013-07-16 18:36:04
Restore point made on: 2013-07-18 18:43:43
Restore point made on: 2013-07-20 09:39:47
Restore point made on: 2013-07-23 16:47:15
Restore point made on: 2013-08-10 20:20:51

==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 8175.24 MB
Available physical RAM: 7339.99 MB
Total Pagefile: 8173.39 MB
Available Pagefile: 7345.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:45.67 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Festplatte) (Fixed) (Total:465.66 GB) (Free:203.4 GB) NTFS (Disk=1 Partition=2)
Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (bie764g) (CDROM) (Total:2.85 GB) (Free:0 GB) CDFS
Drive h: (VOLUME) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: BDA8CD62)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9ABD1A82)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: C1475B4D)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-07-25 18:36

==================== End Of Log ============================

--- --- ---

Zitat:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-08-2013
Ran by SYSTEM at 2013-08-11 17:03:58 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

HKU\Ingo Parche\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
"C:\Users\Ingo Parche\AppData\Roaming\skype.dat " => File/Directory not found.
"C:\Users\Ingo Parche\AppData\Roaming\skype.ini" => File/Directory not found.

==== End of Fixlog ====

markusg · 12.08.2013, 18:30

wer hatte dich angewiesen einen fix auszuführen? kannst du danach wieder starten?

user1 · 12.08.2013, 18:33

Der fix war Aus den Schritten von vorher, habe anscheinen Vergessen es dazu zu schreiben.
Ja es ist alles noch wie vorher.

markusg · 12.08.2013, 18:38

steht da nich das die Fixes für die jeweiligen Nutzer sind?
hier sehe ich erst mal nichts, wir müssen folgenes machen
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die

Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

user1 · 12.08.2013, 19:18

habe die cd nun eingelegt allerdings will er statdessen "Browse for Folder"

markusg · 12.08.2013, 19:40

klappe alles nacheinander auf, wähle den Ordner Windows und dann gehts

user1 · 12.08.2013, 19:47

soll ich den text etwa per hand eintippen? oder kann man das auch als .txt auf einem usb stick kopieren?

markusg · 12.08.2013, 19:50

ne auf einen usb stick oder wenn du Internet hast kakopieren

user1 · 12.08.2013, 20:09

nach einer weile ist eine fehlermeldung aufgetaucht "out of memory" ich habe einfach auf ok geklickt.

markusg · 12.08.2013, 20:40

Versuchs mal ohne mein Script, dann sollte es gehen

user1 · 12.08.2013, 21:13

Danke jetzt hat es prima geklappt

Code:

ATTFilter

OTL logfile created on: 8/12/2013 11:09:11 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 45.67 Gb Free Space | 38.33% Space Free | Partition Type: NTFS
Drive D: | 465.66 Gb Total Space | 203.40 Gb Free Space | 43.68% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 75.66 Mb Free Space | 75.66% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 75.69 Mb Free Space | 75.69% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 21:34:18 | 000,241,152 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/03/28 16:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/10/19 10:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/07 05:42:30 | 004,308,320 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/07/26 18:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/17 13:47:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/28 08:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 03:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/17 13:23:24 | 000,049,152 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2011/08/10 08:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/21 13:12:18 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013/05/20 10:09:12 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/20 10:04:07 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013/03/28 22:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 21:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 07:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/09 04:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/02/21 12:46:18 | 000,396,776 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/02/21 12:46:18 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/01/13 06:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011/12/12 02:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/12 02:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/09/21 11:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/08/23 09:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/08 11:38:06 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 14:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/08/02 14:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/28 15:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/07/25 14:18:40 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/07/25 14:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/07/25 14:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2011/07/04 09:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV:64bit: - [2011/05/10 10:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 03:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 12:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011/08/09 21:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS -- (NAVEX15)
DRV - [2011/08/09 21:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS -- (NAVENG)
DRV - [2011/07/25 14:15:12 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/07/20 13:43:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys -- (IDSVia64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Tobias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tobias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
 
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\System32\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Tobias_ON_C..\Run: [ASRockIES]  File not found
O4 - HKU\Tobias_ON_C..\Run: [ASRockOCTuner]  File not found
O4 - HKU\Tobias_ON_C..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\Tobias_ON_C..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/11 11:53:38 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/25 12:20:14 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Backup Walkman
[2013/07/20 09:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2013/07/18 13:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/12 13:35:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/12 13:35:03 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/11 11:36:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 11:36:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 11:35:51 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/11 11:35:51 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/11 11:35:51 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/11 11:35:51 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/11 11:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/11 11:05:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/08/10 15:22:06 | 000,001,102 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/08/10 15:22:06 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/07/20 09:08:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2013/07/18 13:44:24 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/18 13:44:24 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/18 13:44:24 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/18 13:44:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/18 13:44:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/18 13:44:24 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/17 13:47:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/17 13:47:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/08/11 11:05:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/05/22 12:42:10 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2013/05/20 12:06:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/20 12:04:41 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/05/20 12:04:41 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/20 12:04:41 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/20 10:06:10 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013/05/20 10:06:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013/05/20 10:06:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013/05/20 10:06:09 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/05/20 10:06:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/05/20 10:04:16 | 000,000,003 | ---- | C] () -- C:\Users\Tobias\AppData\Local\user_data.ini
[2013/03/28 22:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 22:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/11/26 19:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2013/08/10 16:11:48 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\.minecraft
[2013/06/18 08:18:00 | 000,000,000 | -HSD | M] -- C:\Users\Tobias\AppData\Roaming\Common
[2013/06/18 08:22:35 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DeviceVm
[2013/06/20 09:45:02 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DVDVideoSoft
[2013/06/16 05:10:12 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\fltk.org
[2013/06/29 06:37:53 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Fritzing
[2013/06/14 15:44:20 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\OpenOffice.org
[2013/07/13 05:55:21 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\TS3Client
[2013/06/14 15:16:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ubisoft
[2013/07/20 09:30:51 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Wargaming.net
[2013/06/20 09:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/03 14:14:45 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2013/05/20 09:56:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/05/28 12:33:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2013/06/18 08:17:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Binary Fortress Software
[2013/06/16 11:05:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Bohemia Interactive Studio
[2013/05/20 10:04:08 | 000,000,000 | ---D | M] -- C:\ProgramData\cFos
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2013/06/18 08:22:51 | 000,000,000 | ---D | M] -- C:\ProgramData\DeviceVM
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/05/20 09:56:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2013/05/20 09:56:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/06/16 05:10:12 | 000,000,000 | ---D | M] -- C:\ProgramData\fltk.org
[2013/05/20 10:04:07 | 000,000,000 | ---D | M] -- C:\ProgramData\FNET
[2013/06/14 15:17:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/05/20 09:56:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2013/05/20 10:06:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/05/20 09:56:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/07/13 08:52:43 | 000,000,000 | ---D | M] -- C:\ProgramData\WarThunder
[2013/05/20 10:05:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2009/07/14 01:08:49 | 000,024,318 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

markusg · 12.08.2013, 21:17

HHi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

vorher modus im bios umändern.
geht es jetzt wieder?

user1 · 12.08.2013, 21:33

also den fix konnte ich nicht auswählen also habe ich ihn manuel (wie beim scan) eingetragen. er war sofort fertig und hat mir eine txt datei angezeigt jedoch fährt er nicht runter.

12.08.2013, 20:40	#12
markusg /// Malware-holic	Nach Windows-Start kommt ein weißer Sperrbildschirm Versuchs mal ohne mein Script, dann sollte es gehen __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Nach Windows-Start kommt ein weißer Sperrbildschirm

Plagegeister aller Art und deren Bekämpfung: Nach Windows-Start kommt ein weißer Sperrbildschirm