| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7 64Bit Weißer Bildschirm nach AnmeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.09.2013, 17:19
| #1 |
| |  Win7 64Bit Weißer Bildschirm nach Anmeldung Hallo, ich hab das Problem das nach der Anmeldung der Bildschirm Weiss ist und nur noch der Cursor zu sehen ist. STRG ALT ENTF funktioniert. Beim Ausführen des Taskmanagers kommt man aber nur zurück zu dem weissen Bildschirm. Ich hab bisher auch in weiteren FOREN gelesen und hab die Anleitung durchgegangen. http://www.trojaner-board.de/131410-...ndows-7-a.html Allerdings ist das glaube ich ein spezifisches Problem, ich hab bisher die ausführung von FRST gemacht. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by SYSTEM on MININT-CHLBNM8 on 08-09-2013 18:01:08
Running from G:\
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8081952 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [ClamWin] - C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2012-03-22] (alch)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\Kaufi\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\Kaufi\...\Run: [AdobeBridge] -
HKU\Kaufi\...\Winlogon: [Shell] explorer.exe,C:\Users\Kaufi\AppData\Roaming\cache.dat [66560 2011-11-17] () <==== ATTENTION
Startup: C:\Users\Kaufi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) =================
S2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2009-05-03] (Syntek America Inc.)
==================== Drivers (Whitelisted) ====================
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-24] (DT Soft Ltd)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1700240 2009-07-03] (Syntek)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-30 03:25 - 2013-09-08 16:56 - 00000004 _____ C:\Users\Kaufi\AppData\Roaming\cache.ini
2013-08-18 18:54 - 2013-08-18 18:54 - 00291248 _____ C:\Windows\Minidump\081813-32042-01.dmp
2013-08-18 02:11 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-18 02:11 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-18 02:11 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-18 02:11 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-18 02:11 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-18 02:11 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-18 02:11 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 02:11 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 02:11 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 02:11 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 02:11 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 02:11 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 02:11 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-18 02:11 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 02:01 - 2013-08-18 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-08-17 17:16 - 2013-08-17 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 14:00 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-16 14:00 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 14:00 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-16 14:00 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 14:00 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-16 14:00 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-16 14:00 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-16 14:00 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-16 14:00 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-16 14:00 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 14:00 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 14:00 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 14:00 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 14:00 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 14:00 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-16 14:00 - 2013-06-15 05:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-08-16 14:00 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-14 01:35 - 2013-08-14 01:35 - 00066560 _____ C:\Users\Kaufi\Downloads\video_720p.exe
==================== One Month Modified Files and Folders =======
2013-09-08 18:00 - 2013-09-08 18:00 - 00000000 ____D C:\FRST
2013-09-08 16:56 - 2013-08-30 03:25 - 00000004 _____ C:\Users\Kaufi\AppData\Roaming\cache.ini
2013-09-08 16:56 - 2012-05-24 20:10 - 01346896 _____ C:\Windows\WindowsUpdate.log
2013-09-08 16:56 - 2009-07-14 05:51 - 00067953 _____ C:\Windows\setupact.log
2013-09-08 16:56 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 16:56 - 2009-07-14 05:45 - 00014224 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 16:52 - 2012-05-25 16:52 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 16:45 - 2012-05-25 16:52 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 16:45 - 2012-05-25 16:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-30 13:26 - 2012-05-31 17:08 - 00000000 ____D C:\Users\Kaufi\AppData\Roaming\Dropbox
2013-08-30 13:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 03:21 - 2012-05-31 17:58 - 00000000 ____D C:\Users\Kaufi\AppData\Roaming\vlc
2013-08-30 01:09 - 2012-05-26 17:05 - 00000000 ____D C:\Users\Kaufi\AppData\Local\Adobe
2013-08-29 13:20 - 2012-05-31 18:07 - 00000000 ____D C:\Users\Kaufi\Desktop\[[Muz!k]]
2013-08-21 18:44 - 2012-05-25 16:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:44 - 2012-05-25 16:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 18:44 - 2012-05-25 16:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 18:43 - 2013-05-14 23:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-18 22:07 - 2013-08-08 21:57 - 00000000 ____D C:\Users\Kaufi\Downloads\Indien
2013-08-18 18:54 - 2013-08-18 18:54 - 00291248 _____ C:\Windows\Minidump\081813-32042-01.dmp
2013-08-18 18:54 - 2012-06-13 12:05 - 00000000 ____D C:\Windows\Minidump
2013-08-18 16:29 - 2012-05-24 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 02:52 - 2009-07-14 18:58 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-08-18 02:52 - 2009-07-14 18:58 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-08-18 02:52 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-18 02:03 - 2013-08-18 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-08-18 02:01 - 2012-05-25 17:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-17 17:16 - 2013-08-17 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 01:35 - 2013-08-14 01:35 - 00066560 _____ C:\Users\Kaufi\Downloads\video_720p.exe
2013-08-09 01:31 - 2012-05-24 20:32 - 00000000 ____D C:\Users\Kaufi\AppData\Roaming\Skype
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Kaufi\AppData\Roaming\cache.dat
C:\Users\Kaufi\AppData\Roaming\cache.ini
C:\Users\Kaufi\AppData\Local\Temp\ose00000.exe
C:\Users\Kaufi\AppData\Local\Temp\SkypeSetup.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-09-08 16:47:46
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 4090.61 MB
Available physical RAM: 3448.38 MB
Total Pagefile: 4088.76 MB
Available Pagefile: 3471.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:249.26 GB) (Free:1.37 GB) NTFS
Drive d: () (Fixed) (Total:48.73 GB) (Free:31.9 GB) NTFS
Drive g: () (Removable) (Total:3.8 GB) (Free:1.03 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3A21C8C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 1A94AB86)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-09-08 16:45
==================== End Of Log ============================
Vielen Dank jetzt schon für die Hilfe. Liebe Grüße |
| Themen zu Win7 64Bit Weißer Bildschirm nach Anmeldung |
| adobe flash player, association, bildschirm, crypt, cursor, dll, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, foren, free, microsoft, minidump, mozilla, problem, realtek, registry, rundll, rundll32.exe, scan, services.exe, svchost.exe, system, system32, temp, winlogon, winlogon.exe |
Baum-Darstellung