|
Plagegeister aller Art und deren Bekämpfung: Weisser Bildschirm nach dem HochfahrenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.09.2013, 17:39 | #1 |
| Weisser Bildschirm nach dem Hochfahren Hallo Ich habe ein kleines Problem ich habe einen Laptop der seit gestern nach dem Hochfahren nur noch einen weißen Bildschirm anzeigt Kann auch nur noch mit dem abgesicherten Modus mit Eingabeaufforderung starten. Habe auch schon einiges OTL gelesen aber nun ja experte bin ich leider nicht.. Kann mit bitte jemand helfen da ich die Dateien erhalten will Vielen Danke Stylecore |
26.09.2013, 18:21 | #2 |
/// the machine /// TB-Ausbilder | Weisser Bildschirm nach dem Hochfahren hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
27.09.2013, 08:49 | #3 |
| Weisser Bildschirm nach dem Hochfahren FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013 Ran by Weyers (administrator) on NB-W7-WEYERS on 26-09-2013 21:45:04 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [lxecmon.exe] - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] () HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-07-26] (Lenovo) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-07-26] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-07-26] (Lenovo (Beijing) Limited) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation) HKLM-x32\...\RunOnce: [OTL] - "H:\OTL.exe" [602112 2013-09-26] (OldTimer Tools) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Weyers\AppData\Roaming\cache.dat [71168 2013-09-25] () <==== ATTENTION HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-07-26] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a02c234f-f2b7-4fe2-add9-bfbca7b5f156&searchtype=hp&fr=linkury-tb&installDate=20/04/2013&type=hp1000 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a02c234f-f2b7-4fe2-add9-bfbca7b5f156&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a02c234f-f2b7-4fe2-add9-bfbca7b5f156&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a02c234f-f2b7-4fe2-add9-bfbca7b5f156&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a02c234f-f2b7-4fe2-add9-bfbca7b5f156&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a02c234f-f2b7-4fe2-add9-bfbca7b5f156&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=a02c234f-f2b7-4fe2-add9-bfbca7b5f156&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Picasa - {AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F} - C:\Users\Weyers\AppData\LocalLow\Picasa\IE\Picasa.dll (Google Inc.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Extension: m2k - C:\Users\Weyers\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor Chrome: ======= CHR HomePage: hxxp://www.google.de/ig?hl=de&source=webhp CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Weyers\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Extension: (SiteAdvisor) - C:\Users\Weyers\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1 CHR Extension: (Picasa) - C:\Users\Weyers\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoflmenbgaadldfcbhabhnolchkpoohg\3.8.412_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Weyers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Weyers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [hfikdpojhgckaejifppccjeedkjcndpp] - C:\Users\Weyers\AppData\Roaming\BabSolution\CR\hola.crx CHR HKLM-x32\...\Chrome\Extension: [hoflmenbgaadldfcbhabhnolchkpoohg] - C:\Users\Weyers\AppData\LocalLow\Picasa\CHROME\Picasa.crx CHR HKLM-x32\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx ==================== Services (Whitelisted) ================= S2 lxecCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxec_device; C:\windows\system32\lxeccoms.exe [1052328 2010-04-14] ( ) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [120592 2013-05-22] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 PicasaUpdater; C:\Users\Weyers\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe [18432 2011-09-02] () ==================== Drivers (Whitelisted) ==================== S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800576 2010-03-15] (Sonix Technology Co., Ltd.) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 nvUpdatusService; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; U2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-26 21:44 - 2013-09-26 21:44 - 00000000 ____D C:\FRST 2013-09-25 13:41 - 2013-09-26 19:17 - 00000004 _____ C:\Users\Weyers\AppData\Roaming\cache.ini 2013-09-25 11:27 - 2013-09-25 13:40 - 00071168 ____R C:\Users\Weyers\AppData\Roaming\cache.dat 2013-09-11 22:35 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-09-11 22:35 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-09-11 22:35 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-09-11 22:35 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-09-11 22:35 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-09-11 22:35 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-09-11 22:35 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-09-11 22:35 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-09-11 22:35 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-09-11 22:35 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-09-11 22:35 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-09-11 22:35 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-09-11 22:35 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-09-11 22:35 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-09-11 22:35 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-09-11 22:35 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-09-11 22:35 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-09-11 22:35 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-09-11 22:35 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-09-11 22:35 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-09-11 22:35 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-09-11 22:35 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-09-11 22:35 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-09-11 22:35 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-09-11 22:35 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-09-11 22:35 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-09-11 22:35 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-09-11 22:35 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-09-11 22:35 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-09-11 22:35 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-09-11 22:35 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-09-11 22:34 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-09-11 21:57 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-09-11 21:57 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys 2013-09-11 21:57 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-09-11 21:57 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-09-11 21:57 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2013-09-11 21:57 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-09-11 21:57 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2013-09-11 21:57 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2013-09-11 21:57 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2013-09-11 21:57 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2013-09-11 21:57 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-09-11 21:57 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-09-11 21:57 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-09-11 21:57 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2013-09-11 21:57 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2013-09-11 21:57 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2013-09-11 21:57 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2013-09-11 21:57 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-09-11 21:57 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-09-11 21:57 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-09-11 21:57 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-09-11 21:57 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 21:57 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 21:57 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-09-11 21:57 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-09-11 21:57 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-09-11 21:57 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-09-07 17:58 - 2013-09-07 18:08 - 00000000 ____D C:\Users\Weyers\Bilder neu alt ==================== One Month Modified Files and Folders ======= 2013-09-26 21:44 - 2013-09-26 21:44 - 00000000 ____D C:\FRST 2013-09-26 21:41 - 2011-07-26 01:16 - 00435057 _____ C:\windows\system32\fastboot.set 2013-09-26 19:17 - 2013-09-25 13:41 - 00000004 _____ C:\Users\Weyers\AppData\Roaming\cache.ini 2013-09-26 19:17 - 2011-09-16 13:43 - 02258462 _____ C:\FaceProv.log 2013-09-26 19:17 - 2011-07-26 01:02 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-26 19:16 - 2012-06-01 17:10 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-26 19:16 - 2011-07-26 01:09 - 00000000 ____D C:\ProgramData\VeriFace 2013-09-26 19:16 - 2011-07-25 20:41 - 01952023 _____ C:\windows\WindowsUpdate.log 2013-09-26 18:38 - 2011-07-25 12:29 - 00654400 _____ C:\windows\system32\perfh007.dat 2013-09-26 18:38 - 2011-07-25 12:29 - 00130240 _____ C:\windows\system32\perfc007.dat 2013-09-26 18:38 - 2009-07-14 07:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-26 18:28 - 2011-11-25 13:37 - 00127089 _____ C:\ProgramData\lxecscan.log 2013-09-26 18:28 - 2011-07-26 01:02 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-26 18:27 - 2013-08-20 16:28 - 00002800 _____ C:\windows\setupact.log 2013-09-26 18:27 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-26 17:34 - 2009-07-14 06:45 - 00021072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-26 17:34 - 2009-07-14 06:45 - 00021072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-25 13:40 - 2013-09-25 11:27 - 00071168 ____R C:\Users\Weyers\AppData\Roaming\cache.dat 2013-09-25 12:20 - 2013-05-02 17:55 - 00279040 ___SH C:\Users\Weyers\Thumbs.db 2013-09-25 11:49 - 2011-07-26 01:03 - 00002183 _____ C:\Users\Public\Desktop\Internetbrowser.lnk 2013-09-25 11:47 - 2011-09-16 13:43 - 00000000 ____D C:\Users\Weyers 2013-09-23 20:36 - 2013-03-26 01:34 - 00025357 _____ C:\Users\Weyers\Pictures\Documents\Geldausgaben 20122013.xlsx 2013-09-20 09:56 - 2012-06-01 17:10 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-09-20 09:56 - 2012-06-01 17:10 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 09:56 - 2012-06-01 17:10 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-09-12 21:12 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2013-09-12 19:47 - 2011-09-16 13:43 - 00000000 ___RD C:\Users\Weyers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-12 19:47 - 2011-09-16 13:43 - 00000000 ___RD C:\Users\Weyers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-12 19:46 - 2009-07-14 06:45 - 00428824 _____ C:\windows\system32\FNTCACHE.DAT 2013-09-12 19:43 - 2010-11-21 05:47 - 00065026 _____ C:\windows\PFRO.log 2013-09-11 22:38 - 2011-09-16 15:04 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-07 18:08 - 2013-09-07 17:58 - 00000000 ____D C:\Users\Weyers\Bilder neu alt 2013-09-02 16:49 - 2013-02-02 10:52 - 00000000 ____D C:\Program Files\McAfee Files to move or delete: ==================== C:\Users\Weyers\AppData\Roaming\cache.dat C:\Users\Weyers\AppData\Roaming\cache.ini C:\Users\Weyers\FreeYouTubeToMP3Converter-3122426.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-12 21:05 ==================== End Of Log ============================ --- --- --- --- --- --- ... |
27.09.2013, 10:27 | #4 |
/// the machine /// TB-Ausbilder | Weisser Bildschirm nach dem Hochfahren Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Weyers\AppData\Roaming\cache.dat [71168 2013-09-25] () <==== ATTENTION C:\Users\Weyers\AppData\Roaming\cache.dat C:\Users\Weyers\AppData\Roaming\cache.ini C:\Users\Weyers\FreeYouTubeToMP3Converter-3122426.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.09.2013, 10:45 | #5 |
| Weisser Bildschirm nach dem HochfahrenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013 Ran by SYSTEM at 2013-09-27 11:39:32 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Weyers\AppData\Roaming\cache.dat [71168 2013-09-25] () <==== ATTENTION C:\Users\Weyers\AppData\Roaming\cache.dat C:\Users\Weyers\AppData\Roaming\cache.ini C:\Users\Weyers\FreeYouTubeToMP3Converter-3122426.exe ***************** HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Weyers\AppData\Roaming\cache.dat [71168 2013-09-25] () <==== ATTENTION => Error: The entry should be fixed outside recovery mode. C:\Users\Weyers\AppData\Roaming\cache.dat => Moved successfully. C:\Users\Weyers\AppData\Roaming\cache.ini => Moved successfully. C:\Users\Weyers\FreeYouTubeToMP3Converter-3122426.exe => Moved successfully. ==== End of Fixlog ==== |
27.09.2013, 17:27 | #6 |
/// the machine /// TB-Ausbilder | Weisser Bildschirm nach dem Hochfahren Startet der Rechner normal?
__________________ --> Weisser Bildschirm nach dem Hochfahren |
Themen zu Weisser Bildschirm nach dem Hochfahren |
abgesicherte, abgesicherten, abgesicherten modus, bildschirm, dateien, eingabeaufforderung, erhalte, erhalten, experte, gestern, hochfahren, kleines, laptop, modus, problem, starte, weisser, weisser bildschirm, weiße |