![]() |
|
Log-Analyse und Auswertung: Weisser Bildschirm VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Weisser Bildschirm Virus Hallo, der Laptop von einem Freund ist von einem Virus befallen. Beim Starten von Windows ( Win 7) sieht man nur einen weissen Bildschirm. Abgesicherter Modus usw. funktioniert auch nicht, da der Rechner sofort herunterfährt. Ich habe hier einige Themen mit ähnlichen Problemen durchgelesen und habe dann mit frst gescannt. Hier der frst.txt, ich bitte um Hilfe. Vielen Dank im Voraus. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04 Ran by SYSTEM on MININT-POKQJ9U on 01-02-2014 21:57:08 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-22] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-12] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS) HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKU\canpolat\...\Run: [Facebook Update] - C:\Users\canpolat\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-29] (Facebook Inc.) HKU\canpolat\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19604072 2013-06-03] (Skype Technologies S.A.) HKU\canpolat\...\Winlogon: [Shell] explorer.exe,C:\Users\canpolat\AppData\Roaming\skype.dat [106496 2014-01-17] () <==== ATTENTION ==================== Services (Whitelisted) ================= S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-11-17] () ==================== Drivers (Whitelisted) ==================== S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-01 21:56 - 2014-02-01 21:57 - 00000000 ____D () C:\FRST 2014-01-31 11:00 - 2014-01-31 11:00 - 00003224 ____N () C:\bootsqm.dat 2014-01-19 08:40 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-01-19 07:54 - 2013-11-26 03:25 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-01-19 06:55 - 2014-01-19 07:07 - 00002872 _____ () C:\Windows\System32\TmInstall.log 2014-01-19 06:55 - 2014-01-19 06:55 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log 2014-01-19 06:45 - 2014-01-19 06:51 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-01-17 16:13 - 2014-02-01 12:32 - 00000004 _____ () C:\Users\canpolat\AppData\Roaming\skype.ini 2014-01-17 16:01 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys 2014-01-17 16:01 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys 2014-01-17 16:01 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys 2014-01-17 16:01 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys 2014-01-17 16:01 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys 2014-01-17 16:01 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys 2014-01-17 16:01 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys ==================== One Month Modified Files and Folders ======= 2014-02-01 21:57 - 2014-02-01 21:56 - 00000000 ____D () C:\FRST 2014-02-01 21:29 - 2013-03-02 05:57 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-02-01 21:29 - 2012-02-08 15:18 - 00000000 ____D () C:\ProgramData\P4G 2014-02-01 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration 2014-02-01 12:35 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-01 12:35 - 2009-07-13 20:51 - 00172236 _____ () C:\Windows\setupact.log 2014-02-01 12:32 - 2014-01-17 16:13 - 00000004 _____ () C:\Users\canpolat\AppData\Roaming\skype.ini 2014-02-01 12:32 - 2011-04-12 18:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-01 12:31 - 2011-09-14 00:17 - 00000000 ____D () C:\users\canpolat 2014-02-01 12:12 - 2011-09-14 00:18 - 00000000 ___HD () C:\ASUS.DAT 2014-01-31 11:00 - 2014-01-31 11:00 - 00003224 ____N () C:\bootsqm.dat 2014-01-31 10:18 - 2011-07-13 21:11 - 01867256 _____ () C:\Windows\WindowsUpdate.log 2014-01-26 11:42 - 2013-03-20 03:54 - 00000000 ____D () C:\Users\canpolat\AppData\Roaming\Skype 2014-01-26 11:42 - 2011-03-17 03:52 - 00008768 _____ () C:\Windows\System32\perfh019.dat 2014-01-26 11:42 - 2011-03-17 03:52 - 00006674 _____ () C:\Windows\System32\perfc019.dat 2014-01-26 11:42 - 2011-02-18 21:02 - 00007706 _____ () C:\Windows\System32\perfh00D.dat 2014-01-26 11:42 - 2011-02-18 21:02 - 00006270 _____ () C:\Windows\System32\perfc00D.dat 2014-01-26 11:42 - 2011-02-18 20:56 - 00563416 _____ () C:\Windows\System32\perfh008.dat 2014-01-26 11:42 - 2011-02-18 20:56 - 00093422 _____ () C:\Windows\System32\perfc008.dat 2014-01-26 11:42 - 2011-02-18 20:51 - 00006414 _____ () C:\Windows\System32\prfh0404.dat 2014-01-26 11:42 - 2011-02-18 20:51 - 00006270 _____ () C:\Windows\System32\prfc0404.dat 2014-01-26 11:42 - 2011-02-18 20:45 - 00008680 _____ () C:\Windows\System32\prfh0816.dat 2014-01-26 11:42 - 2011-02-18 20:45 - 00006510 _____ () C:\Windows\System32\prfc0816.dat 2014-01-26 11:42 - 2011-02-18 20:40 - 00009070 _____ () C:\Windows\System32\perfh013.dat 2014-01-26 11:42 - 2011-02-18 20:40 - 00006648 _____ () C:\Windows\System32\perfc013.dat 2014-01-26 11:42 - 2011-02-18 20:35 - 00008758 _____ () C:\Windows\System32\perfh010.dat 2014-01-26 11:42 - 2011-02-18 20:35 - 00006430 _____ () C:\Windows\System32\perfc010.dat 2014-01-26 11:42 - 2011-02-18 20:29 - 00008890 _____ () C:\Windows\System32\perfh00C.dat 2014-01-26 11:42 - 2011-02-18 20:29 - 00006406 _____ () C:\Windows\System32\perfc00C.dat 2014-01-26 11:42 - 2011-02-18 20:24 - 00665812 _____ () C:\Windows\System32\perfh007.dat 2014-01-26 11:42 - 2011-02-18 20:24 - 00133992 _____ () C:\Windows\System32\perfc007.dat 2014-01-26 11:42 - 2011-02-18 20:19 - 00705100 _____ () C:\Windows\System32\perfh00A.dat 2014-01-26 11:42 - 2011-02-18 20:19 - 00141048 _____ () C:\Windows\System32\perfc00A.dat 2014-01-26 11:42 - 2009-07-13 21:13 - 03071028 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-01-26 11:40 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-26 11:40 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-19 13:19 - 2009-07-13 20:45 - 00276600 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-01-19 13:16 - 2013-11-26 02:30 - 00127066 _____ () C:\Windows\IE11_main.log 2014-01-19 13:09 - 2013-03-02 05:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-19 13:02 - 2011-04-12 18:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-19 12:19 - 2012-09-29 11:14 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2414324467-2871492347-4123017065-1001UA.job 2014-01-19 12:19 - 2012-09-29 11:14 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2414324467-2871492347-4123017065-1001Core.job 2014-01-19 07:07 - 2014-01-19 06:55 - 00002872 _____ () C:\Windows\System32\TmInstall.log 2014-01-19 06:57 - 2011-04-12 17:39 - 00168400 _____ () C:\Windows\PFRO.log 2014-01-19 06:55 - 2014-01-19 06:55 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log 2014-01-19 06:54 - 2011-04-12 18:51 - 00000000 ____D () C:\ProgramData\Trend Micro 2014-01-19 06:51 - 2014-01-19 06:45 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-01-18 12:49 - 2013-08-21 10:34 - 00000000 ____D () C:\Windows\System32\MRT 2014-01-18 12:49 - 2011-10-23 10:19 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-01-17 16:08 - 2013-05-31 16:06 - 00106496 ____R () C:\Users\canpolat\AppData\Roaming\skype.dat 2014-01-04 15:02 - 2011-07-13 21:20 - 00000087 _____ () C:\setup.log Files to move or delete: ==================== C:\Users\canpolat\AppData\Roaming\skype.dat C:\Users\canpolat\AppData\Roaming\skype.ini Some content of TEMP: ==================== C:\Users\canpolat\AppData\Local\Temp\devcon.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2011-12-05 12:31:40 Restore point made on: 2011-12-05 12:31:54 Restore point made on: 2011-12-05 12:31:56 Restore point made on: 2011-12-05 12:31:56 Restore point made on: 2011-12-05 12:32:21 Restore point made on: 2011-12-05 12:32:23 Restore point made on: 2011-12-05 12:32:24 Restore point made on: 2013-12-23 01:11:47 Restore point made on: 2013-12-23 03:37:44 Restore point made on: 2013-12-23 13:48:18 Restore point made on: 2013-12-24 05:35:13 Restore point made on: 2013-12-26 02:38:51 Restore point made on: 2013-12-26 06:24:53 Restore point made on: 2013-12-27 09:48:54 Restore point made on: 2013-12-28 15:09:20 Restore point made on: 2014-01-02 14:09:28 Restore point made on: 2014-01-03 13:35:19 Restore point made on: 2014-01-04 10:20:40 Restore point made on: 2014-01-04 12:15:39 Restore point made on: 2014-01-05 23:59:38 Restore point made on: 2014-01-06 01:19:39 Restore point made on: 2014-01-07 04:51:31 Restore point made on: 2014-01-09 11:58:52 Restore point made on: 2014-01-09 13:44:34 Restore point made on: 2014-01-16 11:50:54 Restore point made on: 2014-01-18 12:49:08 Restore point made on: 2014-01-18 14:31:22 Restore point made on: 2014-01-19 13:12:54 Restore point made on: 2014-01-31 10:19:42 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3691.66 MB Available physical RAM: 3116.46 MB Total Pagefile: 3689.81 MB Available Pagefile: 3098.01 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:31 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:144.77 GB) NTFS Drive g: (canp) (Removable) (Total:1.8 GB) (Free:1.76 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0CD9B3F5) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=128 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=145 GB) - (Type=OF Extended) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 920FBFA0) Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS) LastRegBack: 2012-06-08 03:35 ==================== End Of Log ============================ |
Themen zu Weisser Bildschirm Virus |
.dll, adobe, adobe flash player, association, beim starten, bildschirm, download, explorer, flash player, focus, home, hotkey, microsoft, pdf, realtek, registry, security, services.exe, starten, svchost.exe, system, temp, virus, wallpaper, windows, winlogon, winlogon.exe |