Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Weißer Bildschirm(BKA?), Datenrettung (https://www.trojaner-board.de/142128-weisser-bildschirm-bka-datenrettung.html)

wolle420 26.09.2013 11:13
Weißer Bildschirm(BKA?), Datenrettung
 
Hallo,


beim Start (Windows 7) bekomme ich einen weißen Bildschirm. Anscheinend stellt das den BKA Virus dar. Habe abgesicherten Modus versucht, fährt direkt wieder herunter. Taskmanager nicht möglich und Systemwiederherstellung auch nicht.
Mit der OTLPE Anleitung habe ich den Log erstellt, allerdings war keine Extra.txt dabei.
Ich benötige unbedingt die Daten auf dem Computer, jedoch würde ich danach sowieso eine Neuaufsetzung machen.

Im Anhang das logfile.
Vielen Danke im Voraus. Wolle420

schrauber 26.09.2013 11:28
HI,

Logs bitte immer in den Thread posten, zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

wolle420 26.09.2013 14:00
OTL Logfile:
Code:
OTL logfile created on: 9/26/2013 12:54:56 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive H: | 465.66 Gb Total Space | 389.07 Gb Free Space | 83.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (ACDaemon)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/16 05:07:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- H:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- H:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled] -- H:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/04/28 07:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Disabled] -- H:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Disabled] -- H:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Disabled] -- H:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/04 11:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Disabled] -- H:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Disabled] -- H:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (gdrv)
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LVUVC.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/08/01 07:23:23 | 000,143,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto] -- H:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/04/28 07:57:47 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto] -- H:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/04/28 07:57:21 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto] -- H:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 07:57:20 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System] -- H:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 07:57:20 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto] -- H:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/11/18 04:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc.                          ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/10/29 18:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/09/17 00:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2004/02/04 04:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- H:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=kno&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\User_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\User_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\User_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\User_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 81 ED 5E 89 2D CB 01  [binary data]
IE - HKU\User_ON_H\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - H:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\User_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\System32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2010/07/19 05:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 14:13:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/12 11:56:58 | 000,000,000 | ---D | M]
 
[2010/12/28 08:55:57 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions
[2010/12/28 08:55:57 | 000,000,000 | ---D | M] (Skype extension) -- H:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/01 11:49:24 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/16 23:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/22 20:48:56 | 000,001,392 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/07/22 20:48:56 | 000,002,344 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/15 12:30:31 | 000,002,046 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010/07/22 20:48:56 | 000,006,805 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/22 20:48:56 | 000,001,178 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/07/22 20:48:56 | 000,001,105 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - H:\Program Files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - H:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - H:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - H:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [CanonMyPrinter] H:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] H:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [facemoods] H:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LWS] H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] H:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Message Center 2]  File not found
O4 - HKLM..\Run: [Panda Security URL Filtering] H:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] H:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] H:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\User_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\User_ON_H Winlogon: Shell - (C:\Users\User\AppData\Roaming\data.dat) - H:\Users\User\AppData\Roaming\data.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/15 03:49:00 | 000,000,000 | ---D | C] -- H:\Users\User\Desktop\kochen
[2013/09/12 07:14:00 | 002,706,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb
[2013/09/12 07:14:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/09/12 07:13:59 | 002,876,928 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/09/12 07:13:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/09/12 07:13:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll
[2013/09/12 07:13:59 | 000,039,424 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll
[2013/09/12 07:13:58 | 000,493,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/09/12 07:13:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll
[2013/09/12 07:13:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/12 07:13:58 | 000,042,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe
[2013/09/12 07:13:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll
[2013/09/12 07:00:49 | 000,133,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\ataport.sys
[2013/09/12 07:00:48 | 002,348,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\win32k.sys
[2013/09/12 07:00:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\conhost.exe
[2013/09/12 07:00:46 | 000,169,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winsrv.dll
[2013/09/12 07:00:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 07:00:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 07:00:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 07:00:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 07:00:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 07:00:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 07:00:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 07:00:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 07:00:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 07:00:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2010/08/25 13:59:08 | 000,004,096 | ---- | C] ( ) -- H:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/26 05:40:18 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/09/26 04:53:38 | 2714,361,856 | -HS- | M] () -- H:\hiberfil.sys
[2013/09/26 04:46:22 | 000,000,004 | ---- | M] () -- H:\Users\User\AppData\Roaming\settings.ini
[2013/09/26 04:44:50 | 000,015,632 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/26 04:44:50 | 000,015,632 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:01:50 | 000,654,150 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/09/21 10:01:50 | 000,616,032 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/09/21 10:01:50 | 000,130,022 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/09/21 10:01:50 | 000,106,412 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/09/12 09:34:36 | 000,371,272 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/09/20 13:39:01 | 000,000,004 | ---- | C] () -- H:\Users\User\AppData\Roaming\settings.ini
[2013/08/15 06:23:40 | 000,054,272 | ---- | C] () -- H:\Users\User\AppData\Roaming\data.dat
[2013/06/01 13:21:01 | 000,000,017 | ---- | C] () -- H:\Users\User\AppData\Local\resmon.resmoncfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- H:\Windows\System32\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- H:\Windows\System32\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- H:\Windows\System32\LogiDPPApp.exe
[2012/01/12 05:46:45 | 000,064,512 | ---- | C] () -- H:\Users\User\AppData\Roaming\skype.dat
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- H:\Windows\System32\lvcoinst.ini
[2011/08/12 07:20:14 | 000,015,896 | ---- | C] () -- H:\Windows\System32\drivers\iKeyLFT2.dll
[2011/06/23 06:19:06 | 000,252,928 | ---- | C] () -- H:\Windows\System32\DShowRdpFilter.dll
[2010/12/28 08:57:35 | 000,000,056 | -H-- | C] () -- H:\ProgramData\ezsidmv.dat
[2010/12/28 07:27:02 | 000,000,268 | RH-- | C] () -- H:\ProgramData\Grand Piano
[2010/12/28 07:27:02 | 000,000,268 | RH-- | C] () -- H:\ProgramData\Generic
[2010/12/28 07:27:02 | 000,000,268 | RH-- | C] () -- H:\ProgramData\Gems
[2010/12/28 07:27:02 | 000,000,012 | RH-- | C] () -- H:\ProgramData\Hybrid Basic
[2010/12/28 07:27:02 | 000,000,012 | RH-- | C] () -- H:\ProgramData\Horn Section
[2010/12/28 07:27:02 | 000,000,012 | RH-- | C] () -- H:\ProgramData\Home
[2010/12/28 07:19:55 | 000,000,000 | ---- | C] () -- H:\ProgramData\Funk Animals
[2010/12/28 07:19:52 | 000,000,000 | ---- | C] () -- H:\ProgramData\Frameworks
[2010/12/28 07:19:52 | 000,000,000 | ---- | C] () -- H:\ProgramData\File Templates
[2010/12/27 14:13:18 | 000,000,268 | RH-- | C] () -- H:\Users\User\AppData\Roaming\Galactic Static
[2010/12/27 14:13:18 | 000,000,268 | RH-- | C] () -- H:\Users\User\AppData\Roaming\Funk Animals
[2010/12/27 14:13:18 | 000,000,268 | RH-- | C] () -- H:\Users\User\AppData\Roaming\Fruit
[2010/12/27 14:13:18 | 000,000,020 | -H-- | C] () -- H:\ProgramData\PKP_DLev.DAT
[2010/12/27 14:13:18 | 000,000,020 | -H-- | C] () -- H:\ProgramData\PKP_DLet.DAT
[2010/12/27 14:13:18 | 000,000,020 | -H-- | C] () -- H:\ProgramData\PKP_DLes.DAT
[2010/08/25 14:30:02 | 000,127,868 | ---- | C] () -- H:\Windows\System32\igcompkrng575.bin
[2010/08/25 14:30:00 | 000,104,796 | ---- | C] () -- H:\Windows\System32\igfcg575m.bin
[2010/07/19 05:49:44 | 000,073,728 | ---- | C] () -- H:\Windows\System32\RtNicProp32.dll
[2010/07/19 05:46:23 | 000,000,010 | ---- | C] () -- H:\Windows\GSetup.ini
[2010/07/19 05:09:46 | 000,000,264 | ---- | C] () -- H:\Windows\System32\PSUNCpl.dat
[2010/04/21 12:08:14 | 000,870,560 | ---- | C] () -- H:\Windows\System32\igkrng575.bin
[2010/04/21 11:29:46 | 000,000,151 | ---- | C] () -- H:\Windows\System32\GfxUI.exe.config
[2010/04/21 11:22:50 | 000,208,896 | ---- | C] () -- H:\Windows\System32\iglhsip32.dll
[2010/04/21 11:22:50 | 000,143,360 | ---- | C] () -- H:\Windows\System32\iglhcp32.dll
[2009/08/27 03:04:14 | 000,207,400 | R--- | C] () -- H:\Windows\GSetup.exe
[2009/07/14 04:47:43 | 000,654,150 | ---- | C] () -- H:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- H:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,022 | ---- | C] () -- H:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- H:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,371,272 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,032 | ---- | C] () -- H:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- H:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,412 | ---- | C] () -- H:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- H:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- H:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- H:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- H:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2013/01/12 10:37:19 | 000,000,000 | ---D | M] -- H:\ProgramData\4699B557E74ACE2E000046996EC2D288
[2010/07/19 04:42:02 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2010/12/28 08:29:32 | 000,000,000 | ---D | M] -- H:\ProgramData\Canneverbe Limited
[2010/07/27 08:42:52 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonBJ
[2012/08/02 17:24:51 | 000,000,000 | ---D | M] -- H:\ProgramData\CanonIJ
[2010/07/27 08:46:59 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJMyPrinter
[2013/09/09 10:55:35 | 000,000,000 | ---D | M] -- H:\ProgramData\CanonIJPLM
[2010/07/27 09:55:33 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJScan
[2010/07/27 08:47:02 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJSolutionMenu
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2010/07/19 04:42:02 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2010/12/27 14:13:18 | 000,000,000 | ---D | M] -- H:\ProgramData\EnterNHelp
[2010/07/19 04:42:02 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2010/12/28 06:59:05 | 000,000,000 | ---D | M] -- H:\ProgramData\Nikon
[2010/07/19 05:09:40 | 000,000,000 | ---D | M] -- H:\ProgramData\Panda Security
[2013/09/20 18:03:08 | 000,000,000 | ---D | M] -- H:\ProgramData\Panda Security URL Filtering
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2010/07/19 04:42:02 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2010/12/27 14:13:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Ultima_T15
[2010/07/19 04:42:02 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2013/08/07 13:04:31 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

[/CODE]

Kann ich sonst noch was hinzufügen oder reicht das für eine Analyse?

schrauber 26.09.2013 19:51

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
O20 - HKU\User_ON_H Winlogon: Shell - (C:\Users\User\AppData\Roaming\data.dat) - H:\Users\User\AppData\Roaming\data.dat ()
:files
C:\Users\User\AppData\Roaming\data.dat
C:\Users\User\AppData\Roaming\data.ini
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Rechner normal starten :)

wolle420 27.09.2013 18:02
Danke!! Die Datensicherung hat geklappt.

Jetzt will ich gerade Windows installieren, es bleibt aber bei "Dienste werden geladen" hängen? Und dort steht immer dass der Computer unerwartet heruntergefahren wurde. Stimmt aber nicht. Bei jedem Neustart und Installationsversuch passiert das wieder..

schrauber 28.09.2013 12:20
Hast Du sauber formatiert vorher?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131