| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: weißer Bildschrim (windows 7)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.01.2013, 21:08
| #1 |
| |  weißer Bildschrim (windows 7) Hallo Trojaner-Board-Team, habe auf Laptop (windows 7 update, zuvor Vista) weißen Bildschirm, über abgesicherten Modus und Systemwiederherstellung keinen Erfolg. Brauche jetzt diesen Laptop und Daten und ich habe mehr Zeit. Vorfall zuerst am 19.11.12 Im Trojaner-Board bin ich danach Treat von Hilfesucher Zecke69 20.11.12, 19:08 und schrauber 21.11.12, 11:38 gefolgt bis zur Erstellung eines Scan result of Farber Recovery Scan Tool (FRST) Hier das Ergebnis, freue mich über weiteres geführt werden durch den Fall - Vielen Dank! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012 Ran by SYSTEM at 26-11-2012 22:27:42 Running from G:\ Windows 7 Home Premium (X86) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [618496 2010-06-07] () HKLM\...\Run: [BOL Master] D:\Setup.exe [x] HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.) HKU\NN\...\Run: [{0CA94FFF-F49D-4289-FBF4-72B1DB15B23D}] C:\Users\NN\AppData\Roaming\Ypvo\bina.exe [x] HKU\NN\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [958392 2012-06-08] (Samsung) HKU\NN\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] () HKU\NN\...\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\NN\...\Run: [Mycaxyutl] C:\Users\NN\AppData\Roaming\Deuwh\ehqi.exe [192000 2011-06-24] () HKU\NN\...\Run: [IExplorer Util] C:\Users\NN\AppData\Roaming\ie_util.exe [77312 2012-11-13] (Oxygen Software) HKU\NN\...\Winlogon: [Shell] explorer.exe,C:\Users\NN\AppData\Roaming\msconfig.dat [71015 2011-11-17] () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{1F549C86-3F63-461E-9623-B07633EACEDA}: [NameServer]193.189.244.225 193.189.244.206 Tcpip\..\Interfaces\{D612207A-7312-4142-9DC1-9DD56BC0F888}: [NameServer]193.189.244.206 193.189.244.225 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk ShortcutTarget: Device Detector 3.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.) Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) =================== 2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [110592 2007-09-06] (Apple, Inc.) 2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2007-12-25] (TOSHIBA CORPORATION) 2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-03-31] (DATA BECKER GmbH & Co KG) 2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () 2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [1253376 2009-08-27] (MAGIX AG) 3 FirebirdServerMAGIXInstance; "C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®) 3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-11-06] (NOS Microsystems Ltd.) 3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-14] (Mozilla Foundation) 2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) 3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [x] 3 TermService; C:\Windows\System32\termsrv.dll [x] 2 Themes; C:\Windows\System32\themeservice.dll [x] 2 TosCoSrv; "c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [x] 2 TOSHIBA SMART Log Service; "c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [x] ==================== Drivers (Whitelisted) ==================== 2 acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) 2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [59520 2001-10-23] (AVM Berlin) 3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation ) 3 ssadserd; C:\Windows\System32\DRIVERS\ssadserd.sys [114280 2011-12-08] () 3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) 3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x] 3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-11-26 22:27 - 2012-11-26 22:27 - 00000000 ____D C:\FRST 2012-11-19 00:58 - 2012-11-26 22:04 - 00000047 ____A C:\Users\NN\AppData\Roaming\msconfig.ini 2012-11-19 00:58 - 2012-11-19 00:58 - 00071015 ____A C:\Users\NN\ms.exe 2012-11-17 12:15 - 2012-06-02 15:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-17 12:14 - 2012-07-26 04:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-17 12:14 - 2012-07-26 04:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-17 12:14 - 2012-07-26 03:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-16 12:49 - 2012-10-18 18:57 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-16 12:49 - 2012-09-25 22:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-14 18:55 - 2012-11-14 18:55 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-11-14 18:55 - 2012-11-14 18:55 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-11-13 11:21 - 2012-11-13 11:21 - 00077312 ____A (Oxygen Software) C:\Users\NN\AppData\Roaming\ie_util.exe 2012-11-03 22:33 - 2012-11-03 22:41 - 00000000 ____D C:\Program Files\FotoSketcher 2012-11-03 22:33 - 2012-11-03 22:33 - 00000982 ____A C:\Users\Public\Desktop\FotoSketcher.lnk 2012-11-03 22:31 - 2012-11-03 22:31 - 11904660 ____A (David THOIRON ) C:\Users\NN\Downloads\FotoSketcher235setup.exe ==================== One Month Modified Files and Folders ======== 2012-11-26 22:05 - 2012-10-16 20:59 - 00131072 ____A C:\Windows\System32\Ikeext.etl 2012-11-26 22:04 - 2012-11-19 00:58 - 00000047 ____A C:\Users\NN\AppData\Roaming\msconfig.ini 2012-11-26 22:04 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-26 22:04 - 2009-07-14 05:39 - 00462390 ____A C:\Windows\setupact.log 2012-11-26 22:01 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing 2012-11-26 21:51 - 2009-11-02 22:13 - 02020636 ____A C:\Windows\WindowsUpdate.log 2012-11-26 21:51 - 2009-11-02 21:55 - 00009504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-26 21:51 - 2009-11-02 21:55 - 00009504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-26 21:50 - 2009-11-02 22:27 - 00803296 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-26 21:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles 2012-11-26 21:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE 2012-11-19 22:27 - 2010-10-11 13:36 - 00000000 ____D C:\Users\NN\AppData\Roaming\TrusteerHelp 2012-11-19 01:04 - 2012-10-16 20:58 - 00000000 ____D C:\Users\NN\AppData\Roaming\Bepiv 2012-11-19 00:58 - 2012-11-19 00:58 - 00071015 ____A C:\Users\NN\ms.exe 2012-11-19 00:58 - 2009-11-02 21:56 - 00000000 ____D C:\users\NN 2012-11-18 12:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2012-11-18 09:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2012-11-17 23:51 - 2009-11-02 22:24 - 00163448 ____A C:\Users\NN\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-17 23:44 - 2009-07-14 05:33 - 00506256 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-17 23:42 - 2009-07-14 09:47 - 00000000 ____D C:\Windows\System32\Drivers\de-DE 2012-11-17 12:16 - 2010-01-05 11:36 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-15 22:05 - 2009-09-11 12:11 - 00000050 ____A C:\Windows\system32KYGA.dat 2012-11-14 18:55 - 2012-11-14 18:55 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-11-14 18:55 - 2012-11-14 18:55 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-11-14 18:54 - 2008-03-31 09:30 - 00000000 ____D C:\Users\All Users\Adobe 2012-11-13 11:21 - 2012-11-13 11:21 - 00077312 ____A (Oxygen Software) C:\Users\NN\AppData\Roaming\ie_util.exe 2012-11-12 12:44 - 2012-01-10 18:10 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2012-11-05 09:45 - 2012-07-30 10:46 - 00000000 ____D C:\Users\NN\Desktop\BÜRO 2012-11-03 22:41 - 2012-11-03 22:33 - 00000000 ____D C:\Program Files\FotoSketcher 2012-11-03 22:33 - 2012-11-03 22:33 - 00000982 ____A C:\Users\Public\Desktop\FotoSketcher.lnk 2012-11-03 22:31 - 2012-11-03 22:31 - 11904660 ____A (David THOIRON ) C:\Users\NN\Downloads\FotoSketcher235setup.exe 2012-11-03 21:57 - 2012-07-25 22:51 - 00054156 ___AH C:\Windows\QTFont.qfn 2012-11-01 00:55 - 2010-02-27 12:52 - 00002177 ____A C:\Program Files\ImConfig.ini 2012-11-01 00:45 - 2010-02-27 13:56 - 00000659 ____A C:\Program Files\ImError.log 2012-10-31 09:56 - 2011-09-13 23:13 - 00000000 ____D C:\Users\NN\Desktop\Ausstellung PeterH 2011 2012-10-31 09:55 - 2011-08-17 23:56 - 00000000 ____D C:\Users\NN\Desktop\JW 2012-10-31 09:52 - 2012-01-05 16:19 - 00000000 ____D C:\Users\NN\Desktop\Finanz 2012-10-28 13:04 - 2009-07-14 05:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-15 12:21:30 Restore point made on: 2012-11-16 22:38:20 Restore point made on: 2012-11-17 01:55:00 Restore point made on: 2012-11-17 12:14:47 Restore point made on: 2012-11-18 02:00:31 Restore point made on: 2012-11-18 19:41:37 Restore point made on: 2012-11-26 21:49:06 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 2037.97 MB Available physical RAM: 1657.07 MB Total Pagefile: 2037.97 MB Available Pagefile: 1657.18 MB Total Virtual: 2047.88 MB Available Virtual: 1949.95 MB ==================== Partitions ============================= 1 Drive c: (Vista) (Fixed) (Total:74.37 GB) (Free:28.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Data) (Fixed) (Total:73.21 GB) (Free:21.22 GB) NTFS 3 Drive e: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.15 GB) NTFS 5 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 149 GB 0 B Datentr„ger 1 Online 7648 MB 0 B Partitions of Disk 0: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Wiederherstellun 1500 MB 1024 KB Partition 2 Prim„r 74 GB 1501 MB Partition 3 Prim„r 73 GB 75 GB ========================================================= Disk: 0 Partition 1 Typ : 27 Versteckt: Ja Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E WinRE NTFS Partition 1500 MB Fehlerfre Versteck ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C Vista NTFS Partition 74 GB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Data NTFS Partition 73 GB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Data NTFS Partition 73 GB Fehlerfre ========================================================= Partitions of Disk 1: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 7646 MB 1096 KB ========================================================= Disk: 1 Partition 1 Typ : 0B Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Wechselmed 7646 MB Fehlerfre ========================================================= Disk: 1 Partition 1 Typ : 0B Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Wechselmed 7646 MB Fehlerfre ========================================================= Last Boot: 2012-11-15 11:05 ==================== End Of Log ============================ |
| Themen zu weißer Bildschrim (windows 7) |
| adobe, association, becker, bildschirm, boot, check, desktop, dvd, explorer.exe, farbar, farbar recovery scan tool, home, ics, laptop, microsoft, olympus, realtek, registry, scan, services.exe, software, svchost.exe, system32, systemwiederherstellung, update, usb, vista, windows, winlogon, winlogon.exe |
Baum-Darstellung