| |
| |||||||
Log-Analyse und Auswertung: Nach Virusentfernung immer noch weißer gesperrter Bildschirm beim Windows LoginWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.02.2013, 09:27
| #1 | ||
| |  Nach Virusentfernung immer noch weißer gesperrter Bildschirm beim Windows Login Hallo, ich benötige Hilfe bei der Entfernung eines Bildschirm-Sperre-Virus, der eine Meldung einer GVU anzeigte und eine Zahlung forderte. Das System wurde mit der Kaspersky Rescue Disk bereinigt und danach noch mit Malwarebytes gescannt. Beide fanden zahlreiche Viren und entfernten sie. Nach dieser Entfernung habe ich jedoch das Problem, dass nach der Bereinigung beim Login des Benutzers nach einigen Sekunden noch immer der Bildschirm gesperrt wird. Es werden zwar keine Texte mehr ausgegeben, aber der Bildschirm wird immer noch gesperrt. Im abgesicherten Modus kann ich auch nicht starten, weil der Rechner einfach nach dem abgeschlossenen Start sofort wieder herunterfährt. Kann jemand Hilfestellung geben, was ich als nächstes tun kann? Malware-Bytes und OTLpe wurden von einem anderen System ausgeführt und die HD wurde extern angeschlossen, da Malwarebytes und OTLpe sich auf dem Zielsystem nicht starten ließen. Das LW J:, das OTLpe aufführt, ist das vom Hostcomputer, nicht die Festplatte des verseuchten Rechners. Kaspersky Log Zitat:
Malwarebytes Log Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/1/2013 8:31:49 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = J: | %SystemRoot% = J:\Windows | %ProgramFiles% = J:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 195.25 Gb Free Space | 83.84% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive J: | 55.80 Gb Total Space | 9.26 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive K: | 448.70 Gb Total Space | 299.55 Gb Free Space | 66.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled] -- J:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 06:51:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- J:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- J:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/10 09:11:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled] -- J:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/02 04:06:23 | 003,246,040 | ---- | M] (Acronis) [Disabled] -- J:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/06/11 04:33:26 | 000,724,376 | ---- | M] (Nokia) [Disabled] -- J:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/12/11 12:18:12 | 001,064,584 | ---- | M] (Acronis) [Disabled] -- J:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Disabled] -- K:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- J:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 20:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [Disabled] -- K:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- J:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/02 04:06:23 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand] -- J:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/08/02 04:06:22 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot] -- J:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2012/08/02 04:06:21 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot] -- J:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/08/02 04:06:20 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot] -- J:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/06/11 04:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand] -- J:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- J:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- J:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- J:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\KARL_ON_K\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEF&bmod=SVEF
IE - HKU\KARL_ON_K\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKU\KARL_ON_K\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found
IE - HKU\KARL_ON_K\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\KARL_ON_K\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - Reg Error: Key error. File not found
IE - HKU\KARL_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: J:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: J:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: J:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: File not found
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/03 04:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
[2012/12/10 09:11:14 | 000,000,000 | ---D | M] (No name found) -- J:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/23 04:46:56 | 000,000,000 | ---D | M] (No name found) -- J:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/01/23 04:46:59 | 000,000,000 | ---D | M] (Default) -- J:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/10 09:11:17 | 000,262,112 | ---- | M] (Mozilla Foundation) -- J:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/27 11:51:02 | 000,001,392 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/27 11:51:02 | 000,002,465 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/27 11:51:02 | 000,001,153 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/27 11:51:02 | 000,006,805 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/27 11:51:02 | 000,001,178 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/27 11:51:02 | 000,001,105 | ---- | M] () -- J:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - J:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - File not found
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O3 - HKU\KARL_ON_K\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\KARL_ON_K\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\KARL_ON_K\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - File not found
O4 - HKLM..\Run: [VAIO Boot Manager] File not found
O4 - HKU\LocalService_ON_K..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_K..\Run: [Sidebar] J:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\KARL_ON_K..\RunOnce: [osk.exe] J:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_K..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_K..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - File not found
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - J:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\KARL_ON_K Winlogon: Shell - (explorer.exe) - J:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\KARL_ON_K Winlogon: Shell - (C:\Users\KARL\AppData\Roaming\skype.dat) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - File not found
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{dd10f8fe-6d16-11e0-b00d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd10f8fe-6d16-11e0-b00d-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\html\index.html
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/18 09:37:16 | 000,000,000 | ---D | C] -- J:\ProgramData\bibwin
[2013/01/18 09:36:50 | 000,000,000 | ---D | C] -- J:\ProgramData\ginkgo
[2013/01/14 07:20:33 | 000,000,000 | ---D | C] -- J:\freenas
[2013/01/10 04:36:45 | 000,000,000 | -H-D | C] -- J:\$WINDOWS.~BT
[2013/01/10 04:29:40 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/10 04:29:10 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\Google
[2013/01/09 09:56:44 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\Common Files\DESIGNER
[2013/01/09 09:52:56 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/09 09:48:41 | 000,000,000 | ---D | C] -- J:\Windows\PCHEALTH
[2013/01/09 03:18:47 | 000,750,592 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\win32spl.dll
[2013/01/09 03:18:47 | 000,492,032 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\win32spl.dll
[2013/01/09 03:18:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\ncrypt.dll
[2013/01/09 03:18:47 | 000,220,160 | ---- | C] (Microsoft Corporation) -- J:\Windows\SysWow64\ncrypt.dll
[2013/01/09 03:18:43 | 000,068,608 | ---- | C] (Microsoft Corporation) -- J:\Windows\System32\taskhost.exe
[2013/01/08 03:56:50 | 000,000,000 | ---D | C] -- J:\Windows\System32\appmgmt
[2013/01/08 03:45:04 | 000,000,000 | ---D | C] -- J:\ProgramData\Malwarebytes
[2013/01/07 03:31:12 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\Microsoft Office
[2013/01/04 04:32:06 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\PantsOff
[2013/01/04 04:32:06 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\PantsOff
[2013/01/03 10:43:56 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
[2013/01/03 10:43:56 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\HDD Health
[2013/01/03 04:08:55 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/03 04:08:43 | 000,000,000 | ---D | C] -- J:\Program Files\iPod
[2013/01/03 04:08:42 | 000,000,000 | ---D | C] -- J:\Program Files\iTunes
[2013/01/03 04:08:42 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\iTunes
[2013/01/03 04:08:42 | 000,000,000 | ---D | C] -- J:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/03 04:06:08 | 000,000,000 | ---D | C] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/03 04:06:03 | 000,000,000 | ---D | C] -- J:\Program Files (x86)\QuickTime
[2012/06/04 09:30:16 | 001,224,704 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczserv.dll
[2012/06/04 09:30:16 | 000,991,232 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczusb1.dll
[2012/06/04 09:30:16 | 000,696,320 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczhbn3.dll
[2012/06/04 09:30:16 | 000,684,032 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczcomc.dll
[2012/06/04 09:30:16 | 000,643,072 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczpmui.dll
[2012/06/04 09:30:16 | 000,585,728 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczlmpm.dll
[2012/06/04 09:30:16 | 000,537,520 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczcoms.exe
[2012/06/04 09:30:16 | 000,421,888 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczcomm.dll
[2012/06/04 09:30:16 | 000,413,696 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczinpa.dll
[2012/06/04 09:30:16 | 000,397,312 | ---- | C] ( ) -- J:\Windows\SysWow64\lxcziesc.dll
[2012/06/04 09:30:16 | 000,385,968 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczih.exe
[2012/06/04 09:30:16 | 000,381,872 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczcfg.exe
[2012/06/04 09:30:16 | 000,181,168 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczppls.exe
[2012/06/04 09:30:16 | 000,163,840 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczprox.dll
[2012/06/04 09:30:16 | 000,094,208 | ---- | C] ( ) -- J:\Windows\SysWow64\lxczpplc.dll
========== Files - Modified Within 30 Days ==========
[2013/01/31 09:19:16 | 000,067,584 | --S- | M] () -- J:\Windows\bootstat.dat
[2013/01/31 09:19:14 | 000,012,384 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 09:19:14 | 000,012,384 | -H-- | M] () -- J:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 08:51:00 | 000,000,884 | ---- | M] () -- J:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/31 08:39:00 | 000,001,116 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/31 04:42:35 | 000,660,162 | ---- | M] () -- J:\Windows\System32\perfh007.dat
[2013/01/31 04:42:35 | 000,621,448 | ---- | M] () -- J:\Windows\System32\perfh009.dat
[2013/01/31 04:42:35 | 000,132,078 | ---- | M] () -- J:\Windows\System32\perfc007.dat
[2013/01/31 04:42:35 | 000,108,294 | ---- | M] () -- J:\Windows\System32\perfc009.dat
[2013/01/31 04:39:00 | 000,001,112 | ---- | M] () -- J:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/31 04:36:24 | 1610,260,480 | -HS- | M] () -- J:\hiberfil.sys
[2013/01/29 06:44:17 | 000,002,183 | ---- | M] () -- J:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/15 02:41:21 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/10 04:36:38 | 000,001,890 | ---- | M] () -- J:\Windows\diagwrn.xml
[2013/01/10 04:36:38 | 000,001,890 | ---- | M] () -- J:\Windows\diagerr.xml
[2013/01/10 04:29:43 | 000,001,658 | ---- | M] () -- J:\Users\Public\Desktop\Recuva.lnk
[2013/01/10 04:01:50 | 000,002,441 | ---- | M] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/10 03:59:40 | 000,325,328 | ---- | M] () -- J:\Windows\System32\FNTCACHE.DAT
[2013/01/09 10:36:19 | 001,534,178 | ---- | M] () -- J:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 09:57:03 | 000,000,400 | ---- | M] () -- J:\Windows\ODBC.INI
[2013/01/09 09:56:49 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/09 06:51:08 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- J:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 06:51:08 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- J:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 03:57:40 | 000,000,000 | R--D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/08 03:48:08 | 000,001,113 | ---- | M] () -- J:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/08 03:48:08 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/04 04:32:06 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\PantsOff
[2013/01/03 10:43:56 | 000,001,048 | ---- | M] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013/01/03 10:43:56 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
[2013/01/03 07:30:17 | 000,001,953 | ---- | M] () -- J:\Users\Public\Desktop\CDBurnerXP.lnk
[2013/01/03 07:30:17 | 000,001,903 | ---- | M] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013/01/03 04:09:36 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/01/03 04:08:55 | 000,001,783 | ---- | M] () -- J:\Users\Public\Desktop\iTunes.lnk
[2013/01/03 04:08:55 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/03 04:06:08 | 000,001,845 | ---- | M] () -- J:\Users\Public\Desktop\QuickTime Player.lnk
[2013/01/03 04:06:08 | 000,000,000 | ---D | M] -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
========== Files Created - No Company Name ==========
[2013/01/10 04:29:43 | 000,001,658 | ---- | C] () -- J:\Users\Public\Desktop\Recuva.lnk
[2013/01/10 04:29:40 | 000,002,183 | ---- | C] () -- J:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/10 04:29:12 | 000,001,116 | ---- | C] () -- J:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 04:29:12 | 000,001,112 | ---- | C] () -- J:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/08 03:48:08 | 000,001,113 | ---- | C] () -- J:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/03 10:43:56 | 000,001,048 | ---- | C] () -- J:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013/01/03 04:08:55 | 000,001,783 | ---- | C] () -- J:\Users\Public\Desktop\iTunes.lnk
[2013/01/03 04:06:08 | 000,001,845 | ---- | C] () -- J:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/12 04:52:56 | 001,534,178 | ---- | C] () -- J:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/11 06:06:02 | 000,061,440 | ---- | C] () -- J:\Windows\SysWow64\ZDTRLib.DLL
[2012/10/11 06:06:02 | 000,049,152 | ---- | C] () -- J:\Windows\SysWow64\ZD12APP.dll
[2012/10/11 06:06:02 | 000,040,960 | ---- | C] () -- J:\Windows\SysWow64\PassAPP.dll
[2012/10/11 06:06:02 | 000,028,672 | ---- | C] () -- J:\Windows\SysWow64\INSAPP.dll
[2012/10/11 06:06:02 | 000,024,576 | ---- | C] () -- J:\Windows\SysWow64\ZyDelReg.exe
[2012/10/11 06:06:02 | 000,024,576 | ---- | C] () -- J:\Windows\SysWow64\InsDrvZD.dll
[2012/07/31 04:28:07 | 000,484,352 | ---- | C] () -- J:\Windows\SysWow64\lame_enc.dll
[2012/06/26 08:22:31 | 000,000,161 | ---- | C] () -- J:\Windows\DISPARAM.INI
[2012/06/04 09:37:28 | 000,000,116 | ---- | C] () -- J:\Windows\Lexstat.ini
[2012/06/04 09:30:16 | 000,413,696 | ---- | C] () -- J:\Windows\SysWow64\lxczutil.dll
[2012/06/04 09:30:16 | 000,274,432 | ---- | C] () -- J:\Windows\SysWow64\LXCZinst.dll
[2012/05/04 04:58:06 | 000,000,400 | ---- | C] () -- J:\Windows\ODBC.INI
[2012/04/18 09:41:48 | 000,252,928 | ---- | C] () -- J:\Windows\SysWow64\DShowRdpFilter.dll
[2012/04/16 11:31:39 | 000,000,000 | ---- | C] () -- J:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- J:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- J:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- J:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- J:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- J:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- J:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- J:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- J:\Windows\SysWow64\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- J:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2013/01/03 04:08:55 | 000,000,000 | ---D | M] -- J:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/08/27 07:45:25 | 000,000,000 | ---D | M] -- J:\ProgramData\Acronis
[2012/04/16 11:35:53 | 000,000,000 | -HSD | M] -- J:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Application Data
[2013/01/18 09:37:31 | 000,000,000 | ---D | M] -- J:\ProgramData\bibwin
[2012/12/19 02:09:30 | 000,000,000 | ---D | M] -- J:\ProgramData\Canneverbe Limited
[2012/07/31 09:17:33 | 000,000,000 | -H-D | M] -- J:\ProgramData\CanonBJ
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Documents
[2012/04/16 11:35:53 | 000,000,000 | -HSD | M] -- J:\ProgramData\Dokumente
[2012/05/02 03:04:24 | 000,000,000 | ---D | M] -- J:\ProgramData\EPSON
[2012/04/16 11:35:53 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Favorites
[2012/06/21 05:23:33 | 000,000,000 | ---D | M] -- J:\ProgramData\FileOpen
[2013/01/18 09:36:50 | 000,000,000 | ---D | M] -- J:\ProgramData\ginkgo
[2012/05/04 04:59:40 | 000,000,000 | ---D | M] -- J:\ProgramData\HotSync
[2012/08/30 02:06:28 | 000,000,000 | ---D | M] -- J:\ProgramData\Installations
[2012/06/21 05:23:19 | 000,000,000 | ---D | M] -- J:\ProgramData\Nitro PDF
[2012/12/06 08:30:14 | 000,000,000 | ---D | M] -- J:\ProgramData\OPHG
[2012/08/30 02:07:26 | 000,000,000 | ---D | M] -- J:\ProgramData\PC Suite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Start Menu
[2012/04/16 11:35:53 | 000,000,000 | -HSD | M] -- J:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- J:\ProgramData\Templates
[2012/04/16 11:35:53 | 000,000,000 | -HSD | M] -- J:\ProgramData\Vorlagen
[2012/09/07 01:44:37 | 000,032,632 | ---- | M] () -- J:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 192 bytes -> J:\Windows:nlsPreferences
< End of report >
Geändert von Nexave (01.02.2013 um 09:30 Uhr) Grund: Kdname entfernt |
| Themen zu Nach Virusentfernung immer noch weißer gesperrter Bildschirm beim Windows Login |
| autorun, bho, bildschirm, computer, error, festplatte, firefox, flash player, helper, heur, home, internet, kaspersky, mozilla, plug-in, problem, registry, security, sekunden, senden, software, starten, system, viren, windows, zahlung |
Baum-Darstellung