| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm beim Systemstart (Windows Vista)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.03.2013, 21:05
| #1 |
 |  Weißer Bildschirm beim Systemstart (Windows Vista) Hallo, habe mir wohl einen Trojaner eingefangen, beim hochfahren sehe ich nur einen weissen Bildschirm, aber wie ich sehe ist das Problem schon bekannt... Kann mir jemand helfen mit der Logfileauswertung? Habe mir FRST.exe schon geladen und auch schon einen scan gemacht. Vielen Dank schonmal. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 9 days old) Ran by SYSTEM at 22-03-2013 18:05:40 Running from G:\ Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.) HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-09-23] (CyberLink Corp.) HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-10-06] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2007-12-24] (CyberLink Corp.) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [209153 2009-03-02] (Avira GmbH) HKLM\...\Run: [UIExec] "C:\Program Files\Mobile Partner Manager\UIExec.exe" [138584 2010-07-16] () HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard) HKLM\...\Run: [] [x] HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard) HKU\Volkhard unkel\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company) HKU\Volkhard unkel\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17418928 2012-07-13] (Skype Technologies S.A.) HKU\Volkhard unkel\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\Volkhard unkel\...\Run: [aighfrshdgf.exe] C:\aighfrshdgf\aighfrshdgf.exe [x] HKU\Volkhard unkel\...\Run: [Userinit] C:\Users\Volkhard unkel\AppData\Roaming\appconf32.exe [x] HKU\Volkhard unkel\...\Run: [Google Update] "C:\Users\Volkhard unkel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-19] (Google Inc.) HKU\Volkhard unkel\...\Policies\system: [DisableLockWorkstation] 0 HKU\Volkhard unkel\...\Policies\system: [DisableChangePassword] 0 HKU\Volkhard unkel\...\Winlogon: [Shell] explorer.exe,C:\Users\Volkhard unkel\AppData\Roaming\skype.dat [110592 2011-11-18] () HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe [115656 2009-03-11] (EasyBits Software AS) Startup: C:\ProgramData\Start Menu\Programs\Startup\HD Writer AE 1.0.lnk ShortcutTarget: HD Writer AE 1.0.lnk -> C:\Program Files\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Launcher.lnk ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () Startup: C:\Users\Volkhard unkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Volkhard unkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () ==================== Services (Whitelisted) =================== 2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358528 2012-12-06] () 2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [108289 2009-05-13] (Avira GmbH) 2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [185089 2009-07-21] (Avira GmbH) 2 bgsvcgen; "C:\Windows\System32\bgsvcgen.exe" [145504 2007-06-15] (B.H.A Corporation) 2 gupdate1c9a01d99ba789c; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-03-08] (Google Inc.) 2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] () 2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] () 2 UI Assistant Service; C:\Program Files\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] () 3 usnjsvc; "C:\Program Files\MSN Messenger\usnsvc.exe" [97136 2007-01-19] (Microsoft Corporation) 2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [330696 2010-11-18] () 2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x] ==================== Drivers (Whitelisted) ==================== 1 avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH) 2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [56816 2009-11-25] (Avira GmbH) 1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH) 2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [66472 2007-06-06] (AVM Berlin) 1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) 3 OA004Ufd; C:\Windows\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.) 3 OA004Vid; C:\Windows\System32\DRIVERS\OA004Vid.sys [269760 2008-07-17] (Creative Technology Ltd.) 1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH) 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== ==================== One Month Modified Files and Folders ======== 2013-03-22 18:05 - 2013-03-22 18:05 - 00000000 ____D C:\FRST 2013-03-22 18:01 - 2013-02-09 15:38 - 00000004 ____A C:\Users\Volkhard unkel\AppData\Roaming\skype.ini 2013-03-22 18:01 - 2009-02-02 05:50 - 01666274 ____A C:\Windows\WindowsUpdate.log 2013-03-22 18:01 - 2006-11-02 14:01 - 00032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-03-22 18:01 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-22 18:01 - 2006-11-02 13:52 - 00200657 ____A C:\Windows\setupact.log 2013-03-22 18:01 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-22 18:01 - 2006-11-02 13:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-22 17:55 - 2012-10-25 08:12 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-03-22 17:50 - 2009-08-23 11:49 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-03-22 17:11 - 2011-03-29 10:21 - 00001156 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578650116-1357214980-1314146305-1000UA.job 2013-03-22 17:01 - 2011-03-29 10:21 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578650116-1357214980-1314146305-1000Core.job 2013-03-20 04:00 - 2009-08-23 11:49 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-03-19 07:29 - 2010-09-30 09:32 - 00000000 ____D C:\Users\Volkhard unkel\AppData\Roaming\Skype 2013-03-19 07:29 - 2009-02-02 06:33 - 00000286 ____A C:\ProgramData\hpqp.ini 2013-03-19 07:29 - 2009-02-02 06:33 - 00000286 ____A C:\ProgramData\Application Data\hpqp.ini ZeroAccess: C:\$Recycle.Bin\S-1-5-21-578650116-1357214980-1314146305-1000\$ff24043d55f85ce9a20a8337d9b4b888 C:\$Recycle.Bin\S-1-5-21-578650116-1357214980-1314146305-1000\$ff24043d55f85ce9a20a8337d9b4b888\@ C:\$Recycle.Bin\S-1-5-21-578650116-1357214980-1314146305-1000\$ff24043d55f85ce9a20a8337d9b4b888\L C:\$Recycle.Bin\S-1-5-21-578650116-1357214980-1314146305-1000\$ff24043d55f85ce9a20a8337d9b4b888\n C:\$Recycle.Bin\S-1-5-21-578650116-1357214980-1314146305-1000\$ff24043d55f85ce9a20a8337d9b4b888\U ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 09:27] - [2012-08-21 12:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-29 21:55:02 Restore point made on: 2013-02-01 16:53:30 Restore point made on: 2013-02-02 04:02:47 Restore point made on: 2013-02-03 17:43:47 Restore point made on: 2013-02-04 09:40:11 Restore point made on: 2013-02-05 09:09:28 Restore point made on: 2013-02-07 16:03:35 Restore point made on: 2013-02-08 12:52:23 Restore point made on: 2013-02-09 09:55:25 Restore point made on: 2013-02-09 15:33:51 Restore point made on: 2013-03-19 09:43:20 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3002.45 MB Available physical RAM: 2475 MB Total Pagefile: 2720.2 MB Available Pagefile: 2544.95 MB Total Virtual: 2047.88 MB Available Virtual: 1966.1 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:222.35 GB) (Free:129.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)] 5 Drive g: () (Removable) (Total:14.91 GB) (Free:4.34 GB) NTFS 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Datentr ### Status Gr”áe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 233 GB 1024 KB 1 Kein Mediu 0 B 0 B 2 Online 15 GB 0 B ============================== MBR Partition Table ================== Last Boot: 2013-03-19 07:39 ==================== End Of Log ============================ |
| Themen zu Weißer Bildschirm beim Systemstart (Windows Vista) |
| .dll, adobe, adobe flash player, antivir, association, attention, autorun, avg, avira, bildschirm, defender, desktop, farbar, farbar recovery scan tool, flash player, frst.exe, google, home, launch, microsoft, problem, recycle.bin, registry, scan, services.exe, software, svchost.exe, system, trojaner, vista, weißer bildschirm beim systemstart, windows, winlogon.exe |
Baum-Darstellung