Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   weißer Bildschirm unter Windows 7 Home Premium (https://www.trojaner-board.de/144419-weisser-bildschirm-windows-7-home-premium.html)

KarinST 11.11.2013 21:37
weißer Bildschirm unter Windows 7 Home Premium
 
Habe aufgrund der Einträge bereits die frst.exe laufen lassen und füge das logfile bei.

Wäre toll wenn mir jemand weiterhelfen könnte.

Danke

schrauber 11.11.2013 23:17
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

KarinST 12.11.2013 17:48
Anbei das kopierte Log, leider erscheinen keine Klammerausdrücke. Ich hoffe Sie können trotzdem damit etwas anfangen. Den White Screen hatte ich das 1. Mal am 09.11.2013
#
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by SYSTEM on MININT-L1I2KN1 on 11-11-2013 21:15:06
Running from H:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8391200 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [nmctxth] - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM\...\Run: [nmapp] - C:\Program Files\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BabylonToolbar] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe [286720 2010-11-07] (Babylon Ltd.)
HKLM\...\Run: [Babylon Client] - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [3270072 2011-01-25] (Babylon Ltd.)
HKLM\...\Run: [PMBVolumeWatcher] - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [1226288 2007-05-24] (Nero AG)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [FromDocToPDF Search Scope Monitor] - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [44784 2013-06-30] (MindSpark)
HKLM\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-06-30] (VER_COMPANY_NAME)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\RunOnce: [LangBar] - C:\Windows\System32\oobe\info\LangBar.vbs [ 2009-10-23] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [LangBar] - C:\Windows\System32\oobe\info\LangBar.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Karin\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2011-05-29] (Google Inc.)
HKU\Karin\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2007-05-29] (Nero AG)
HKU\Karin\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\Karin\...\Run: [4Sync] - C:\Program Files\4Sync\4Sync.exe [ 2013-01-21] ()
HKU\Karin\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)
HKU\Karin\...\Run: [Driver Mender] - C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe [ 2013-06-30] (PC Drivers Headquarters)
HKU\UpdatusUser\...\RunOnce: [LangBar] - C:\Windows\System32\oobe\info\LangBar.vbs [ 2009-10-23] ()
HKU\UpdatusUser\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 FromDocToPDF_65Service; C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-06-30] (COMPANYVERS_NAME)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.)
S2 RemoteKeySrv; C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe [303104 2010-01-08] (Wistron Corporation)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-10-15] ()
S2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [507704 2012-07-03] (Broadcom Corporation.)
S3 genport; C:\Program Files\RemoteKeySrv\GenPort.sys [4096 2005-12-08] (Wistron)
S3 hidkmdf; C:\Windows\system32\DRIVERS\hidkmdf.sys [10360 2009-10-29] (Windows (R) Win 7 DDK provider)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-10] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-10-10] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-07-23] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-07-23] (Kaspersky Lab ZAO)
S3 NW1950; C:\Windows\system32\DRIVERS\NW1950.sys [22392 2009-10-29] ()
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1558368 2009-12-22] (NXP Semiconductors Germany GmbH)
S2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [26672 2009-07-07] (Cisco Systems, Inc.)
S2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [27696 2009-07-07] (Cisco Systems, Inc.)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-07-23] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-11 21:14 - 2013-11-11 21:14 - 00000000 ____D C:\FRST
2013-11-09 16:26 - 2013-11-09 16:26 - 00003480 ____N C:\bootsqm.dat
2013-11-06 21:02 - 2013-11-06 21:02 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-06 21:00 - 2013-11-06 21:01 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-06 21:00 - 2013-11-06 21:01 - 00000000 ____D C:\Program Files\iTunes
2013-11-06 21:00 - 2013-11-06 21:00 - 00000000 ____D C:\Program Files\iPod
2013-11-06 20:55 - 2013-11-06 20:55 - 00001619 _____ C:\Users\Karin\Desktop\ACCICONS - Verknüpfung.lnk
2013-11-06 20:55 - 2013-11-06 20:55 - 00001588 _____ C:\Users\Karin\Desktop\EXCEL - Verknüpfung.lnk
2013-11-06 20:54 - 2013-11-06 20:54 - 00001608 _____ C:\Users\Karin\Desktop\WINWORD - Verknüpfung.lnk
2013-10-25 10:47 - 2013-10-25 10:47 - 00000000 ____D C:\ProgramData\Oracle
2013-10-25 10:46 - 2013-10-25 10:46 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-25 10:46 - 2013-10-25 10:46 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-25 10:46 - 2013-10-25 10:46 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-25 10:46 - 2013-10-25 10:46 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-25 10:46 - 2013-10-25 10:46 - 00000000 ____D C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

2013-11-11 21:14 - 2013-11-11 21:14 - 00000000 ____D C:\FRST
2013-11-11 20:54 - 2009-07-14 05:39 - 00031091 _____ C:\Windows\setupact.log
2013-11-11 20:53 - 2010-01-08 08:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-11 20:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-11-09 16:26 - 2013-11-09 16:26 - 00003480 ____N C:\bootsqm.dat
2013-11-09 15:43 - 2010-10-17 11:05 - 01554773 _____ C:\Windows\WindowsUpdate.log
2013-11-09 15:15 - 2011-02-19 13:58 - 00000000 ____D C:\ProgramData\Babylon
2013-11-09 14:25 - 2010-11-17 18:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-06 21:02 - 2013-11-06 21:02 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-06 21:01 - 2013-11-06 21:00 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-06 21:01 - 2013-11-06 21:00 - 00000000 ____D C:\Program Files\iTunes
2013-11-06 21:00 - 2013-11-06 21:00 - 00000000 ____D C:\Program Files\iPod
2013-11-06 21:00 - 2010-12-27 12:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-06 20:55 - 2013-11-06 20:55 - 00001619 _____ C:\Users\Karin\Desktop\ACCICONS - Verknüpfung.lnk
2013-11-06 20:55 - 2013-11-06 20:55 - 00001588 _____ C:\Users\Karin\Desktop\EXCEL - Verknüpfung.lnk
2013-11-06 20:54 - 2013-11-06 20:54 - 00001608 _____ C:\Users\Karin\Desktop\WINWORD - Verknüpfung.lnk
2013-11-06 20:50 - 2010-11-07 15:18 - 00000000 ____D C:\Users\Public\Documents\Geschäft
2013-11-06 18:23 - 2009-07-14 05:34 - 00009696 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 18:23 - 2009-07-14 05:34 - 00009696 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 18:17 - 2011-05-29 21:20 - 00000000 ____D C:\Users\Karin\AppData\Roaming\Skype
2013-11-06 18:14 - 2012-06-14 19:34 - 00000000 ____D C:\Users\Karin\AppData\Roaming\4Sync
2013-10-26 11:01 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-10-25 10:47 - 2013-10-25 10:47 - 00000000 ____D C:\ProgramData\Oracle
2013-10-25 10:46 - 2013-10-25 10:46 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-25 10:46 - 2013-10-25 10:46 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-25 10:46 - 2013-10-25 10:46 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-25 10:46 - 2013-10-25 10:46 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-25 10:46 - 2013-10-25 10:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-22 16:59 - 2010-10-17 11:05 - 00000000 ____D C:\users\Karin
2013-10-22 16:50 - 2011-04-07 18:28 - 00000000 ____D C:\Users\Karin\Documents\Sony PMB
2013-10-12 02:12 - 2010-01-08 11:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 02:02 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-12 02:02 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini

Some content of TEMP:
====================
C:\Users\Karin\AppData\Local\Temp\8.2.30.1-EasyShrx.Dll
C:\Users\Karin\AppData\Local\Temp\AMPing.exe
C:\Users\Karin\AppData\Local\Temp\AskSLib.dll
C:\Users\Karin\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Karin\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Karin\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih.exe
C:\Users\Karin\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih_1.exe
C:\Users\Karin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Karin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Karin\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Karin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Karin\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Karin\AppData\Local\Temp\pn7243.exe
C:\Users\Karin\AppData\Local\Temp\setup.exe
C:\Users\Karin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Karin\AppData\Local\Temp\uninstall.exe
C:\Users\Karin\AppData\Local\Temp\VistaLib32_1.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {default}
resumeobject            {232e96c8-0310-11df-9111-b3de1e961731}
displayorder            {default}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {current}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {232e96c8-0310-11df-9111-b3de1e961731}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\232e96ca-0310-11df-9111-b3de1e961731\Winre.wim,{232e96cb-0310-11df-9111-b3de1e961731}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\232e96ca-0310-11df-9111-b3de1e961731\Winre.wim,{232e96cb-0310-11df-9111-b3de1e961731}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {232e96c8-0310-11df-9111-b3de1e961731}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                    Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description            Windows Memory Diagnostic
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {232e96cb-0310-11df-9111-b3de1e961731}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\232e96ca-0310-11df-9111-b3de1e961731\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4094.11 MB
Available physical RAM: 3550.13 MB
Total Pagefile: 4092.39 MB
Available Pagefile: 3567.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.84 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:890.41 GB) (Free:804.46 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:22.26 GB) NTFS
Drive h: (USB DISK) (Fixed) (Total:0.06 GB) (Free:0.05 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 04176214)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 62 MB) (Disk ID: 18475EC4)
Partition 1: (Active) - (Size=61 MB) - (Type=06)


LastRegBack: 2013-11-07 02:50

==================== End Of Log ============================
--- --- ---

schrauber 13.11.2013 09:42
Hi,

wann genau erscheint der Bildschirm? Vor oder nach Useranmeldung? Wieviele User-Konten sind auf dem Rechner?

KarinST 13.11.2013 09:46
Guten Morgen
nach der Useranmeldung, es ist nur ein Account angelegt

schrauber 13.11.2013 16:00
Geht keiner der 3 abgesicherten Modi? Problem hier ist nicht Malware, sondern ein zerballertes Profil.

KarinST 14.11.2013 18:18
Hallo Schrauber
Habe den Rechner im abgesicherten Modus hochgefahren ging leider auch nicht, jetzt kommt die Meldung Fehler beim Anzeigen der Sicherheits und Herunterfahroptionen. Haben Sie noch eine Idee oder muss ich den Rechner neu aufsetzen?

schrauber 15.11.2013 12:03
Windows Scheibe zur Hand? Dann würd ich ein Upgrade machen, dann bleiben die Daten erhalten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131