| |  Weißer Bildschirm steht drauf verbindung wird geladen
hallo
ich habe mir den bundestrojaner eingefangen und zwar wenn ich mich anmelden will kommt ein weißer bildschirm wo dan drauf steht verbindung wird hergestellt...
ich nutze windows 7 enterprise edition und wenn ich im abgesicherten modus starte ist auch kein unterschieht als wenn ich den computer normal starte.
ich habe keinen zugriff mehr.... Zitat:
OTL logfile created on: 6/22/2012 2:49:41 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Enterprise (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 3581 5371 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 3.11 Mb Free Space | 3.11% Space Free | Partition Type: NTFS
Drive D: | 42.37 Gb Total Space | 3.11 Gb Free Space | 7.35% Space Free | Partition Type: NTFS
Drive E: | 50.68 Gb Total Space | 2.84 Gb Free Space | 5.61% Space Free | Partition Type: NTFS
Drive X: | 3.72 Gb Total Space | 3.32 Gb Free Space | 89.24% Space Free | Partition Type: FAT
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (NWCWorkstation)
SRV - [2011/12/16 05:32:36 | 004,257,792 | ---- | M] (Native Instruments GmbH) [Auto] -- E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011/06/08 07:02:00 | 000,661,504 | ---- | M] (Nokia) [On_Demand] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/01/12 10:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand] -- E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 10:41:42 | 000,810,144 | ---- | M] (ESET) [Auto] -- E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/08/17 04:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled] -- E:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 13:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- E:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/07/29 17:54:10 | 000,204,800 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- E:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (RSUSBSTOR)
DRV - [2012/05/12 00:33:04 | 000,004,384 | ---- | M] () [Kernel | Auto] -- E:\Windows\System32\drivers\RawIPHlp.sys -- (rawip)
DRV - [2012/02/27 07:22:42 | 001,611,880 | ---- | M] (TamoSoft) [CommView] Atheros AR9271 Wireless Network Adapter Service [Kernel | On_Demand] -- E:\Windows\System32\drivers\ts_arnusb.sys -- (ts_arnusb)
DRV - [2011/05/18 04:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 04:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 04:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 04:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 04:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 04:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/12/21 09:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto] -- E:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 09:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System] -- E:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 07:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto] -- E:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/12/15 09:13:16 | 000,376,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/30 06:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 09:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/07 02:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/05/04 18:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- E:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/13 06:55:38 | 000,496,768 | ---- | M] (Tamosoft, Ltd.) [CommView] Atheros Wireless Network Adapter Service [Kernel | On_Demand] -- E:\Windows\System32\drivers\ar5211.sys -- (AR5211)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Morph82_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Morph82_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Morph82_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Morph82_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 DA 50 1D F8 39 CD 01 [binary data]
IE - HKU\Morph82_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: E:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 21:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/04/04 18:50:13 | 000,000,000 | ---D | M]
[2012/05/31 21:50:04 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/11/05 03:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 23:38:54 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/04 23:32:18 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:38:54 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/04 23:38:54 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/04 23:38:54 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/04 23:38:54 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/06/21 12:42:04 | 000,000,707 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [4HgDZeRaF0Pmllr] File not found
O4 - HKLM..\Run: [egui] E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [smwcore] File not found
O4 - HKLM..\Run: [yxcxpbpu] E:\Windows\System32\yxcxpbpu.exe ()
O4 - HKU\.DEFAULT..\Run: [tcpudp] File not found
O4 - HKU\.DEFAULT..\Run: [tnssb] E:\Windows\System32\config\systemprofile\AppData\Roaming\tonysba.exe ( )
O4 - HKU\.DEFAULT..\Run: [Windows Time] E:\ProgramData\ExweynObwerk.dll ()
O4 - HKU\.DEFAULT..\Run: [yxcxpbpu] E:\Windows\System32\config\systemprofile\yxcxpbpu.exe ()
O4 - HKU\Morph82_ON_E..\Run: [4HgDZeRaF0Pmllr] File not found
O4 - HKU\Morph82_ON_E..\Run: [NokiaPCInternetAccess] E:\Program Files\PC Internet Access\NPCIA.exe (Nokia)
O4 - HKU\Morph82_ON_E..\Run: [tcpudp] File not found
O4 - HKU\Morph82_ON_E..\Run: [yxcxpbpu] E:\Users\Morph82\yxcxpbpu.exe ()
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 37406 = C:\PROGRA~2\LOCALS~1\Temp\msuxykf.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: tcpudp = C:\Windows\system32\config\systemprofile\AppData\Roaming\5EB170.exe ()
O7 - HKU\Morph82_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Morph82_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Netscape = C:\Users\Morph82\AppData\Roaming\5EB170.exe
O7 - HKU\Morph82_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Morph82_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O20 - HKLM Winlogon: Shell - (C:\Users\Morph82\AppData\Roaming\guelleguell.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Users\Morph82\AppData\Roaming\guelleguell.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Morph82_ON_E Winlogon: Shell - (C:\Users\Morph82\AppData\Roaming\guelleguell.exe) - File not found
O20 - HKU\Morph82_ON_E Winlogon: UserInit - (C:\Users\Morph82\AppData\Roaming\guelleguell.exe) - File not found
O20 - Winlogon\Notify\msraxet: DllName - C:\Users\Morph82\AppData\Local\msraxet.dll - E:\Users\Morph82\AppData\Local\msraxet.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (ExweynObwerk.dll) - E:\Windows\System32\ExweynObwerk.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2012/06/21 18:02:17 | 000,000,000 | ---D | C] -- E:\UnHackMe
[2012/06/21 15:05:53 | 000,000,000 | -HSD | C] -- E:\found.001
[2012/06/21 12:02:06 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2012/06/20 21:45:42 | 000,000,000 | -HSD | C] -- E:\found.000
========== Files - Modified Within 14 Days ==========
[2012/06/21 16:12:17 | 000,683,152 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/06/21 16:12:17 | 000,138,912 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/06/21 16:12:17 | 000,012,650 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/06/21 16:12:17 | 000,012,074 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/06/21 16:08:05 | 000,065,536 | ---- | M] () -- E:\Windows\System32\Ikeext.etl
[2012/06/21 16:08:01 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/06/21 16:08:00 | 2816,864,256 | -HS- | M] () -- E:\hiberfil.sys
[2012/06/21 13:59:41 | 000,001,184 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 13:59:40 | 000,001,184 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 21:46:16 | 000,003,416 | ---- | M] () -- E:\bootsqm.dat
[2012/06/20 21:34:31 | 000,024,064 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\netbtugc.exe
[2012/06/20 21:33:52 | 000,050,176 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\auditpol.exe
[2012/06/20 21:32:58 | 000,064,512 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\hdwwiz.exe
[2012/06/20 21:32:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MuiUnattend.exe
[2012/06/20 21:32:16 | 000,144,896 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\iscsicli.exe
[2012/06/20 21:30:55 | 000,053,760 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\wermgr.exe
[2012/06/20 21:30:33 | 000,028,672 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dnscacheugc.exe
[2012/06/20 21:30:05 | 000,252,928 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\drvinst.exe
[2012/06/20 21:29:33 | 000,053,248 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\expand.exe
[2012/06/20 21:29:27 | 000,057,856 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\AxInstUI.exe
[2012/06/20 21:29:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\appidpolicyconverter.exe
[2012/06/20 21:29:22 | 000,016,896 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\appidcertstorecheck.exe
[2012/06/20 21:29:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\sdbinst.exe
[2012/06/13 13:06:39 | 000,000,334 | ---- | M] () -- E:\Windows\System32\ActionCenterCPL.exe
[2012/06/13 13:05:43 | 000,079,880 | -HS- | M] () -- E:\Windows\System32\augcajtw.dll
[2012/06/13 09:47:14 | 000,265,640 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/06/12 05:22:14 | 000,060,416 | ---- | M] () -- E:\Windows\System32\yxcxpbpu.exe
[2012/06/09 11:30:06 | 086,459,709 | ---- | M] () -- E:\Users\Morph82\Desktop\DieBilo @ Hardtechno must be hard (1).mp3
========== Files Created - No Company Name ==========
[2012/06/21 10:56:47 | 000,001,184 | -H-- | C] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 10:56:47 | 000,001,184 | -H-- | C] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 21:46:16 | 000,003,416 | ---- | C] () -- E:\bootsqm.dat
[2012/06/13 13:06:39 | 000,000,334 | ---- | C] () -- E:\Windows\System32\ActionCenterCPL.exe
[2012/06/13 13:06:05 | 000,079,880 | -HS- | C] () -- E:\Windows\System32\augcajtw.dll
[2012/06/12 05:14:06 | 086,459,709 | ---- | C] () -- E:\Users\Morph82\Desktop\DieBilo @ Hardtechno must be hard (1).mp3
[2012/05/31 22:02:08 | 000,009,494 | ---- | C] () -- E:\Windows\System32\adsmsext.exe
[2012/05/31 22:00:19 | 000,000,228 | ---- | C] () -- E:\Windows\System32\AERTACap.exe
[2012/05/31 21:58:46 | 000,132,608 | ---- | C] () -- E:\Windows\System32\actxprxy.exe
[2012/05/31 21:58:39 | 000,322,560 | ---- | C] () -- E:\Windows\System32\aepdu.exe
[2012/05/31 21:35:44 | 000,272,629 | ---- | C] () -- E:\Windows\System32\drivers\RTAIODAT.DAT
[2012/05/31 20:56:09 | 000,062,403 | ---- | C] () -- E:\Windows\System32\accessibilitycpl.exe
[2012/05/31 20:49:04 | 000,003,069 | ---- | C] () -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.exe
[2012/05/31 20:48:59 | 000,019,640 | ---- | C] () -- E:\ProgramData\qqwx2f5806.exe
[2012/05/31 20:46:00 | 000,024,552 | ---- | C] () -- E:\Windows\System32\adsldp.exe
[2012/05/31 20:45:36 | 000,019,648 | ---- | C] () -- E:\ProgramData\atw106almd.exe
[2012/05/31 20:42:16 | 000,001,023 | ---- | C] () -- E:\Windows\System32\acledit.exe
[2012/05/31 20:41:47 | 000,015,872 | ---- | C] () -- E:\Users\Morph82\AppData\Local\msraxet.dll
[2012/05/30 01:28:33 | 000,020,440 | ---- | C] () -- E:\ProgramData\utual6794z.exe
[2012/05/24 18:07:41 | 000,017,608 | ---- | C] () -- E:\ProgramData\a2ct4mctxy.exe
[2012/05/24 18:02:14 | 000,017,624 | ---- | C] () -- E:\ProgramData\j7vr4ozp16.exe
[2012/05/24 04:25:56 | 000,009,480 | ---- | C] () -- E:\Windows\System32\acproxy.exe
[2012/05/24 04:20:49 | 000,018,624 | ---- | C] () -- E:\ProgramData\zrmpa7hr45.exe
[2012/05/24 04:14:20 | 000,000,227 | ---- | C] () -- E:\Windows\System32\activeds.exe
[2012/05/11 09:55:25 | 000,013,824 | ---- | C] () -- E:\Windows\System32\ExweynObwerk.dll
[2012/05/07 01:12:53 | 000,033,166 | ---- | C] () -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.exe
[2012/05/07 01:11:19 | 000,017,624 | ---- | C] () -- E:\ProgramData\5cf2180pgz.exe
[2012/05/07 00:58:45 | 000,000,208 | ---- | C] () -- E:\Windows\System32\aclui.exe
[2012/05/07 00:56:45 | 000,322,560 | ---- | C] () -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.exe
[2012/05/06 16:20:52 | 000,004,384 | ---- | C] () -- E:\Windows\System32\drivers\RawIPHlp.sys
[2012/05/06 16:11:37 | 000,060,416 | ---- | C] () -- E:\Windows\System32\yxcxpbpu.exe
[2012/05/06 16:10:39 | 000,013,824 | ---- | C] () -- E:\ProgramData\ExweynObwerk.dll
[2012/04/06 19:07:47 | 000,000,000 | ---- | C] () -- E:\Windows\NDSTray.INI
[2012/04/06 18:52:23 | 000,073,728 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2012/04/06 09:36:33 | 000,197,654 | ---- | C] () -- E:\Windows\System32\atiicdxx.dat
[2012/04/05 01:00:41 | 006,184,960 | ---- | C] () -- E:\Windows\System32\RTS5121icon.dll
[2012/04/04 18:12:00 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2009/07/14 05:04:11 | 000,683,152 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 05:04:11 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 05:04:11 | 000,138,912 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 05:04:11 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,265,640 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:48 | 000,012,650 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,012,074 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,093,696 | ---- | C] () -- E:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
========== LOP Check ==========
[2012/06/07 04:40:04 | 000,000,000 | ---D | M] -- E:\ProgramData\Ableton
[2012/04/04 18:17:45 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2012/04/04 18:17:45 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2012/04/04 18:17:45 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/04/04 18:50:13 | 000,000,000 | ---D | M] -- E:\ProgramData\ESET
[2012/04/04 18:17:45 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2012/04/05 05:43:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Installations
[2012/05/06 16:11:42 | 000,000,000 | ---D | M] -- E:\ProgramData\Local Settings
[2012/06/05 23:09:19 | 000,000,000 | ---D | M] -- E:\ProgramData\Native Instruments
[2012/05/24 18:53:15 | 000,000,000 | ---D | M] -- E:\ProgramData\NokiaAccount
[2012/05/24 03:11:50 | 000,000,000 | ---D | M] -- E:\ProgramData\NokiaInstallerCache
[2012/04/05 05:47:35 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Suite
[2012/04/04 18:17:45 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2012/04/06 18:20:20 | 000,000,000 | ---D | M] -- E:\ProgramData\TamoSoft
[2012/04/06 18:59:31 | 000,000,000 | ---D | M] -- E:\ProgramData\Toshiba
[2012/04/04 18:17:45 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/06/05 23:11:07 | 000,000,000 | -H-D | M] -- E:\ProgramData\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB}
[2012/06/05 23:08:56 | 000,000,000 | -H-D | M] -- E:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
[2012/06/05 23:09:17 | 000,000,000 | -H-D | M] -- E:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}
[2009/07/14 00:53:46 | 000,014,740 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 12 bytes -> E:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
< End of report >
| Zitat:
OTL Extras logfile created on: 6/22/2012 2:49:42 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Enterprise (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 3581 5371 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 3.11 Mb Free Space | 3.11% Space Free | Partition Type: NTFS
Drive D: | 42.37 Gb Total Space | 3.11 Gb Free Space | 7.35% Space Free | Partition Type: NTFS
Drive E: | 50.68 Gb Total Space | 2.84 Gb Free Space | 5.61% Space Free | Partition Type: NTFS
Drive X: | 3.72 Gb Total Space | 3.32 Gb Free Space | 89.24% Space Free | Partition Type: FAT
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
Using ControlSet: ControlSet003
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Morph82\AppData\Local\Temp\0008d0e5.exe" = C:\Users\Morph82\AppData\Local\Temp\0008d0e5.exe:*:Enabled:0008d0e5
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4C9D864-C8BE-7E34-0071-BB0872956A11}" = ATI Catalyst Install Manager
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B46B3698-CA1D-2612-2C68-6889F0E2F201}" = Skins
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"Free Studio_is1" = Free Studio version 5.2.1
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"Live 8.2" = Live 8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Nero8Lite_is1" = Nero 8 Micro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
< End of report >
|
|
22.06.2012, 01:17
Linear-Darstellung
