| |
| |||||||
Log-Analyse und Auswertung: Weisser Bildschirm Virus. OTL.txt analysierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.08.2012, 21:50
| #1 |
| |  Weisser Bildschirm Virus. OTL.txt analysieren Hallo Erstmal. Und vorneweg vielen Dank für Euer Board. Gestern habe ich mir den "Weisser Bildschirm" Virus eingefangen. Nichts ging mehr. Der weisse Bildschirm hat alles sofort wieder unterdrückt, was sich noch hat ausführen lassen. Auch den Taskmanager. Auch das Hochfahren im abgesicherten Modus brachte nichts. Antivir hat sich starten lassen und ein verstecktes Objekt gefunden, das aber nicht entfernen können. So am Ende war mein Rechner noch nie, wie gestern Abend. Und ich auch. Dann habe ich mit dem Rechner meiner Frau im Internet Euch gefunden. Habe alle Eure Anleitungen (Software runterladen, Bootfähige CD erstellen und damit booten und Reatogo ausführen) befolgt und hurra, das hat funktioniert. Nun ist hier das OTL.txt file. Ein Extras.txt hat das programm nicht angelegt. Und Gott-sei-Dank, oder besser Euch-sei-dank konnte ich meine Mails und Daten sichern. Bzw das Kopieren läuf gerade auf dem infizierten Rechner noch. Da ist ja ein Explorer auf der boot-cd mit drauf. Mit dem Kopiere bzw sichere ich gerade Dateien auf usb-Stick. Wärt Ihr bereit, mir dieses Reparatur Skript zu erstellen? Das ich dann in Reatogo laufen lassen kann? Da wäre ich Euch dankbar. Oder findet Ihr, ich soll besser nach dem Daten Sichern, lieber die Festplatte löschen und Vista, Office und alle anderen Programme neu installieren? Grüsse 11Nautilus Hier das file: OTL logfile created on: 8/9/2012 10:16:35 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.09 Gb Total Space | 93.95 Gb Free Space | 32.96% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - [2012/08/03 11:13:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/03 13:59:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/01 19:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/01 18:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/25 04:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2008/11/12 23:42:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/08/22 03:03:16 | 000,071,512 | ---- | M] (O2Micro International) [Auto] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash) SRV - [2008/04/15 12:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/10 19:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2012/04/27 04:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/24 18:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 15:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/08/27 13:45:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/08/22 03:03:40 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008/08/06 04:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/07/04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/06/17 23:19:54 | 000,147,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/06/11 21:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_ml65 IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_ml65 IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof2.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_ml65 IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_ml65 IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\m_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_ml65 IE - HKU\m_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\m_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\m_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKU\m_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\m_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof2.dll (Conduit Ltd.) IE - HKU\m_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\m_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:31698 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/03 13:59:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/22 08:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/31 03:59:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/17 05:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\Mozilla\Extensions [2010/02/17 05:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\r9o678po.default\extensions [2010/02/17 05:05:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\r9o678po.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/28 14:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010/01/11 18:05:49 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2012/07/03 13:59:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/22 10:32:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/22 10:32:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/22 10:32:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/22 10:32:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/22 10:32:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/22 10:32:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof2.dll (Conduit Ltd.) O3 - HKU\m_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\m_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof2.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\Gast_ON_C..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKU\Gast_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\m_ON_C..\Run: [|697730BA-B606-1C2F-3F34-4B7EE3A186F6}] C:\Users\m\AppData\Roaming\Xofei\ehzue.exe () O4 - HKU\m_ON_C..\Run: [DAEMON Tools Lite] File not found O4 - HKU\m_ON_C..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PRINTKEY2000.EXE - Verknüpfung.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\m_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\m_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\m_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\m_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\m_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\m_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\m_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O28 - HKLM ShellExecuteHooks: UPB:{FBF23B40-E3F0-101B-8488-00AA003E56F8} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/08/08 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Xofei [2012/08/08 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Gesia [2012/07/19 01:02:27 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\13001.027 [2012/07/18 15:27:17 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\UAs [2012/07/17 14:33:09 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\13001.026 [2012/07/15 10:15:59 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\13001.025 [2012/07/13 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\13001.024 [2012/07/12 15:33:32 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\13001.023 [2012/07/12 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\13001.022 [2012/07/12 11:23:54 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\xmldm [2012/07/12 11:23:51 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\kock [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\m\AppData\Roaming\*.tmp files -> C:\Users\m\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/09 15:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/09 15:05:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/09 14:58:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/09 14:58:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/09 14:58:23 | 3483,992,064 | -HS- | M] () -- C:\hiberfil.sys [2012/08/09 11:24:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/09 11:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/08 16:00:55 | 000,002,619 | ---- | M] () -- C:\Users\m\Desktop\2010 Microsoft PowerPoint.lnk [2012/08/08 15:59:48 | 000,002,579 | ---- | M] () -- C:\Users\m\Desktop\2010 Microsoft Excel.lnk [2012/08/08 15:59:31 | 000,002,577 | ---- | M] () -- C:\Users\m\Desktop\2010 Microsoft Word.lnk [2012/08/08 15:56:32 | 000,073,728 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2012/08/08 15:01:19 | 000,184,320 | ---- | M] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/08 14:58:43 | 000,000,680 | ---- | M] () -- C:\Users\m\AppData\Local\d3d9caps.dat [2012/08/03 11:15:29 | 009,336,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/08/03 11:15:28 | 028,053,032 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/08/03 11:15:28 | 008,513,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/08/03 11:15:25 | 009,318,018 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/08/03 11:13:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/08/03 11:13:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/08/02 16:47:21 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/07/31 20:03:14 | 000,000,155 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012/07/23 14:48:19 | 000,000,034 | ---- | M] () -- C:\Users\m\AppData\Roaming\blckdom.res [2012/07/15 16:44:45 | 000,000,914 | ---- | M] () -- C:\Windows\wiso.ini [2012/07/12 15:36:37 | 000,000,018 | ---- | M] () -- C:\Users\m\AppData\Roaming\urhtps.dat [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\m\AppData\Roaming\*.tmp files -> C:\Users\m\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/08 15:56:30 | 3483,992,064 | -HS- | C] () -- C:\hiberfil.sys [2012/07/12 15:36:37 | 000,000,018 | ---- | C] () -- C:\Users\m\AppData\Roaming\urhtps.dat [2012/07/12 11:24:08 | 000,000,034 | ---- | C] () -- C:\Users\m\AppData\Roaming\blckdom.res [2012/03/09 15:20:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/09/01 14:23:05 | 000,000,680 | ---- | C] () -- C:\Users\m\AppData\Local\d3d9caps.dat [2011/02/18 13:54:52 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2011/01/01 13:09:39 | 000,000,082 | ---- | C] () -- C:\Windows\MPLAYER.INI [2011/01/01 13:08:50 | 001,680,896 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll [2010/08/05 13:08:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010/08/05 12:40:32 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE [2010/03/24 15:06:51 | 000,000,914 | ---- | C] () -- C:\Windows\wiso.ini [2010/01/31 12:47:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010/01/31 12:47:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009/10/03 14:20:22 | 000,001,987 | ---- | C] () -- C:\Windows\disney.ini [2009/10/03 14:18:12 | 000,000,314 | ---- | C] () -- C:\Windows\SIERRA.INI [2009/10/03 14:17:21 | 000,000,052 | ---- | C] () -- C:\Windows\castle16.ini [2009/09/07 17:40:59 | 000,001,874 | ---- | C] () -- C:\Users\m\AppData\Roaming\SAS7_000.DAT [2009/07/17 13:20:48 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Roaming\wklnhst.dat [2009/04/27 13:05:23 | 000,000,155 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/04/25 03:48:11 | 001,486,848 | ---- | C] () -- C:\Windows\System32\MGXRDR32.DLL [2009/04/25 03:48:11 | 000,122,880 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL [2009/04/25 03:48:10 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2009/04/25 03:48:10 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2009/04/25 03:46:28 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FVDS70.DLL [2009/04/25 03:46:10 | 000,172,544 | ---- | C] () -- C:\Windows\Mgxclean.exe [2009/04/25 03:46:10 | 000,082,944 | ---- | C] () -- C:\Windows\System32\Ppiv20.dll [2009/04/22 15:53:04 | 000,184,320 | ---- | C] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/19 14:08:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009/04/19 06:42:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/04/19 06:29:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/04/19 06:23:47 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009/04/19 06:23:36 | 000,008,156 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2008/11/13 07:10:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/11/13 07:09:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/11/13 07:09:48 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/11/13 07:09:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/11/13 07:09:48 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008/11/12 23:39:44 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008/11/12 23:28:04 | 000,000,144 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008/11/12 22:54:55 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008/11/12 22:54:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/01/21 03:15:58 | 028,053,032 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 03:15:58 | 009,318,018 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007/11/26 16:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,620,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 009,336,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 008,513,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002/11/02 11:48:58 | 000,540,672 | ---- | C] () -- C:\Windows\_UnInst.exe ========== LOP Check ========== [2011/09/03 11:46:45 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\.minecraft [2012/07/12 11:24:19 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\13001.022 [2012/07/12 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\13001.023 [2012/07/13 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\13001.024 [2012/07/15 10:15:59 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\13001.025 [2012/07/17 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\13001.026 [2012/07/19 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\13001.027 [2009/11/22 10:01:08 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Activision [2010/10/22 15:39:46 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Buhl Data Service [2010/08/27 13:50:33 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\DAEMON Tools Lite [2012/07/18 16:33:13 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Desktopicon [2010/12/04 07:54:03 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\FileZilla [2011/10/05 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\GARMIN [2012/08/08 14:41:03 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Gesia [2012/07/12 11:23:51 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\kock [2009/09/07 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Nuance [2011/04/28 10:14:09 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Papyrus Autor [2009/07/17 13:20:52 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Template [2010/02/01 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Thunderbird [2012/07/18 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\UAs [2009/11/22 09:56:29 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Ubisoft [2012/07/23 14:52:07 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\xmldm [2012/08/08 10:45:49 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Xofei [2012/04/13 01:50:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH [2010/08/27 13:44:29 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2010/01/31 12:47:07 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF [2011/02/02 14:09:07 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN [2009/09/07 15:56:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Nuance [2009/09/07 15:57:25 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft [2011/10/16 15:06:31 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2009/11/22 09:56:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft [2012/08/08 15:37:06 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:F35A93AD @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F64C164 < End of report > |
| Themen zu Weisser Bildschirm Virus. OTL.txt analysieren |
| antivir, avira, bereit, bho, bildschirm, boot-cd, booten, browser, conduit, desktop, document, entfernen, error, erste schritte, festplatte, firefox, flash player, google earth, helper, home, logfile, mozilla, msvcrt, packard bell, plug-in, programm, realtek, registry, reparatur, scan, senden, software, starten, virus, vista, weisser bildschirm |
Baum-Darstellung