Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Weisser bildschirm bei win 7

Weisser bildschirm bei win 7


Log-Analyse und Auswertung: Weisser bildschirm bei win 7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.03.2013, 16:22   #1
vfl1848
 
Weisser bildschirm bei win 7 - Standard

Weisser bildschirm bei win 7


Hallo.

Der Bildschirm ist nach Start bei Windows 7 weiss.
Ich habe mit REATOGO gebootet und OTLPE gestartet.
Anbei der OTL.TXT

Bitte um eure Mithilfe danke!

OTL logfile created on: 3/18/2013 6:12:19 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.82 Mb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive D: | 97.56 Gb Total Space | 63.80 Gb Free Space | 65.39% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 200.12 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2013/03/13 05:47:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 04:59:12 | 002,569,168 | ---- | M] () [Auto] -- D:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/10/05 11:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand] -- D:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/06/19 12:58:58 | 002,139,648 | ---- | M] (AGFEO ) [Auto] -- D:\Program Files\AGFEO\Tk-Suite\tkserver\tksock.exe -- (tksock)
SRV - [2012/04/25 13:00:23 | 000,327,392 | ---- | M] () [Auto] -- D:\Program Files\XSManager\WTGService.exe -- (WTGService)
SRV - [2011/11/08 06:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- D:\Program Files\StarMoney 7.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011/06/29 02:37:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 02:12:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/30 09:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto] -- D:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/24 06:21:28 | 000,111,536 | ---- | M] (CSR, plc) [Auto] -- D:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009/11/01 11:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/01 11:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/27 12:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto] -- D:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/10/09 04:25:40 | 000,062,760 | ---- | M] () [Auto] -- D:\Program Files\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService)
SRV - [2000/06/19 10:25:06 | 000,061,952 | ---- | M] () [On_Demand] -- D:\SQLLIB\bin\db2jds.exe -- (DB2JDS)
SRV - [2000/06/19 10:24:04 | 000,005,632 | ---- | M] () [On_Demand] -- D:\SQLLIB\bin\db2sec.exe -- (DB2NTSECSERVER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] -- -- (RSUSBSTOR)
DRV - [2012/07/16 09:29:39 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2011/06/29 02:37:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 02:37:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/28 04:42:40 | 000,047,856 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jmcam.sys -- (JmUsbVideo)
DRV - [2009/12/28 04:23:36 | 000,024,048 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV - [2009/11/26 23:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/11/09 11:58:30 | 000,070,272 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto] -- D:\Windows\System32\drivers\AGFWMP.sys -- (agfwmp)
DRV - [2009/11/06 06:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/01 11:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/16 04:48:18 | 000,268,416 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto] -- D:\Windows\System32\drivers\AGFUCAPI.sys -- (agfucapi)
DRV - [2006/11/01 13:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/11/01 13:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DBK1_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


















































IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=4612_5&babsrc=HP_ss&mntrId=fa0de76d0000000000000023268d66b1
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4612_5&babsrc=HP_ss&mntrId=fa0de76d0000000000000023268d66b1
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 56 DF 02 8C 1B CC 01 [binary data]
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 47 39 86 98 60 CB 01 [binary data]
IE - HKU\DBR5_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0









FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@sweetsmileys.com: C:\Program Files\SweetSmileys\ff\info@sweetsmileys.com.xpi [2012/11/15 10:46:00 | 000,066,143 | ---- | M] ()

[2012/11/16 11:16:41 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SweetSmileys) - {36326AF0-1132-41A0-B770-1C9A01AB2B6F} - D:\Program Files\SweetSmileys\ie\sweetsmileys_ie.dll (R&E Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - D:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConMgr] D:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4 - HKLM..\Run: [CSRSkype] D:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4 - HKLM..\Run: [FDM7] D:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FreePDF Assistant] D:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IndicatorUtility] D:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] D:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] D:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] D:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [PSUTility] D:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [starter4g] D:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKU\DBK1_ON_D..\Run: [BrowserChoice] D:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\DBK11_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK13_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK15_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK17_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK19_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK21_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK23_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK25_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK27_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK29_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK3_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK5_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK7_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK9_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR1_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR10_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR11_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR12_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR13_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR14_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR15_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR16_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR17_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR18_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR19_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR2_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR20_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR21_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR22_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR23_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR24_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR25_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR26_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR27_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR28_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR29_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR3_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR30_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR31_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR32_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR33_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR34_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR35_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR36_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR37_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR38_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR39_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR4_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR40_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR6_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR7_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR8_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR9_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBRX_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DBK1_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DBR5.PROKAS2_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DBR5_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.44.140.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prokas2.sued.pk2
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261125~1.80\{16cdf~1\browse~1.dll) - D:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\DBR5.PROKAS2_ON_D Winlogon: Shell - (C:\Users\DBR5.PROKAS2\AppData\Roaming\ldr.mcb) - D:\Users\DBR5.PROKAS2\AppData\Roaming\ldr.mcb ()
O20 - HKU\DBR5.PROKAS2_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 08:06:22 | 000,000,000 | ---D | C] -- D:\ProgramData\xhn
[2013/03/18 08:04:16 | 000,000,000 | ---D | C] -- D:\Users\DBK11
[2013/03/18 08:04:15 | 000,000,000 | ---D | C] -- D:\Users\DBK15
[2013/03/18 08:04:15 | 000,000,000 | ---D | C] -- D:\Users\DBK13
[2013/03/18 08:04:14 | 000,000,000 | ---D | C] -- D:\Users\DBK17
[2013/03/18 08:04:13 | 000,000,000 | ---D | C] -- D:\Users\DBK19
[2013/03/18 08:04:12 | 000,000,000 | ---D | C] -- D:\Users\DBK21
[2013/03/18 08:04:11 | 000,000,000 | ---D | C] -- D:\Users\DBK23
[2013/03/18 08:04:10 | 000,000,000 | ---D | C] -- D:\Users\DBK25
[2013/03/18 08:04:09 | 000,000,000 | ---D | C] -- D:\Users\DBK27
[2013/03/18 08:04:08 | 000,000,000 | ---D | C] -- D:\Users\DBK29
[2013/03/18 08:04:07 | 000,000,000 | ---D | C] -- D:\Users\DBK3
[2013/03/18 08:04:06 | 000,000,000 | ---D | C] -- D:\Users\DBK5
[2013/03/18 08:04:05 | 000,000,000 | ---D | C] -- D:\Users\DBK7
[2013/03/18 08:04:04 | 000,000,000 | ---D | C] -- D:\Users\DBK9
[2013/03/18 08:04:00 | 000,000,000 | ---D | C] -- D:\Users\DBR1
[2013/03/18 08:03:59 | 000,000,000 | ---D | C] -- D:\Users\DBR10
[2013/03/18 08:03:58 | 000,000,000 | ---D | C] -- D:\Users\DBR11
[2013/03/18 08:03:57 | 000,000,000 | ---D | C] -- D:\Users\DBR12
[2013/03/18 08:03:56 | 000,000,000 | ---D | C] -- D:\Users\DBR13
[2013/03/18 08:03:55 | 000,000,000 | ---D | C] -- D:\Users\DBR14
[2013/03/18 08:03:54 | 000,000,000 | ---D | C] -- D:\Users\DBR16
[2013/03/18 08:03:54 | 000,000,000 | ---D | C] -- D:\Users\DBR15
[2013/03/18 08:03:52 | 000,000,000 | ---D | C] -- D:\Users\DBR18
[2013/03/18 08:03:52 | 000,000,000 | ---D | C] -- D:\Users\DBR17
[2013/03/18 08:03:51 | 000,000,000 | ---D | C] -- D:\Users\DBR19
[2013/03/18 08:03:50 | 000,000,000 | ---D | C] -- D:\Users\DBR2
[2013/03/18 08:03:49 | 000,000,000 | ---D | C] -- D:\Users\DBR20
[2013/03/18 08:03:48 | 000,000,000 | ---D | C] -- D:\Users\DBR21
[2013/03/18 08:03:47 | 000,000,000 | ---D | C] -- D:\Users\DBR22
[2013/03/18 08:03:46 | 000,000,000 | ---D | C] -- D:\Users\DBR23
[2013/03/18 08:03:45 | 000,000,000 | ---D | C] -- D:\Users\DBR24
[2013/03/18 08:03:44 | 000,000,000 | ---D | C] -- D:\Users\DBR25
[2013/03/18 08:03:43 | 000,000,000 | ---D | C] -- D:\Users\DBR26
[2013/03/18 08:03:42 | 000,000,000 | ---D | C] -- D:\Users\DBR27
[2013/03/18 08:03:41 | 000,000,000 | ---D | C] -- D:\Users\DBR28
[2013/03/18 08:03:40 | 000,000,000 | ---D | C] -- D:\Users\DBR29
[2013/03/18 08:03:39 | 000,000,000 | ---D | C] -- D:\Users\DBR3
[2013/03/18 08:03:38 | 000,000,000 | ---D | C] -- D:\Users\DBR30
[2013/03/18 08:03:37 | 000,000,000 | ---D | C] -- D:\Users\DBR31
[2013/03/18 08:03:36 | 000,000,000 | ---D | C] -- D:\Users\DBR32
[2013/03/18 08:03:35 | 000,000,000 | ---D | C] -- D:\Users\DBR34
[2013/03/18 08:03:35 | 000,000,000 | ---D | C] -- D:\Users\DBR33
[2013/03/18 08:03:34 | 000,000,000 | ---D | C] -- D:\Users\DBR35
[2013/03/18 08:03:33 | 000,000,000 | ---D | C] -- D:\Users\DBR36
[2013/03/18 08:03:32 | 000,000,000 | ---D | C] -- D:\Users\DBR37
[2013/03/18 08:03:31 | 000,000,000 | ---D | C] -- D:\Users\DBR38
[2013/03/18 08:03:30 | 000,000,000 | ---D | C] -- D:\Users\DBR39
[2013/03/18 08:03:29 | 000,000,000 | ---D | C] -- D:\Users\DBR4
[2013/03/18 08:03:28 | 000,000,000 | ---D | C] -- D:\Users\DBR6
[2013/03/18 08:03:28 | 000,000,000 | ---D | C] -- D:\Users\DBR40
[2013/03/18 08:03:27 | 000,000,000 | ---D | C] -- D:\Users\DBR7
[2013/03/18 08:03:26 | 000,000,000 | ---D | C] -- D:\Users\DBR8
[2013/03/18 08:03:25 | 000,000,000 | ---D | C] -- D:\Users\DBR9
[2013/03/18 08:03:22 | 000,000,000 | ---D | C] -- D:\Users\DBRX
[2013/03/18 07:35:08 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{875A6F16-2DA1-4DEF-B5BE-0AA2C31FCB38}
[2013/03/13 07:10:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2013/03/13 07:10:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/03/13 07:10:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/03/13 07:10:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/03/13 07:10:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/03/13 07:10:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2013/03/13 07:10:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/03/13 07:10:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/03/13 07:10:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/03/13 07:10:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/03/12 07:29:05 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{79271927-E122-4E58-B944-73D341928F0D}
[2013/03/11 07:36:50 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{17378ADC-027A-4D86-A002-239D2F6FAB9B}
[2013/03/05 07:34:23 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{8A98377B-C433-43E1-AA0C-07B706BAE8A6}
[2013/03/04 07:32:36 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{7018DC34-67CF-476B-9595-6D42B0D102A6}
[2013/02/27 07:16:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIAnimation.dll
[2013/02/27 07:16:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMPhoto.dll
[2013/02/27 07:16:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2013/02/27 07:16:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 07:16:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 07:16:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 07:16:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msmpeg2vdec.dll
[2013/02/27 07:16:42 | 001,988,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2013/02/27 07:16:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d11.dll
[2013/02/27 07:16:42 | 001,080,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10.dll
[2013/02/27 07:16:42 | 000,604,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10level9.dll
[2013/02/27 07:16:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxgi.dll
[2013/02/27 07:16:42 | 000,249,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2013/02/27 07:16:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10core.dll
[2013/02/27 07:16:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2013/02/27 07:16:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 07:16:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 07:16:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 07:16:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 07:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 07:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 07:16:41 | 003,419,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2013/02/27 07:16:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2013/02/27 07:16:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2013/02/27 07:16:41 | 000,207,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecsExt.dll
[2013/02/26 07:43:50 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{6C322972-9E53-4B1B-9DB6-75B29253DE57}
[2013/02/25 07:50:07 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{78FB7529-8B69-4F0A-BF9D-521E56F5DEA1}
[2009/12/18 04:49:50 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll
[36 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 08:47:16 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/03/18 08:35:02 | 2356,584,448 | -HS- | M] () -- D:\hiberfil.sys
[2013/03/18 08:15:21 | 000,014,032 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 08:15:21 | 000,014,032 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 08:09:00 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 08:08:06 | 000,001,090 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/18 07:47:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/18 05:13:23 | 000,000,031 | ---- | M] () -- D:\DLGGLOB.DAT
[2013/03/18 03:43:05 | 008,568,723 | ---- | M] () -- D:\dru.dat
[2013/03/13 07:11:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 05:47:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 05:47:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/13 04:10:34 | 000,002,129 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/11 09:21:18 | 000,003,928 | ---- | M] () -- D:\result.xml
[2013/03/05 11:59:13 | 000,101,487 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\umsatzerklaerung_pdf.pdf
[2013/03/05 10:32:54 | 000,088,298 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101675-77208-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:42 | 000,088,216 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101669-77209-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:34 | 000,088,223 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-3238529-77210-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:25 | 000,091,291 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-R-Elacare_Schulung-ELAC.pdf
[2013/03/05 10:32:01 | 000,088,308 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-G-Monatsabrechnung-ELAC.pdf
[2013/03/04 12:22:27 | 001,754,323 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2012_07_Ueberweiser_ElacElysee_Selbstausdruck.pdf
[2013/03/04 11:53:44 | 000,702,279 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Steigerwald 110911.PDF
[2013/03/04 11:53:44 | 000,645,821 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Trommsdorff 123801.PDF
[2013/03/04 11:53:43 | 000,558,667 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\aPOGEPHA.pdf
[2013/03/04 11:53:43 | 000,510,812 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Bestellformular121414.PDF
[2013/03/04 11:53:43 | 000,454,545 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Angebote 121357.PDF
[2013/03/04 11:50:51 | 000,620,561 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Allergan.PDF
[2013/03/04 11:50:51 | 000,052,308 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Überweiser-Bestellung März 2013.pdf
[2013/03/04 11:50:48 | 000,741,999 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\1A - 143715.PDF
[2013/03/04 11:50:48 | 000,634,513 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 1 - 171630.PDF
[2013/03/04 11:50:48 | 000,506,020 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 2 - 171613.PDF
[2013/02/26 10:38:35 | 000,654,166 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/02/26 10:38:35 | 000,616,008 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/02/26 10:38:35 | 000,130,006 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/02/26 10:38:35 | 000,106,388 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/02/25 08:28:50 | 000,142,936 | ---- | M] () -- D:\YLAS0003.PDF
[2013/02/18 06:44:44 | 000,005,635 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Sauerland_AXA.rtf
[36 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/05 11:59:13 | 000,101,487 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\umsatzerklaerung_pdf.pdf
[2013/03/05 10:32:54 | 000,088,298 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101675-77208-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:42 | 000,088,216 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101669-77209-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:34 | 000,088,223 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-3238529-77210-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:25 | 000,091,291 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-R-Elacare_Schulung-ELAC.pdf
[2013/03/05 10:32:01 | 000,088,308 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-G-Monatsabrechnung-ELAC.pdf
[2013/03/04 12:22:27 | 001,754,323 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2012_07_Ueberweiser_ElacElysee_Selbstausdruck.pdf
[2013/03/04 11:53:44 | 000,645,821 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Trommsdorff 123801.PDF
[2013/03/04 11:53:43 | 000,702,279 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Steigerwald 110911.PDF
[2013/03/04 11:53:43 | 000,510,812 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Bestellformular121414.PDF
[2013/03/04 11:53:43 | 000,454,545 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Angebote 121357.PDF
[2013/03/04 11:50:51 | 000,052,308 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Überweiser-Bestellung März 2013.pdf
[2013/03/04 11:50:48 | 000,741,999 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\1A - 143715.PDF
[2013/03/04 11:50:48 | 000,634,513 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 1 - 171630.PDF
[2013/03/04 11:50:48 | 000,506,020 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 2 - 171613.PDF
[2013/02/25 08:28:50 | 000,142,936 | ---- | C] () -- D:\YLAS0003.PDF
[2012/03/28 00:30:25 | 000,160,256 | ---- | C] () -- D:\Users\DBR5.PROKAS2\AppData\Roaming\ldr.mcb
[2011/06/24 02:22:47 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/06/24 02:22:21 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/03/19 04:38:39 | 000,015,290 | ---- | C] () -- D:\Windows\System32\SELF32.INI
[2011/02/27 15:41:57 | 000,000,043 | ---- | C] () -- D:\Windows\gswin32.ini
[2011/02/27 15:41:11 | 000,116,224 | ---- | C] () -- D:\Windows\System32\redmonnt.dll
[2011/02/27 15:41:11 | 000,045,056 | ---- | C] () -- D:\Windows\System32\unredmon.exe
[2010/09/30 08:07:19 | 000,002,768 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2010/09/28 16:13:55 | 000,654,166 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2010/09/28 16:13:55 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2010/09/28 16:13:55 | 000,130,006 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2010/09/28 16:13:55 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010/09/28 08:17:56 | 000,000,484 | ---- | C] () -- D:\Windows\ODBC.INI
[2010/09/28 07:58:45 | 000,000,170 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2010/09/28 06:55:10 | 000,434,240 | ---- | C] () -- D:\Windows\System32\LIBIPF32.DLL
[2010/09/28 06:55:10 | 000,032,256 | ---- | C] () -- D:\Windows\System32\IPF32.DLL
[2010/09/28 06:32:21 | 000,000,008 | ---- | C] () -- D:\Windows\System32\drivers\rtkhdaud.dat
[2009/12/18 05:30:04 | 000,870,544 | ---- | C] () -- D:\Windows\System32\igkrng575.bin
[2009/12/18 05:30:04 | 000,127,896 | ---- | C] () -- D:\Windows\System32\igcompkrng575.bin
[2009/12/18 05:30:04 | 000,051,068 | ---- | C] () -- D:\Windows\System32\igfcg575m.bin
[2009/12/18 04:48:10 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config
[2009/12/18 04:45:10 | 000,208,896 | ---- | C] () -- D:\Windows\System32\iglhsip32.dll
[2009/12/18 04:45:10 | 000,143,360 | ---- | C] () -- D:\Windows\System32\iglhcp32.dll
[2009/12/03 11:27:28 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,315,656 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2007/08/16 09:17:50 | 000,143,360 | ---- | C] () -- D:\Windows\System32\nsldap32v50.dll
[2005/12/21 10:57:04 | 000,024,576 | ---- | C] () -- D:\Windows\System32\nsldappr32v50.dll
[2005/12/21 10:54:34 | 000,040,960 | ---- | C] () -- D:\Windows\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/11/16 11:16:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/03/09 03:05:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Browser Manager
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/10/30 11:39:18 | 000,000,000 | ---D | M] -- D:\ProgramData\eBay
[2010/11/13 05:51:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Ebro
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/02/27 15:41:10 | 000,000,000 | ---D | M] -- D:\ProgramData\FreePDF
[2012/11/16 11:17:39 | 000,000,000 | ---D | M] -- D:\ProgramData\Package Cache
[2010/10/24 03:17:13 | 000,000,000 | ---D | M] -- D:\ProgramData\StarMoney 7.0
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/03/18 08:06:22 | 000,000,000 | ---D | M] -- D:\ProgramData\xhn
[2013/02/11 03:32:59 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Alt 18.03.2013, 16:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weisser bildschirm bei win 7 - Standard

Weisser bildschirm bei win 7


Hallo,

Zitat:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.44.140.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = p***.s***.pk2

Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________
Alt 18.03.2013, 18:19   #3
vfl1848
 
Weisser bildschirm bei win 7 - Standard

Weisser bildschirm bei win 7


Wird privat und in einem kleinen Firmennetzwerk benutzt
__________________
Alt 18.03.2013, 23:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weisser bildschirm bei win 7 - Standard

Weisser bildschirm bei win 7


Bitte beachten!

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Gelesen und verstanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Weisser bildschirm bei win 7
administrator, adobe, adobe flash player, antivir, avira, babylontoolbar, bho, bildschirm, browser, browser manager, defender, desktop, error, explorer, firefox, flash player, format, helper, logfile, object, plug-in, registry, scan, security, software, starmoney, stick, wajam, windows


« Habe mir "search.conduit.com" im IE eingefangen | Trojaner / Virus auf meinem Pc - Logfile Auswertung »


Ähnliche Themen: Weisser bildschirm bei win 7


  1. Weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (10)
  2. Weisser Bildschirm bei Windows 7 64 Bit
    Log-Analyse und Auswertung - 11.07.2013 (4)
  3. weisser bildschirm
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (10)
  4. Bundestrojaner o.ä. - weisser Bildschirm
    Log-Analyse und Auswertung - 02.05.2013 (57)
  5. Bundestrojaner, weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (16)
  6. weisser bildschirm
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (15)
  7. weisser bildschirm vista
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (3)
  8. ukash und nun weisser Bildschirm
    Log-Analyse und Auswertung - 23.09.2012 (5)
  9. Weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (3)
  10. weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (20)
  11. Weisser Bildschirm
    Log-Analyse und Auswertung - 25.05.2012 (1)
  12. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm "warten s
    Log-Analyse und Auswertung - 17.04.2012 (13)
  13. bstr55uhjzd.exe Weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (11)
  14. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm
    Log-Analyse und Auswertung - 15.04.2012 (1)
  15. Weisser Bildschirm
    Log-Analyse und Auswertung - 29.03.2012 (28)
  16. weisser bildschirm & please wait ...
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (8)
  17. Weisser Bildschirm, Trojaner
    Log-Analyse und Auswertung - 06.03.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Weisser bildschirm bei win 7 - Hallo. Der Bildschirm ist nach Start bei Windows 7 weiss. Ich habe mit REATOGO gebootet und OTLPE gestartet. Anbei der OTL.TXT Bitte um eure Mithilfe danke! OTL logfile created on: - Weisser bildschirm bei win 7...
Archiv
Du betrachtest: Weisser bildschirm bei win 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131