| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.06.2013, 17:42
| #1 |
 |  Weißer Bildschirm Hallo, der Laptop von meinem Arbeitskollegen wurde von einem Bundestrojaner befallen?! Nach dem Hochfahren des Computers (Windows Vista) erscheint ein weißer Bildschirm und man kann nichts machen. Abgesicherter Modus --> startet direkt neu wenn explorer geladen ist Abgesicherter Modus mit Netzwerktreibern --> startet direkt neu wenn explorer geladen ist Abgesicherter Modus mit Eingabeaufforderung --> funktioniert Habe mich in dem Forum hier schonmal umgeschaut und das scheint ja ein bekanntes Problem hier zu sein. Ich habe mir erlaubt schonmal die OTL logfile zu generieren. Code:
ATTFilter OTL logfile created on: 6/3/2013 7:24:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Business Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.35 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/05/17 08:22:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/02/20 19:37:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/11/30 04:31:54 | 000,026,112 | ---- | M] () [Auto] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/01/20 22:25:31 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/11/30 04:31:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/08/04 08:49:56 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/07/10 07:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/11/05 17:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 22:23:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10200577301906479&ctid=CT3284351
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\meinLaptop_ON_C\..\URLSearchHook: {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FileConverter 1.3F4 Toolbar) - {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FileConverter 1.3F4 Toolbar) - {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O3 - HKU\meinLaptop_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\meinLaptop_ON_C\..\Toolbar\WebBrowser: (FileConverter 1.3F4 Toolbar) - {65CEE10F-B443-447B-BC49-588D94EC564A} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (C:\Users\meinLaptop\AppData\Roaming\skype.dat) - C:\Users\meinLaptop\AppData\Roaming\skype.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/05/30 14:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Collaboration
[2013/05/30 14:12:28 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/05/30 13:30:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013/05/30 12:58:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013/05/30 12:58:03 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013/05/30 12:58:03 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013/05/30 12:58:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013/05/30 12:58:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013/05/30 12:58:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013/05/30 12:57:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013/05/30 12:57:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013/05/30 12:57:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013/05/30 12:57:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013/05/30 12:57:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013/05/30 12:57:52 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013/05/30 12:57:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013/05/30 12:57:52 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013/05/30 12:57:52 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013/05/30 12:57:52 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013/05/30 12:52:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013/05/30 12:52:26 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/05/30 12:52:07 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013/05/30 12:52:06 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/05/30 12:51:55 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013/05/30 12:51:55 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013/05/30 12:51:55 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013/05/30 12:51:54 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013/05/30 12:51:54 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013/05/30 12:51:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013/05/30 12:51:53 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013/05/30 12:51:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013/05/30 12:51:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013/05/30 12:51:44 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/05/30 12:51:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013/05/30 12:51:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013/05/30 12:42:29 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013/05/30 12:42:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013/05/30 12:42:04 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013/05/30 12:34:35 | 000,000,000 | ---D | C] -- C:\Users\meinLaptop\AppData\Local\WindowsUpdate
[2013/05/30 12:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/05/30 12:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/05/30 12:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2013/05/30 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\meinLaptop\AppData\Roaming\Systweak
[2013/05/30 12:22:42 | 000,018,360 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013/05/30 12:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/05/30 12:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2013/05/30 11:13:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
========== Files - Modified Within 30 Days ==========
[2013/06/03 12:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 11:50:26 | 000,000,004 | ---- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
[2013/06/03 11:47:18 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 11:47:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 11:47:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 11:00:07 | 000,015,872 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/03 11:00:07 | 000,004,930 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/31 07:21:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/30 14:13:30 | 000,001,846 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2013/05/30 13:34:58 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/30 13:30:53 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/30 13:30:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 13:19:31 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/05/30 13:19:31 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/05/30 13:17:11 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/30 12:23:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/05/30 12:22:41 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/05/30 12:22:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/05/30 11:46:41 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/30 11:46:41 | 000,004,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/30 01:50:44 | 000,090,112 | R--- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.dat
[2013/05/29 13:03:38 | 000,011,776 | ---- | M] () -- C:\Users\meinLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/24 14:32:43 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/17 08:22:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/17 08:22:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/05/30 14:13:30 | 000,001,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2013/05/30 12:57:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013/05/30 12:57:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013/05/30 12:57:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013/05/30 12:23:45 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/05/30 12:22:51 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/05/30 12:22:49 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/05/30 12:22:41 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/05/30 12:09:26 | 000,000,004 | ---- | C] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
[2013/04/05 10:55:04 | 000,090,112 | R--- | C] () -- C:\Users\meinLaptop\AppData\Roaming\skype.dat
[2012/10/14 07:53:15 | 000,011,776 | ---- | C] () -- C:\Users\meinLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/23 15:05:06 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/05/23 15:05:06 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/05/23 15:05:06 | 000,015,872 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/05/23 15:05:06 | 000,004,930 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/05/23 06:55:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/05/23 05:44:36 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/05/23 05:36:07 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012/05/23 05:36:06 | 000,982,212 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/05/23 05:36:06 | 000,439,280 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/05/23 05:36:06 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2012/05/23 05:36:06 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/05/23 05:21:59 | 000,000,680 | ---- | C] () -- C:\Users\meinLaptop\AppData\Local\d3d9caps.dat
[2008/01/20 22:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008/01/20 22:24:41 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,228,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,004,502 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2004/09/22 15:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
========== LOP Check ==========
[2012/05/23 07:09:01 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Leadertech
[2013/04/21 13:20:32 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Spider Player
[2013/05/30 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Systweak
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2013/05/30 12:23:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Systweak
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/05/30 13:19:31 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2013/05/30 13:19:31 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2013/06/03 10:52:01 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Da ich nicht genau weiß, was ich jetzt genau mit dem OTL code anfangen soll nun die Bitte um Hilfe. Und gleich die Frage vorab... Wie kann ich im Abgesicherten Modus mit Eingabeaufforderung das script, das ich hier hoffentlich bekomme, einfügen? Bin jetzt an meinem eigenen Rechner und mache hier alles was ich für den Laptop brauche. Vielen Dank im Voraus für die schnelle Hilfe Grüße |
| Themen zu Weißer Bildschirm |
| .com, adobe, adobe flash player, autorun, bho, bildschirm, defender, desktop, error, explorer, flash player, format, frage, logfile, microsoft, netzwerk, neu, problem, regclean, registry, scan, software, vista, windows, winlogon, wlan |
Baum-Darstellung