Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Weisser bildschirm bei win 7 (https://www.trojaner-board.de/132411-weisser-bildschirm-win-7-a.html)

vfl1848 18.03.2013 16:22
Weisser bildschirm bei win 7
 
Hallo.

Der Bildschirm ist nach Start bei Windows 7 weiss.
Ich habe mit REATOGO gebootet und OTLPE gestartet.
Anbei der OTL.TXT

Bitte um eure Mithilfe danke!

OTL logfile created on: 3/18/2013 6:12:19 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.82 Mb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive D: | 97.56 Gb Total Space | 63.80 Gb Free Space | 65.39% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 200.12 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2013/03/13 05:47:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 04:59:12 | 002,569,168 | ---- | M] () [Auto] -- D:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/10/05 11:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand] -- D:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/06/19 12:58:58 | 002,139,648 | ---- | M] (AGFEO ) [Auto] -- D:\Program Files\AGFEO\Tk-Suite\tkserver\tksock.exe -- (tksock)
SRV - [2012/04/25 13:00:23 | 000,327,392 | ---- | M] () [Auto] -- D:\Program Files\XSManager\WTGService.exe -- (WTGService)
SRV - [2011/11/08 06:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- D:\Program Files\StarMoney 7.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011/06/29 02:37:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 02:12:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/30 09:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto] -- D:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/24 06:21:28 | 000,111,536 | ---- | M] (CSR, plc) [Auto] -- D:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009/11/01 11:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/01 11:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/27 12:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto] -- D:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/10/09 04:25:40 | 000,062,760 | ---- | M] () [Auto] -- D:\Program Files\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService)
SRV - [2000/06/19 10:25:06 | 000,061,952 | ---- | M] () [On_Demand] -- D:\SQLLIB\bin\db2jds.exe -- (DB2JDS)
SRV - [2000/06/19 10:24:04 | 000,005,632 | ---- | M] () [On_Demand] -- D:\SQLLIB\bin\db2sec.exe -- (DB2NTSECSERVER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] -- -- (RSUSBSTOR)
DRV - [2012/07/16 09:29:39 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2011/06/29 02:37:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 02:37:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/28 04:42:40 | 000,047,856 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jmcam.sys -- (JmUsbVideo)
DRV - [2009/12/28 04:23:36 | 000,024,048 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV - [2009/11/26 23:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/11/09 11:58:30 | 000,070,272 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto] -- D:\Windows\System32\drivers\AGFWMP.sys -- (agfwmp)
DRV - [2009/11/06 06:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/01 11:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/16 04:48:18 | 000,268,416 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto] -- D:\Windows\System32\drivers\AGFUCAPI.sys -- (agfucapi)
DRV - [2006/11/01 13:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/11/01 13:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DBK1_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


















































IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=4612_5&babsrc=HP_ss&mntrId=fa0de76d0000000000000023268d66b1
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4612_5&babsrc=HP_ss&mntrId=fa0de76d0000000000000023268d66b1
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 56 DF 02 8C 1B CC 01 [binary data]
IE - HKU\DBR5.PROKAS2_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\DBR5_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 47 39 86 98 60 CB 01 [binary data]
IE - HKU\DBR5_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0









FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@sweetsmileys.com: C:\Program Files\SweetSmileys\ff\info@sweetsmileys.com.xpi [2012/11/15 10:46:00 | 000,066,143 | ---- | M] ()

[2012/11/16 11:16:41 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - D:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SweetSmileys) - {36326AF0-1132-41A0-B770-1C9A01AB2B6F} - D:\Program Files\SweetSmileys\ie\sweetsmileys_ie.dll (R&E Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - D:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - D:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConMgr] D:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4 - HKLM..\Run: [CSRSkype] D:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4 - HKLM..\Run: [FDM7] D:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FreePDF Assistant] D:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IndicatorUtility] D:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] D:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] D:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] D:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [PSUTility] D:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [starter4g] D:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKU\DBK1_ON_D..\Run: [BrowserChoice] D:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\DBK11_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK13_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK15_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK17_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK19_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK21_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK23_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK25_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK27_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK29_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK3_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK5_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK7_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBK9_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR1_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR10_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR11_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR12_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR13_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR14_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR15_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR16_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR17_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR18_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR19_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR2_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR20_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR21_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR22_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR23_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR24_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR25_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR26_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR27_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR28_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR29_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR3_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR30_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR31_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR32_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR33_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR34_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR35_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR36_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR37_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR38_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR39_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR4_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR40_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR6_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR7_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR8_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBR9_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\DBRX_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DBK1_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DBR5.PROKAS2_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DBR5_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.44.140.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prokas2.sued.pk2
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261125~1.80\{16cdf~1\browse~1.dll) - D:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\DBR5.PROKAS2_ON_D Winlogon: Shell - (C:\Users\DBR5.PROKAS2\AppData\Roaming\ldr.mcb) - D:\Users\DBR5.PROKAS2\AppData\Roaming\ldr.mcb ()
O20 - HKU\DBR5.PROKAS2_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 08:06:22 | 000,000,000 | ---D | C] -- D:\ProgramData\xhn
[2013/03/18 08:04:16 | 000,000,000 | ---D | C] -- D:\Users\DBK11
[2013/03/18 08:04:15 | 000,000,000 | ---D | C] -- D:\Users\DBK15
[2013/03/18 08:04:15 | 000,000,000 | ---D | C] -- D:\Users\DBK13
[2013/03/18 08:04:14 | 000,000,000 | ---D | C] -- D:\Users\DBK17
[2013/03/18 08:04:13 | 000,000,000 | ---D | C] -- D:\Users\DBK19
[2013/03/18 08:04:12 | 000,000,000 | ---D | C] -- D:\Users\DBK21
[2013/03/18 08:04:11 | 000,000,000 | ---D | C] -- D:\Users\DBK23
[2013/03/18 08:04:10 | 000,000,000 | ---D | C] -- D:\Users\DBK25
[2013/03/18 08:04:09 | 000,000,000 | ---D | C] -- D:\Users\DBK27
[2013/03/18 08:04:08 | 000,000,000 | ---D | C] -- D:\Users\DBK29
[2013/03/18 08:04:07 | 000,000,000 | ---D | C] -- D:\Users\DBK3
[2013/03/18 08:04:06 | 000,000,000 | ---D | C] -- D:\Users\DBK5
[2013/03/18 08:04:05 | 000,000,000 | ---D | C] -- D:\Users\DBK7
[2013/03/18 08:04:04 | 000,000,000 | ---D | C] -- D:\Users\DBK9
[2013/03/18 08:04:00 | 000,000,000 | ---D | C] -- D:\Users\DBR1
[2013/03/18 08:03:59 | 000,000,000 | ---D | C] -- D:\Users\DBR10
[2013/03/18 08:03:58 | 000,000,000 | ---D | C] -- D:\Users\DBR11
[2013/03/18 08:03:57 | 000,000,000 | ---D | C] -- D:\Users\DBR12
[2013/03/18 08:03:56 | 000,000,000 | ---D | C] -- D:\Users\DBR13
[2013/03/18 08:03:55 | 000,000,000 | ---D | C] -- D:\Users\DBR14
[2013/03/18 08:03:54 | 000,000,000 | ---D | C] -- D:\Users\DBR16
[2013/03/18 08:03:54 | 000,000,000 | ---D | C] -- D:\Users\DBR15
[2013/03/18 08:03:52 | 000,000,000 | ---D | C] -- D:\Users\DBR18
[2013/03/18 08:03:52 | 000,000,000 | ---D | C] -- D:\Users\DBR17
[2013/03/18 08:03:51 | 000,000,000 | ---D | C] -- D:\Users\DBR19
[2013/03/18 08:03:50 | 000,000,000 | ---D | C] -- D:\Users\DBR2
[2013/03/18 08:03:49 | 000,000,000 | ---D | C] -- D:\Users\DBR20
[2013/03/18 08:03:48 | 000,000,000 | ---D | C] -- D:\Users\DBR21
[2013/03/18 08:03:47 | 000,000,000 | ---D | C] -- D:\Users\DBR22
[2013/03/18 08:03:46 | 000,000,000 | ---D | C] -- D:\Users\DBR23
[2013/03/18 08:03:45 | 000,000,000 | ---D | C] -- D:\Users\DBR24
[2013/03/18 08:03:44 | 000,000,000 | ---D | C] -- D:\Users\DBR25
[2013/03/18 08:03:43 | 000,000,000 | ---D | C] -- D:\Users\DBR26
[2013/03/18 08:03:42 | 000,000,000 | ---D | C] -- D:\Users\DBR27
[2013/03/18 08:03:41 | 000,000,000 | ---D | C] -- D:\Users\DBR28
[2013/03/18 08:03:40 | 000,000,000 | ---D | C] -- D:\Users\DBR29
[2013/03/18 08:03:39 | 000,000,000 | ---D | C] -- D:\Users\DBR3
[2013/03/18 08:03:38 | 000,000,000 | ---D | C] -- D:\Users\DBR30
[2013/03/18 08:03:37 | 000,000,000 | ---D | C] -- D:\Users\DBR31
[2013/03/18 08:03:36 | 000,000,000 | ---D | C] -- D:\Users\DBR32
[2013/03/18 08:03:35 | 000,000,000 | ---D | C] -- D:\Users\DBR34
[2013/03/18 08:03:35 | 000,000,000 | ---D | C] -- D:\Users\DBR33
[2013/03/18 08:03:34 | 000,000,000 | ---D | C] -- D:\Users\DBR35
[2013/03/18 08:03:33 | 000,000,000 | ---D | C] -- D:\Users\DBR36
[2013/03/18 08:03:32 | 000,000,000 | ---D | C] -- D:\Users\DBR37
[2013/03/18 08:03:31 | 000,000,000 | ---D | C] -- D:\Users\DBR38
[2013/03/18 08:03:30 | 000,000,000 | ---D | C] -- D:\Users\DBR39
[2013/03/18 08:03:29 | 000,000,000 | ---D | C] -- D:\Users\DBR4
[2013/03/18 08:03:28 | 000,000,000 | ---D | C] -- D:\Users\DBR6
[2013/03/18 08:03:28 | 000,000,000 | ---D | C] -- D:\Users\DBR40
[2013/03/18 08:03:27 | 000,000,000 | ---D | C] -- D:\Users\DBR7
[2013/03/18 08:03:26 | 000,000,000 | ---D | C] -- D:\Users\DBR8
[2013/03/18 08:03:25 | 000,000,000 | ---D | C] -- D:\Users\DBR9
[2013/03/18 08:03:22 | 000,000,000 | ---D | C] -- D:\Users\DBRX
[2013/03/18 07:35:08 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{875A6F16-2DA1-4DEF-B5BE-0AA2C31FCB38}
[2013/03/13 07:10:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2013/03/13 07:10:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/03/13 07:10:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/03/13 07:10:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/03/13 07:10:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/03/13 07:10:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2013/03/13 07:10:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/03/13 07:10:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/03/13 07:10:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/03/13 07:10:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/03/12 07:29:05 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{79271927-E122-4E58-B944-73D341928F0D}
[2013/03/11 07:36:50 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{17378ADC-027A-4D86-A002-239D2F6FAB9B}
[2013/03/05 07:34:23 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{8A98377B-C433-43E1-AA0C-07B706BAE8A6}
[2013/03/04 07:32:36 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{7018DC34-67CF-476B-9595-6D42B0D102A6}
[2013/02/27 07:16:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIAnimation.dll
[2013/02/27 07:16:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMPhoto.dll
[2013/02/27 07:16:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2013/02/27 07:16:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 07:16:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 07:16:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 07:16:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msmpeg2vdec.dll
[2013/02/27 07:16:42 | 001,988,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2013/02/27 07:16:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d11.dll
[2013/02/27 07:16:42 | 001,080,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10.dll
[2013/02/27 07:16:42 | 000,604,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10level9.dll
[2013/02/27 07:16:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxgi.dll
[2013/02/27 07:16:42 | 000,249,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2013/02/27 07:16:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10core.dll
[2013/02/27 07:16:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2013/02/27 07:16:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 07:16:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 07:16:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 07:16:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 07:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 07:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 07:16:41 | 003,419,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2013/02/27 07:16:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2013/02/27 07:16:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2013/02/27 07:16:41 | 000,207,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecsExt.dll
[2013/02/26 07:43:50 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{6C322972-9E53-4B1B-9DB6-75B29253DE57}
[2013/02/25 07:50:07 | 000,000,000 | ---D | C] -- D:\Users\DBR5.PROKAS2\AppData\Local\{78FB7529-8B69-4F0A-BF9D-521E56F5DEA1}
[2009/12/18 04:49:50 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll
[36 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 08:47:16 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/03/18 08:35:02 | 2356,584,448 | -HS- | M] () -- D:\hiberfil.sys
[2013/03/18 08:15:21 | 000,014,032 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 08:15:21 | 000,014,032 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 08:09:00 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 08:08:06 | 000,001,090 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/18 07:47:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/18 05:13:23 | 000,000,031 | ---- | M] () -- D:\DLGGLOB.DAT
[2013/03/18 03:43:05 | 008,568,723 | ---- | M] () -- D:\dru.dat
[2013/03/13 07:11:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 05:47:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 05:47:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/13 04:10:34 | 000,002,129 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/11 09:21:18 | 000,003,928 | ---- | M] () -- D:\result.xml
[2013/03/05 11:59:13 | 000,101,487 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\umsatzerklaerung_pdf.pdf
[2013/03/05 10:32:54 | 000,088,298 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101675-77208-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:42 | 000,088,216 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101669-77209-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:34 | 000,088,223 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-3238529-77210-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:25 | 000,091,291 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-R-Elacare_Schulung-ELAC.pdf
[2013/03/05 10:32:01 | 000,088,308 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-G-Monatsabrechnung-ELAC.pdf
[2013/03/04 12:22:27 | 001,754,323 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\2012_07_Ueberweiser_ElacElysee_Selbstausdruck.pdf
[2013/03/04 11:53:44 | 000,702,279 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Steigerwald 110911.PDF
[2013/03/04 11:53:44 | 000,645,821 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Trommsdorff 123801.PDF
[2013/03/04 11:53:43 | 000,558,667 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\aPOGEPHA.pdf
[2013/03/04 11:53:43 | 000,510,812 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Bestellformular121414.PDF
[2013/03/04 11:53:43 | 000,454,545 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Angebote 121357.PDF
[2013/03/04 11:50:51 | 000,620,561 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Allergan.PDF
[2013/03/04 11:50:51 | 000,052,308 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Überweiser-Bestellung März 2013.pdf
[2013/03/04 11:50:48 | 000,741,999 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\1A - 143715.PDF
[2013/03/04 11:50:48 | 000,634,513 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 1 - 171630.PDF
[2013/03/04 11:50:48 | 000,506,020 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 2 - 171613.PDF
[2013/02/26 10:38:35 | 000,654,166 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/02/26 10:38:35 | 000,616,008 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/02/26 10:38:35 | 000,130,006 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/02/26 10:38:35 | 000,106,388 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/02/25 08:28:50 | 000,142,936 | ---- | M] () -- D:\YLAS0003.PDF
[2013/02/18 06:44:44 | 000,005,635 | ---- | M] () -- D:\Users\DBR5.PROKAS2\Documents\Sauerland_AXA.rtf
[36 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/05 11:59:13 | 000,101,487 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\umsatzerklaerung_pdf.pdf
[2013/03/05 10:32:54 | 000,088,298 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101675-77208-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:42 | 000,088,216 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101669-77209-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:34 | 000,088,223 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-3238529-77210-G-Monatsabrechnung-ELAC.pdf
[2013/03/05 10:32:25 | 000,091,291 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-R-Elacare_Schulung-ELAC.pdf
[2013/03/05 10:32:01 | 000,088,308 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2013-01-101600-77207-G-Monatsabrechnung-ELAC.pdf
[2013/03/04 12:22:27 | 001,754,323 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\2012_07_Ueberweiser_ElacElysee_Selbstausdruck.pdf
[2013/03/04 11:53:44 | 000,645,821 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Trommsdorff 123801.PDF
[2013/03/04 11:53:43 | 000,702,279 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Steigerwald 110911.PDF
[2013/03/04 11:53:43 | 000,510,812 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Bestellformular121414.PDF
[2013/03/04 11:53:43 | 000,454,545 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Mylan - Angebote 121357.PDF
[2013/03/04 11:50:51 | 000,052,308 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Überweiser-Bestellung März 2013.pdf
[2013/03/04 11:50:48 | 000,741,999 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\1A - 143715.PDF
[2013/03/04 11:50:48 | 000,634,513 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 1 - 171630.PDF
[2013/03/04 11:50:48 | 000,506,020 | ---- | C] () -- D:\Users\DBR5.PROKAS2\Documents\Actavis 2 - 171613.PDF
[2013/02/25 08:28:50 | 000,142,936 | ---- | C] () -- D:\YLAS0003.PDF
[2012/03/28 00:30:25 | 000,160,256 | ---- | C] () -- D:\Users\DBR5.PROKAS2\AppData\Roaming\ldr.mcb
[2011/06/24 02:22:47 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/06/24 02:22:21 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/03/19 04:38:39 | 000,015,290 | ---- | C] () -- D:\Windows\System32\SELF32.INI
[2011/02/27 15:41:57 | 000,000,043 | ---- | C] () -- D:\Windows\gswin32.ini
[2011/02/27 15:41:11 | 000,116,224 | ---- | C] () -- D:\Windows\System32\redmonnt.dll
[2011/02/27 15:41:11 | 000,045,056 | ---- | C] () -- D:\Windows\System32\unredmon.exe
[2010/09/30 08:07:19 | 000,002,768 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2010/09/28 16:13:55 | 000,654,166 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2010/09/28 16:13:55 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2010/09/28 16:13:55 | 000,130,006 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2010/09/28 16:13:55 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010/09/28 08:17:56 | 000,000,484 | ---- | C] () -- D:\Windows\ODBC.INI
[2010/09/28 07:58:45 | 000,000,170 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2010/09/28 06:55:10 | 000,434,240 | ---- | C] () -- D:\Windows\System32\LIBIPF32.DLL
[2010/09/28 06:55:10 | 000,032,256 | ---- | C] () -- D:\Windows\System32\IPF32.DLL
[2010/09/28 06:32:21 | 000,000,008 | ---- | C] () -- D:\Windows\System32\drivers\rtkhdaud.dat
[2009/12/18 05:30:04 | 000,870,544 | ---- | C] () -- D:\Windows\System32\igkrng575.bin
[2009/12/18 05:30:04 | 000,127,896 | ---- | C] () -- D:\Windows\System32\igcompkrng575.bin
[2009/12/18 05:30:04 | 000,051,068 | ---- | C] () -- D:\Windows\System32\igfcg575m.bin
[2009/12/18 04:48:10 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config
[2009/12/18 04:45:10 | 000,208,896 | ---- | C] () -- D:\Windows\System32\iglhsip32.dll
[2009/12/18 04:45:10 | 000,143,360 | ---- | C] () -- D:\Windows\System32\iglhcp32.dll
[2009/12/03 11:27:28 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,315,656 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2007/08/16 09:17:50 | 000,143,360 | ---- | C] () -- D:\Windows\System32\nsldap32v50.dll
[2005/12/21 10:57:04 | 000,024,576 | ---- | C] () -- D:\Windows\System32\nsldappr32v50.dll
[2005/12/21 10:54:34 | 000,040,960 | ---- | C] () -- D:\Windows\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/11/16 11:16:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/03/09 03:05:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Browser Manager
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/10/30 11:39:18 | 000,000,000 | ---D | M] -- D:\ProgramData\eBay
[2010/11/13 05:51:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Ebro
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/02/27 15:41:10 | 000,000,000 | ---D | M] -- D:\ProgramData\FreePDF
[2012/11/16 11:17:39 | 000,000,000 | ---D | M] -- D:\ProgramData\Package Cache
[2010/10/24 03:17:13 | 000,000,000 | ---D | M] -- D:\ProgramData\StarMoney 7.0
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/09/28 06:21:12 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/03/18 08:06:22 | 000,000,000 | ---D | M] -- D:\ProgramData\xhn
[2013/02/11 03:32:59 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

cosinus 18.03.2013 16:54
Hallo,

Zitat:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.44.140.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = p***.s***.pk2

Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

vfl1848 18.03.2013 18:19
Wird privat und in einem kleinen Firmennetzwerk benutzt

cosinus 18.03.2013 23:21
Bitte beachten!

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Gelesen und verstanden?


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131