Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 Start Weisser Bildschirm OTL Auswertung

Windows 7 Start Weisser Bildschirm OTL Auswertung


Log-Analyse und Auswertung: Windows 7 Start Weisser Bildschirm OTL Auswertung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 17.11.2013, 15:49   #1
gXPsycho
 
Windows 7 Start Weisser Bildschirm OTL Auswertung - Standard

Windows 7 Start Weisser Bildschirm OTL Auswertung


Hallo zusammen,

habe wie bereits im Titel erwähnt einen weissen Bildschirm beim Windows Start.
Habe wie hier im Forum beschrieben OTLpe benutzt und bräuchte nun etwas Hilfe bei der Auswertung der OTL.txt ( Extras.txt wurde nicht erstellt )

Datei habe ich angehängt. Schon mal im voraus vielen Dank

MfG
gXPsycho

Alt 17.11.2013, 16:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 Start Weisser Bildschirm OTL Auswertung - Standard

Windows 7 Start Weisser Bildschirm OTL Auswertung


hi,

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 17.11.2013, 16:47   #3
gXPsycho
 
Windows 7 Start Weisser Bildschirm OTL Auswertung - Standard

Windows 7 Start Weisser Bildschirm OTL Auswertung


Code:
ATTFilter
OTL logfile created on: 11/17/2013 3:17:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 73.98 Mb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive D: | 292.87 Gb Total Space | 225.13 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive E: | 172.79 Gb Total Space | 1.17 Gb Free Space | 0.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/08/12 07:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 07:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/09 11:21:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/27 09:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto] -- D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/25 17:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 01:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/11/22 10:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto] -- D:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 10:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto] -- D:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/07/16 10:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/07/04 11:10:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/24 09:35:44 | 000,128,296 | ---- | M] () [Auto] -- D:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007/12/16 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- D:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/10 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 20:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- D:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/18 14:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/08/02 10:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/24 23:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 18:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2007/01/15 09:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cmiucr_x64.SYS -- (CMIUCR)
DRV - [2011/07/13 11:23:22 | 000,007,164 | ---- | M] () [Kernel | System] -- D:\Windows\SysWOW64\drivers\CMFileDisk.sys -- (CMFileDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8ee0ed0-c9e6-440c-ba66-258f25fc36c7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/?gws_rd=cr&ei=bz84UsDiH6Tx4QSim4CwAg
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 43 DC 5B F0 34 CC 01  [binary data]
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://google.de/
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8ee0ed0-c9e6-440c-ba66-258f25fc36c7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Paul_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=f8ee0ed0-c9e6-440c-ba66-258f25fc36c7&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Paul_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: D:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: D:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Paul\AppData\Roaming\5038 [2011/11/10 06:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012/12/08 12:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/04 11:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/24 12:58:21 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/04 11:10:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/24 12:58:18 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/24 12:58:18 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/24 12:58:18 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/24 12:58:18 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/24 12:58:18 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/24 12:58:18 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmiboot] D:\Windows\cmiboot.exe ()
O4:64bit: - HKLM..\Run: [MSC] D:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [UMonit] D:\Windows\SysWOW64\UMonit.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] D:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CMExplorer] D:\Windows\CMExplorer.exe ()
O4 - HKLM..\Run: [EEventManager] D:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SearchSettings]  File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Paul_ON_D..\Run: [EPSON SX510W Series]  File not found
O4 - HKU\Paul_ON_D..\Run: [EPSON SX510W Series (Kopie 1)]  File not found
O4 - HKU\Paul_ON_D..\Run: [EPSON SX510W Series (Kopie 2)]  File not found
O4 - HKU\Paul_ON_D..\Run: [EPSON83082E]  File not found
O4 - HKU\Paul_ON_D..\Run: [EPSON83082E (Kopie 1)]  File not found
O4 - HKU\Paul_ON_D..\Run: [MyTomTomSA.exe] D:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\Paul_ON_D..\Run: [TomTomHOME.exe] D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\UpdatusUser_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Paul_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~2\gadget~1\sprote~1.dll) - D:\Program Files (x86)\GadgetBox\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exeC:\Users\Paul\AppData\Roaming\appconf32.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Paul_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Paul_ON_D Winlogon: Shell - (C:\Users\Paul\AppData\Roaming\Other.res) - D:\Users\Paul\AppData\Roaming\Other.res ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/15 09:10:28 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/14 10:13:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/11/14 10:13:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/11/14 10:13:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/11/14 10:13:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/11/14 10:13:24 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/14 10:13:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/14 10:13:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/11/14 10:13:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/11/14 10:13:24 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/11/14 10:13:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/11/14 10:13:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/11/14 10:13:22 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/11/14 10:13:22 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/11/14 10:13:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/11/14 10:13:22 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/11/14 10:13:21 | 003,959,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/11/14 10:13:21 | 002,877,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/11/14 09:26:02 | 001,474,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll
[2013/11/14 09:25:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/11/14 09:25:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/11/14 09:25:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\credui.dll
[2013/11/14 09:25:58 | 000,190,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/14 09:25:58 | 000,168,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\credui.dll
[2013/11/14 09:25:58 | 000,152,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/14 09:25:53 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2013/11/14 09:25:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll
[2013/11/14 09:25:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ncrypt.dll
[2013/11/14 09:25:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2013/11/14 09:25:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2013/11/14 09:25:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2013/11/14 09:25:51 | 000,404,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdi32.dll
[2013/11/14 09:25:49 | 000,830,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\nshwfp.dll
[2013/11/14 09:25:49 | 000,656,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\nshwfp.dll
[2013/11/14 09:25:49 | 000,324,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\FWPUCLNT.DLL
[2013/11/14 09:25:49 | 000,216,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/03 10:59:03 | 000,325,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\usbport.sys
[2013/11/03 10:59:03 | 000,007,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\usbd.sys
[2013/10/27 05:44:28 | 000,000,000 | ---D | C] -- D:\ProgramData\Oracle
[2013/10/27 05:37:47 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Java
[2013/10/27 05:37:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaws.exe
[2013/10/27 05:37:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2013/10/27 05:37:33 | 000,174,504 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2013/10/27 05:37:33 | 000,096,168 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/27 05:36:54 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/25 08:25:29 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee Security Scan
[1 D:\Users\Paul\AppData\Roaming\*.tmp files -> D:\Users\Paul\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/17 08:20:38 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/11/17 08:19:35 | 000,014,192 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 08:19:35 | 000,014,192 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 08:16:31 | 000,654,150 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/11/17 08:16:31 | 000,616,032 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/11/17 08:16:31 | 000,130,022 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/11/17 08:16:31 | 000,106,412 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/11/17 08:12:16 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/17 08:11:53 | 3220,578,304 | -HS- | M] () -- D:\hiberfil.sys
[2013/11/15 13:59:00 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/15 13:22:51 | 000,300,024 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2013/11/15 13:21:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/15 12:20:35 | 000,000,250 | ---- | M] () -- D:\Windows\tasks\Epson Printer Software Downloader.job
[2013/11/15 11:20:34 | 000,087,552 | R--- | M] () -- D:\Users\Paul\AppData\Roaming\Other.res
[2013/11/15 09:29:21 | 000,002,219 | ---- | M] () -- D:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
[2013/11/15 09:29:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
[2013/11/15 09:10:29 | 000,001,945 | ---- | M] () -- D:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/15 09:10:29 | 000,001,945 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/11/15 09:10:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/15 09:10:27 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/08 07:16:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2013/10/27 05:36:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/23 12:14:50 | 003,846,656 | ---- | M] () -- D:\Users\Paul\Documents\WordInteractiveGuideSetupDEU_04082011(2).msi
[2013/10/23 12:06:50 | 004,885,504 | ---- | M] () -- D:\Users\Paul\Documents\OutlookInteractiveGuideSetupDEU_04082011.msi
[2013/10/23 12:05:49 | 004,459,520 | ---- | M] () -- D:\Users\Paul\Documents\ExcelInteractiveGuideSetupDEU_04082011.msi
[2013/10/23 12:02:16 | 004,531,200 | ---- | M] () -- D:\Users\Paul\Documents\PowerPointInteractiveGuideSetupDEU_04082011.msi
[2013/10/23 11:33:30 | 000,680,031 | ---- | M] () -- D:\Users\Paul\Documents\img001.jpg
[1 D:\Users\Paul\AppData\Roaming\*.tmp files -> D:\Users\Paul\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/15 11:20:34 | 000,087,552 | R--- | C] () -- D:\Users\Paul\AppData\Roaming\Other.res
[2013/11/15 09:29:21 | 000,002,219 | ---- | C] () -- D:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
[2013/10/23 12:15:29 | 003,846,656 | ---- | C] () -- D:\Users\Paul\Documents\WordInteractiveGuideSetupDEU_04082011(2).msi
[2013/10/23 12:07:17 | 004,459,520 | ---- | C] () -- D:\Users\Paul\Documents\ExcelInteractiveGuideSetupDEU_04082011.msi
[2013/10/23 12:07:02 | 004,885,504 | ---- | C] () -- D:\Users\Paul\Documents\OutlookInteractiveGuideSetupDEU_04082011.msi
[2013/10/23 12:05:25 | 004,531,200 | ---- | C] () -- D:\Users\Paul\Documents\PowerPointInteractiveGuideSetupDEU_04082011.msi
[2013/10/23 11:34:51 | 000,680,031 | ---- | C] () -- D:\Users\Paul\Documents\img001.jpg
[2011/11/10 06:26:01 | 000,000,085 | ---- | C] () -- D:\Users\Paul\AppData\Roaming\blckdom.res
[2011/10/26 14:08:46 | 000,000,062 | ---- | C] () -- D:\Windows\pcvcdbr.INI
[2011/10/26 14:08:43 | 000,000,000 | ---- | C] () -- D:\Windows\pcvcdvw.INI
[2011/10/26 12:56:32 | 000,094,156 | -H-- | C] () -- D:\Windows\SysWow64\mlfcache.dat
[2011/08/01 13:57:11 | 000,000,000 | ---- | C] () -- D:\Windows\EEventManager.INI
[2011/07/13 12:22:01 | 000,000,641 | ---- | C] () -- D:\Windows\SysWow64\ProductName.ini
[2011/07/13 12:21:27 | 000,180,224 | ---- | C] () -- D:\Windows\SysWow64\ustor.dll
[2011/07/13 12:21:27 | 000,036,864 | ---- | C] () -- D:\Windows\SysWow64\UMonit.exe
[2011/07/13 12:21:25 | 000,001,407 | ---- | C] () -- D:\Windows\SysWow64\IconCfg0.ini
[2011/07/13 11:23:22 | 000,598,016 | ---- | C] () -- D:\Windows\SysWow64\SecurityBox.exe
[2011/07/13 11:23:22 | 000,368,640 | ---- | C] () -- D:\Windows\SysWow64\CMBox.exe
[2011/07/13 11:23:22 | 000,028,672 | ---- | C] () -- D:\Windows\SysWow64\DiskMount.exe
[2011/07/13 11:23:21 | 000,024,576 | R--- | C] () -- D:\Windows\CmiUCRUninstall.exe
[2011/07/13 11:23:21 | 000,007,164 | ---- | C] () -- D:\Windows\SysWow64\drivers\CMFileDisk.sys
[2011/07/13 11:23:21 | 000,000,027 | RH-- | C] () -- D:\Windows\Settings.ini
[2011/07/13 11:23:18 | 000,946,176 | R--- | C] () -- D:\Windows\LanTC.dll
[2011/07/13 11:23:17 | 000,946,176 | R--- | C] () -- D:\Windows\LanSC.dll
[2011/07/13 11:23:16 | 002,666,496 | R--- | C] () -- D:\Windows\CMExplorer.exe
[2011/07/13 11:23:16 | 000,000,114 | R--- | C] () -- D:\Windows\CMICARDREADER.INI
[2011/07/06 10:54:28 | 000,111,932 | ---- | C] () -- D:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/07/06 10:54:28 | 000,031,053 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern131.dat
[2011/07/06 10:54:28 | 000,027,417 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern121.dat
[2011/07/06 10:54:28 | 000,026,154 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern1.dat
[2011/07/06 10:54:28 | 000,024,903 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern3.dat
[2011/07/06 10:54:28 | 000,021,390 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern5.dat
[2011/07/06 10:54:28 | 000,020,148 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern2.dat
[2011/07/06 10:54:28 | 000,011,811 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern4.dat
[2011/07/06 10:54:28 | 000,004,943 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern6.dat
[2011/07/06 10:54:28 | 000,001,146 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/07/06 10:54:28 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/07/06 10:54:28 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/07/06 10:54:28 | 000,001,136 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/07/06 10:54:28 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/07/06 10:54:28 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/07/06 10:54:28 | 000,001,120 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/07/06 10:54:28 | 000,001,107 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/07/06 10:54:28 | 000,001,104 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/07/06 10:54:28 | 000,000,097 | ---- | C] () -- D:\Windows\SysWow64\PICSDK.ini
[2011/07/01 12:07:10 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/24 14:11:30 | 000,451,072 | ---- | C] () -- D:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/24 10:17:05 | 000,000,400 | ---- | C] () -- D:\Windows\ODBC.INI
[2011/06/24 10:13:26 | 001,526,976 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/02/07 05:02:58 | 000,065,536 | ---- | C] () -- D:\Windows\cmiboot.exe
[2007/01/16 07:55:56 | 000,480,256 | ---- | C] () -- D:\Windows\CmUCREye_x64.exe
 
========== LOP Check ==========
 
[2012/04/15 05:26:01 | 000,000,000 | ---D | M] -- D:\ProgramData\AAV
[2011/06/24 09:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/06/24 09:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/06/24 14:23:55 | 000,000,000 | ---D | M] -- D:\ProgramData\EPSON
[2011/06/24 09:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/02/20 15:05:24 | 000,000,000 | ---D | M] -- D:\ProgramData\InstallMate
[2013/10/27 05:44:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Oracle
[2013/02/03 08:31:05 | 000,000,000 | ---D | M] -- D:\ProgramData\RightClick
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/06/24 09:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/07/20 11:14:58 | 000,000,000 | ---D | M] -- D:\ProgramData\T-Online
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2013/03/10 04:55:09 | 000,000,000 | ---D | M] -- D:\ProgramData\TomTom
[2011/07/06 11:04:08 | 000,000,000 | ---D | M] -- D:\ProgramData\UDL
[2011/06/24 09:40:30 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/10/26 10:37:19 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/11/15 12:20:35 | 000,000,250 | ---- | M] () -- D:\Windows\Tasks\Epson Printer Software Downloader.job
[2013/07/18 11:49:52 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
__________________
Alt 18.11.2013, 09:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 Start Weisser Bildschirm OTL Auswertung - Standard

Windows 7 Start Weisser Bildschirm OTL Auswertung


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O20 - HKLM Winlogon: UserInit - (userinit.exeC:\Users\Paul\AppData\Roaming\appconf32.exe) -  File not found
:files
C:\Users\Paul\AppData\Roaming\appconf32.exe
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Rechner normal starten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 Start Weisser Bildschirm OTL Auswertung
auswertung, bereits, bildschirm, bräuchte, erstell, erstellt, extras.txt, forum, hallo zusammen, hilfe, otl auswertung, otl.txt, otlpe, start, titel, weisse, weisser, weisser bildschirm, windows, windows 7, zusammen


« Problem mit Browser; vermehrt Werbung, verlinkte Wörter, plötzliche Popups | Windows 7: Virus überlebt Systemwiederherstellung, Explorer stürzt ab »


Ähnliche Themen: Windows 7 Start Weisser Bildschirm OTL Auswertung


  1. Ich bin jetzt auch im Club. Weisser Bildschirm nach Start (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (17)
  2. Windows 7: weisser Bildschirm nach Start!
    Log-Analyse und Auswertung - 11.01.2014 (20)
  3. Weisser Bildschirm beim Start Windows Vista- Abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 27.10.2013 (28)
  4. Virus, weisser Bildschirm nach Start (Win7 64Bit)
    Log-Analyse und Auswertung - 04.09.2013 (13)
  5. Virus, weisser Bildschirm nach Start (Win7 32 Bit)
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (13)
  6. Bei Start des Rechners weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (9)
  7. Weisser Bildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (21)
  8. Weisser Bildschirm beim Start von Windows 7 mit Bundespolizeihinweis
    Alles rund um Windows - 19.05.2013 (8)
  9. Nach XP-Start weisser Bildschirm :-(
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (10)
  10. Weisser Bildschirm bei Start Windows 7 - nur Systemadministrator
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (9)
  11. (falsches subforum) Weisser Bildschirm bei Start Windows 7 - nur für Systemadministrator
    Mülltonne - 19.03.2013 (0)
  12. Weisser Start-Bildschirm - WinXP
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (8)
  13. Polizeitrojaner - ab jetzt immer weisser Bildschirm nach PC-Start
    Log-Analyse und Auswertung - 19.12.2012 (2)
  14. weisser bildschirm nach start
    Log-Analyse und Auswertung - 20.11.2012 (17)
  15. Weisser Bildschirm nach Windows- Start
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (14)
  16. Windows Vista Weisser Bildschirm bei start + abgesicherter modus geht nicht
    Log-Analyse und Auswertung - 28.10.2012 (1)
  17. Weisser Bildschirm nach PC Start verbindung wird hergestellt bei Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 Start Weisser Bildschirm OTL Auswertung - Hallo zusammen, habe wie bereits im Titel erwähnt einen weissen Bildschirm beim Windows Start. Habe wie hier im Forum beschrieben OTLpe benutzt und bräuchte nun etwas Hilfe bei der Auswertung - Windows 7 Start Weisser Bildschirm OTL Auswertung...
Archiv
Du betrachtest: Windows 7 Start Weisser Bildschirm OTL Auswertung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54