| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm Win XP Reatogo durchgeführtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.04.2012, 14:38
| #3 | |
| |  Weißer Bildschirm Win XP Reatogo durchgeführt Hallo!
__________________Danke für deine Hilfe. Der Trojaner scheint weg zu sein, aber ich habe keine Desktop-Icons. Auf den Befehl (rechte Maustaste) reagiert der Rechner leider nicht. Den Taskmanager kann ich auch nicht öffnen. Noch einen Tipp? Vielen Dank und Grüße! Thomas Zitat:
Code:
ATTFilter OTL logfile created on: 4/2/2012 12:45:53 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
479.00 Mb Total Physical Memory | 282.00 Mb Available Physical Memory | 59.00% Memory free
383.00 Mb Paging File | 297.00 Mb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.25 Gb Total Space | 26.76 Gb Free Space | 71.84% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/08/27 04:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/08/10 23:28:42 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/02/21 08:12:30 | 000,049,152 | ---- | M] (Advanced Micro Devices) [Auto] -- C:\Program Files\AMD\PowerNow!\GemServ.exe -- (GemServ) AMD PowerNow! (tm)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (ulisa) Telekom ISDN-Adapter (USB)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (dtwmnic5)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2004/08/03 17:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004/08/03 17:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/08/03 17:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/02/26 14:36:09 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/02/26 13:42:00 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/12/19 08:07:50 | 000,541,548 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/11 11:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/09/15 03:45:40 | 001,302,192 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/09/11 00:40:12 | 000,550,088 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/08/17 21:35:32 | 000,086,512 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/08/10 21:35:34 | 000,167,352 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/07/16 00:30:26 | 000,221,736 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/07/02 04:12:52 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/04/23 13:52:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/04/02 02:02:26 | 000,007,040 | ---- | M] (EnE Technology Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ENECBPTH.sys -- (ENECBPTH)
DRV - [2002/08/28 17:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2002/03/19 16:20:00 | 000,027,648 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001/11/14 09:13:04 | 000,009,696 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\gemwdm.sys -- (gemwdm) AMD PowerNow! (tm)
DRV - [2001/10/22 04:31:06 | 000,029,696 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fetnd5a.sys -- (FETNDIS)
DRV - [2000/07/23 19:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator.NISMO23_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Thomas_Röhling_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=de&seamless=novl&offerId=webmail-de-de&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.de%7Cuv%3AAOL%7Clc%3Ade-de%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3Af6a33574-32cc-4f6c-9e32-b91adbe03696&locale=de
IE - HKU\Thomas_Röhling_ON_C\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKU\Thomas_Röhling_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
O1 HOSTS File: ([2005/11/07 17:22:37 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\Thomas_Röhling_ON_C\..\Toolbar\WebBrowser: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No CLSID value found.
O3 - HKU\Thomas_Röhling_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\aol\1185915038\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [routcnf] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKU\Thomas_Röhling_ON_C..\Run: [BX6kRBeYBXtpN21] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.NISMO23_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Thomas_Röhling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Thomas_Röhling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Thomas_Röhling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Thomas_Röhling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Thomas Röhling\Anwendungsdaten\y6drxuj c7ti.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Thomas Röhling\Anwendungsdaten\y6drxuj c7ti.exe) - File not found
O20 - HKU\Thomas_Röhling_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Thomas Röhling\Anwendungsdaten\y6drxuj c7ti.exe) - File not found
O20 - HKU\Thomas_Röhling_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Thomas Röhling\Anwendungsdaten\y6drxuj c7ti.exe) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/01 17:04:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\IETldCache
[2012/04/01 16:54:32 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten\Microsoft
[2012/04/01 16:54:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\SendTo
[2012/04/01 16:54:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Recent
[2012/04/01 16:54:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten
[2012/04/01 16:54:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Startmenü\Programme\Zubehör
[2012/04/01 16:54:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Startmenü
[2012/04/01 16:54:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Favoriten
[2012/04/01 16:54:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Eigene Dateien\Eigene Musik
[2012/04/01 16:54:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Eigene Dateien
[2012/04/01 16:54:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Eigene Dateien\Eigene Bilder
[2012/04/01 16:54:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Startmenü\Programme\Autostart
[2012/04/01 16:54:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Cookies
[2012/04/01 16:54:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Vorlagen
[2012/04/01 16:54:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Netzwerkumgebung
[2012/04/01 16:54:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Lokale Einstellungen
[2012/04/01 16:54:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Druckumgebung
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\WINDOWS
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten\Sun
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten\Macromedia
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten\Identities
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Desktop
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2012/04/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Lokale Einstellungen\Anwendungsdaten\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/03/31 03:11:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\LocalService\Recent
[2012/03/31 01:39:04 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/03/31 01:36:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2004/01/12 08:39:34 | 000,550,088 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/01/12 08:39:34 | 000,167,352 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/01/12 08:39:34 | 000,086,512 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/01/12 08:39:34 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2004/01/12 08:39:33 | 001,302,192 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/01/12 08:39:33 | 000,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
========== Files - Modified Within 30 Days ==========
[2012/04/01 17:38:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/01 17:15:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/25 04:36:28 | 000,373,114 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/03/25 04:36:28 | 000,365,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 04:36:28 | 000,056,056 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/03/25 04:36:28 | 000,046,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 13:06:26 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 16:37:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2012/04/01 16:54:36 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/01 16:54:36 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Browser starten.lnk
[2012/04/01 16:54:36 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2012/04/01 16:54:34 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2012/04/01 16:54:33 | 000,001,605 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Startmenü\Programme\Remoteunterstützung.lnk
[2012/04/01 16:54:33 | 000,000,753 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Startmenü\Programme\Internet Explorer.lnk
[2012/04/01 16:54:33 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.NISMO23\Startmenü\Programme\Outlook Express.lnk
[2012/02/16 16:53:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/08/02 12:35:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/27 06:09:02 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008/06/27 06:08:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2008/04/25 10:40:37 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2007/07/24 12:09:40 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/07/24 12:09:40 | 000,000,142 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/07/24 12:09:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/07/24 12:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5150d.ini
[2007/07/24 12:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/07/24 12:09:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/07/24 12:09:39 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/07/24 12:09:39 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/07/24 12:09:38 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5150D.INI
[2007/07/24 12:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/07/24 12:09:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/07/24 12:09:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2007/06/09 17:53:43 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Röhling\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/18 15:22:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\HNetCtrl.INI
[2006/08/18 15:22:06 | 000,000,463 | ---- | C] () -- C:\WINDOWS\Capictrl.INI
[2005/05/11 11:02:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\NewSaver.ini
[2004/11/01 13:40:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/16 05:20:57 | 000,000,731 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/02/27 12:42:05 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/26 14:01:30 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2004/02/26 13:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/26 13:40:02 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas Röhling\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004/01/22 07:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/12 08:48:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/12 08:39:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/01/12 08:39:34 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/01/12 08:39:34 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2004/01/12 08:39:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/01/12 08:38:40 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2004/01/12 08:38:40 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2004/01/12 08:36:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/01/12 08:36:31 | 000,001,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/01/12 08:35:39 | 000,001,052 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/28 17:35:02 | 000,002,068 | ---- | C] () -- C:\WINDOWS\Ca533a.ini
[2003/03/27 10:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/09/17 00:40:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/17 00:38:41 | 000,141,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/17 00:33:29 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/17 00:30:04 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/09/16 23:57:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/16 23:48:55 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/16 14:22:23 | 000,373,114 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/09/16 14:22:23 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/09/16 14:22:23 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/09/16 14:22:23 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/09/16 14:21:47 | 000,365,410 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/16 14:21:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/16 14:21:46 | 000,046,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/16 14:21:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/16 14:21:45 | 000,004,678 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/16 14:21:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/16 14:21:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/16 14:21:31 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/16 14:21:31 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/16 14:21:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/16 14:21:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2004/02/27 12:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Röhling\Anwendungsdaten\InterVideo
[2008/06/18 17:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Röhling\Anwendungsdaten\Snapfish
[2005/01/16 07:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas Röhling\Anwendungsdaten\WholeSecurity
[2004/04/16 05:20:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
========== Purity Check ==========
< End of report >
|
| Themen zu Weißer Bildschirm Win XP Reatogo durchgeführt |
| 0x00000001, adobe, bho, bildschirm, cdrom, dateien, disabletaskmgr, dllcache, einstellungen, explorer, explorer.exe, format, html, logfile, realplay.exe, realplayer, realtek, registry, rundll, scan, software, thomas, usb, weißer bildschirm scan, windows, windows media player, windows xp, winlogon, winlogon.exe |
Baum-Darstellung