Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows restore / Daten wiederherstellbar?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.04.2011, 15:47   #1
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Hallo Zusammen,

hatte mir diesen windows restore trojaner eingefangen und dank der Informationen auf trojaner board entfernen können. (Malware etc.)

Habe allerdings noch folgendes Problem:
Meine Dateien und Programme sind verschwunden bzw. nicht mehr ersichtlich.
Habe mittels Recovery Software (u.a. Stellar und Smart Data recovery) versucht diese wieder herzustellen(erfolglos). Die jeweilige Software zeigt die verloren gegangenen Dateien zwar an, sie lassen sicher allerdings nicht wiederherstellen.

Kann mir jemand helfen?

Gruß und vielen vielen Dank im Voraus!!!

Alt 13.04.2011, 21:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Zitat:
dank der Informationen auf trojaner board entfernen können. (Malware etc.)
Bitte alle vorhandenen Logs dazu posten!!
__________________

__________________

Alt 14.04.2011, 08:41   #3
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Hallo,

vielen Dank für deine Antwort.
Ich habe gestern zufällig in diesem Forum eine Software gefunden
womit ich meine Daten wieder bekommen habe.

Allerdings ist windows restore heute auf meinen Rechner zurückgekehrt.

Wenn ich nun die Schritte der Beseitigung wiederholen möchte, sagt er mir
bei der Instalation von rkill "Zugriff verweigert".

Anbei der rkill-Editor !!

Schon mal vorab vielen vielen Dank für deine Hilfe.

Gruß


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11.04.2011 at 12:39:27.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\eXplorer.exe


Rkill completed on 11.04.2011 at 12:39:32.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14.04.2011 at 9:15:37.
Operating System: Microsoft Windows XP


Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14.04.2011 at 9:15:38.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

Processes terminated by Rkill or while it was running:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tAExRDJWhvf.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18734900.exe


Rkill completed on 14.04.2011 at 9:15:42.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14.04.2011 at 9:16:07.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 14.04.2011 at 9:16:21.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14.04.2011 at 9:31:00.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Dokumente und Einstellungen\admin\Eigene Dateien\eXplorer.exe


Rkill completed on 14.04.2011 at 9:31:10.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14.04.2011 at 9:33:25.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\msiexec.exe
C:\Dokumente und Einstellungen\admin\Eigene Dateien\eXplorer.exe


Rkill completed on 14.04.2011 at 9:33:35.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14.04.2011 at 9:35:13.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 14.04.2011 at 9:35:22.
__________________

Alt 14.04.2011, 08:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Wo sind die Logs von Malwarebytes und OTL?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.04.2011, 08:47   #5
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Malware kann ich nicht mehr installieren.
"Zugriff verweigert" popt auf bei Instalation


Alt 14.04.2011, 09:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Das schon probiert => http://www.trojaner-board.de/82699-m...tet-nicht.html
Ggf im Zusammenhang mit dem random installer probieren, falls man schon Probleme bei der Installation bzw. beim Download hat => http://malwarebytes.org/mbam-download-exe-random.php
__________________
--> Windows restore / Daten wiederherstellbar?

Alt 14.04.2011, 10:28   #7
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Wo finde ich OTL?

malware:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6360

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

14.04.2011 11:26:46
mbam-log-2011-04-14 (11-26-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 237652
Laufzeit: 51 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tAExRDJWhvf (Trojan.FakeAlert) -> Value: tAExRDJWhvf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\taexrdjwhvf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\18734900.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\6197.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Alt 14.04.2011, 10:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Zitat:
Wo finde ich OTL?
Wo findest du was genau? Bitte genauer! Die Logs oder das Programm oder die Anleitung?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.04.2011, 11:26   #9
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.04.2011 12:19:02 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\EuFH\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 275,00 Mb Available Physical Memory | 27,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 18,55 Gb Free Space | 49,79% Space Free | Partition Type: NTFS
Drive D: | 37,27 Gb Total Space | 36,93 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: EuFH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\EuFH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Java\jre1.5.0_10\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\EuFH\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "Proxy"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "Proxy"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "Proxy"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "Proxy"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "Proxy"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.25 18:14:54 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.25 18:15:57 | 000,000,000 | -H-D | M]
 
[2008.02.12 13:30:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\EuFH\Anwendungsdaten\Mozilla\Firefox\Profiles\rtvh86r7.default\extensions
[2011.03.11 21:26:37 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\EuFH\Anwendungsdaten\Mozilla\Firefox\Profiles\rtvh86r7.default\searchplugins\icqplugin-1.xml
[2009.10.24 19:14:10 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\EuFH\Anwendungsdaten\Mozilla\Firefox\Profiles\rtvh86r7.default\searchplugins\icqplugin.xml
[2011.04.11 19:53:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.09.05 14:51:56 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.24 13:13:17 | 000,000,000 | -H-D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2010.01.24 13:13:03 | 000,067,688 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2010.01.24 13:13:03 | 000,054,368 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2010.01.24 13:13:03 | 000,034,944 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2010.01.24 13:13:04 | 000,046,712 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2010.01.24 13:13:05 | 000,172,136 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2006.01.02 11:15:46 | 001,312,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll
[2010.01.24 13:13:16 | 000,001,525 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.24 13:13:16 | 000,001,063 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.24 13:13:16 | 000,000,998 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.24 13:13:16 | 000,000,815 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RegistryBooster] C:\Programme\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.24 08:33:12 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\Shell\AutoRun\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\Shell\Explore\Command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\Shell\open\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\Shell\AutoRun\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\Shell\Explore\Command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\Shell\open\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\Shell - "" = AutoRun
O33 - MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\Shell\AutoRun\command - "" = G:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\Shell\Explore\Command - "" = G:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\Shell\open\command - "" = G:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\Shell\AutoRun\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\Shell\Explore\Command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\Shell\open\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\Shell\AutoRun\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\Shell\Explore\Command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\Shell\open\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\Shell\AutoRun\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\Shell\Explore\Command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\Shell\open\command - "" = cold\hott\sysdiag64.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.14 12:17:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\EuFH\Desktop\OTL.exe
[2011.04.14 10:34:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.14 09:23:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\EuFH\Anwendungsdaten\Uniblue
[2011.04.14 09:23:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Uniblue
[2011.04.14 09:23:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011.04.14 09:23:02 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.04.14 09:22:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\EuFH\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.04.14 09:19:51 | 007,109,128 | -H-- | C] (Uniblue Systems Ltd                                                                                                                                                                                                                                                                                         ) -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\dieter.exe
[2011.04.14 09:12:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\EuFH\Recent
[2011.04.14 08:58:35 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\mbam-setup.exe
[2011.04.14 08:55:10 | 007,109,128 | -H-- | C] (Uniblue Systems Ltd                                                                                                                                                                                                                                                                                         ) -- C:\Dokumente und Einstellungen\EuFH\Desktop\registrybooster.exe
[2011.04.14 08:15:06 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\EuFH\Startmenü\Programme\Windows Fix Disk
[2011.04.13 17:52:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\EuFH\Desktop\Windows_restore
[2011.04.11 19:51:07 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Smart Data Recovery
[2011.04.11 19:05:00 | 000,000,000 | -H-D | C] -- C:\Log
[2011.04.11 19:04:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.04.11 19:04:45 | 000,000,000 | -H-D | C] -- C:\Programme\Stellar Phoenix Windows Data Recovery
[2011.04.11 18:41:03 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\EuFH\IECompatCache
[2011.04.11 12:44:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\EuFH\Anwendungsdaten\Malwarebytes
[2011.04.11 12:44:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.11 12:44:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.11 12:44:37 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.11 12:43:20 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\herbert.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.14 12:17:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\EuFH\Desktop\OTL.exe
[2011.04.14 12:16:46 | 000,504,657 | ---- | M] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\unhide.exe
[2011.04.14 11:35:51 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.04.14 11:35:50 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011.04.14 11:35:49 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011.04.14 11:35:48 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011.04.14 11:35:47 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011.04.14 11:30:41 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.14 11:30:41 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011.04.14 11:30:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.14 11:25:01 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.14 09:19:51 | 007,109,128 | -H-- | M] (Uniblue Systems Ltd                                                                                                                                                                                                                                                                                         ) -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\dieter.exe
[2011.04.14 09:14:00 | 001,006,778 | -H-- | M] () -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\eXplorer.exe
[2011.04.14 08:58:35 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\mbam-setup.exe
[2011.04.14 08:55:10 | 007,109,128 | -H-- | M] (Uniblue Systems Ltd                                                                                                                                                                                                                                                                                         ) -- C:\Dokumente und Einstellungen\EuFH\Desktop\registrybooster.exe
[2011.04.14 08:16:09 | 000,118,272 | -H-- | M] () -- C:\WINDOWS\System32\drivers\1228.sys
[2011.04.14 08:15:08 | 000,678,024 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.14 08:15:07 | 000,839,250 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.14 08:15:07 | 000,342,822 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.14 08:15:07 | 000,297,792 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.14 08:15:07 | 000,000,829 | -H-- | M] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\Windows Fix Disk.lnk
[2011.04.14 08:15:07 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900r
[2011.04.14 08:15:07 | 000,000,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900
[2011.04.14 08:15:02 | 000,118,272 | -H-- | M] () -- C:\WINDOWS\System32\drivers\7895.sys
[2011.04.14 08:15:01 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18734900
[2011.04.13 16:30:25 | 000,000,054 | -H-- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.04.13 16:30:25 | 000,000,039 | -H-- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.12 18:58:16 | 000,008,947 | -H-- | M] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\Prüfungsanmeldung.pdf
[2011.04.12 10:59:14 | 000,260,640 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.11 20:05:12 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\ODBC.INI
[2011.04.11 12:43:20 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\herbert.exe
[2011.04.10 19:57:59 | 000,000,136 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220r
[2011.04.10 19:57:59 | 000,000,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220
[2011.04.10 19:57:37 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18407220
[2011.04.10 18:47:48 | 000,000,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940
[2011.04.10 18:47:47 | 000,000,136 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940r
[2011.04.10 18:47:39 | 000,000,328 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19717940
[2011.04.10 18:33:33 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.08 12:04:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.14 12:16:42 | 000,504,657 | ---- | C] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\unhide.exe
[2011.04.14 09:23:18 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011.04.14 08:16:08 | 000,118,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\1228.sys
[2011.04.14 08:15:07 | 000,000,829 | -H-- | C] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\Windows Fix Disk.lnk
[2011.04.14 08:15:07 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900r
[2011.04.14 08:15:07 | 000,000,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900
[2011.04.14 08:15:02 | 000,118,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\7895.sys
[2011.04.14 08:15:01 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18734900
[2011.04.12 18:58:24 | 000,008,947 | -H-- | C] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\Prüfungsanmeldung.pdf
[2011.04.11 21:29:08 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.04.11 21:29:08 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.11 12:38:27 | 001,006,778 | -H-- | C] () -- C:\Dokumente und Einstellungen\EuFH\Eigene Dateien\eXplorer.exe
[2011.04.10 19:57:59 | 000,000,136 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220r
[2011.04.10 19:57:58 | 000,000,104 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220
[2011.04.10 19:57:37 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18407220
[2011.04.10 18:47:47 | 000,000,136 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940r
[2011.04.10 18:47:45 | 000,000,104 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940
[2011.04.10 18:47:31 | 000,000,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19717940
[2011.01.18 20:26:29 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.22 17:36:38 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009.12.29 11:21:36 | 000,007,680 | -H-- | C] () -- C:\Dokumente und Einstellungen\EuFH\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.26 19:58:36 | 000,103,760 | -H-- | C] () -- C:\WINDOWS\HPFins09.dat
[2008.02.26 19:58:36 | 000,003,732 | -H-- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2008.02.26 19:58:11 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008.01.13 00:28:35 | 000,164,352 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.01.13 00:28:32 | 001,559,040 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.01.13 00:28:31 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.01.13 00:28:31 | 000,282,624 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.01.13 00:28:29 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.01.10 21:24:04 | 000,000,032 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.10.24 13:18:33 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2007.10.24 13:18:33 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2007.10.24 13:14:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007.10.24 13:12:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.10.24 12:37:31 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.10.24 12:12:49 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007.10.24 09:30:31 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007.10.24 09:29:32 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007.10.24 09:29:31 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007.10.24 09:29:30 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007.10.24 09:21:05 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.10.24 09:19:48 | 000,260,640 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.10.24 08:36:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.10.24 08:29:42 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.08.07 11:32:47 | 000,274,432 | -H-- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2005.09.02 14:44:08 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005.03.29 17:54:44 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 12:00:00 | 000,839,250 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,678,024 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,342,822 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,297,792 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.07.20 17:04:02 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 14:43:28 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003.02.20 17:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
         
--- --- ---

Alt 14.04.2011, 11:27   #10
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.04.2011 12:19:02 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\EuFH\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 275,00 Mb Available Physical Memory | 27,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 18,55 Gb Free Space | 49,79% Space Free | Partition Type: NTFS
Drive D: | 37,27 Gb Total Space | 36,93 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: EuFH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series (deu)
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AliceHilfe 1.0.0.1" = AliceHilfe
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"FreePDF_XP" = FreePDF XP (Remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 14.04.2011, 11:35   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.04.14 09:23:18 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011.04.14 08:16:08 | 000,118,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\1228.sys
[2011.04.14 08:15:07 | 000,000,829 | -H-- | C] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\Windows Fix Disk.lnk
[2011.04.14 08:15:07 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900r
[2011.04.14 08:15:07 | 000,000,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900
[2011.04.14 08:15:02 | 000,118,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\7895.sys
[2011.04.14 08:15:01 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18734900
[2011.04.12 18:58:24 | 000,008,947 | -H-- | C] () -- C:\Dokumente und Einstellungen\EuFH\Desktop\Prüfungsanmeldung.pdf
[2011.04.10 19:57:59 | 000,000,136 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220r
[2011.04.10 19:57:58 | 000,000,104 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220
[2011.04.10 19:57:37 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18407220
[2011.04.10 18:47:47 | 000,000,136 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940r
[2011.04.10 18:47:45 | 000,000,104 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940
[2011.04.10 18:47:31 | 000,000,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19717940
[2011.04.14 08:15:06 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\EuFH\Startmenü\Programme\Windows Fix Disk
[2011.04.13 17:52:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\EuFH\Desktop\Windows_restore
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.24 08:33:12 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\Shell\AutoRun\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\Shell\Explore\Command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\Shell\open\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\Shell\AutoRun\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\Shell\Explore\Command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\Shell\open\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\Shell - "" = AutoRun
O33 - MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\Shell\AutoRun\command - "" = G:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\Shell\Explore\Command - "" = G:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\Shell\open\command - "" = G:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\Shell\AutoRun\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\Shell\Explore\Command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\Shell\open\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\Shell\AutoRun\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\Shell\Explore\Command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\Shell\open\command - "" = F:\cold\hott\sysdiag64.exe
O33 - MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\Shell\AutoRun\command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\Shell\Explore\Command - "" = cold\hott\sysdiag64.exe
O33 - MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\Shell\open\command - "" = cold\hott\sysdiag64.exe
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "Proxy"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "Proxy"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "Proxy"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "Proxy"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "Proxy"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.04.2011, 12:16   #12
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



All processes killed
========== OTL ==========
C:\WINDOWS\tasks\RegistryBooster.job moved successfully.
C:\WINDOWS\system32\drivers\1228.sys moved successfully.
C:\Dokumente und Einstellungen\EuFH\Desktop\Windows Fix Disk.lnk moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18734900 moved successfully.
C:\WINDOWS\system32\drivers\7895.sys moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18734900 moved successfully.
C:\Dokumente und Einstellungen\EuFH\Desktop\Prüfungsanmeldung.pdf moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18407220 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18407220 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19717940 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19717940 moved successfully.
C:\Dokumente und Einstellungen\EuFH\Startmenü\Programme\Windows Fix Disk folder moved successfully.
C:\Dokumente und Einstellungen\EuFH\Desktop\Windows_restore folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01a1b78b-f9de-11de-bb40-001a6b7a9d4e}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\ not found.
File F:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\ not found.
File F:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cbf077a-fc4d-11de-bb45-001a6b7a9d4e}\ not found.
File F:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad4f6-eb00-11de-bb28-001a6b7a9d4e}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\ not found.
File G:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\ not found.
File G:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad4f7-eb00-11de-bb28-001a6b7a9d4e}\ not found.
File G:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad503-eb00-11de-bb28-001c2390cc69}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad503-eb00-11de-bb28-001c2390cc69}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4ad503-eb00-11de-bb28-001c2390cc69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e4ad503-eb00-11de-bb28-001c2390cc69}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\ not found.
File F:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\ not found.
File F:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b10c4e-ebb3-11de-bb2a-001a6b7a9d4e}\ not found.
File F:\cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db85db26-c52e-11de-bad9-001a6b7a9d4e}\ not found.
File cold\hott\sysdiag64.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.gopher
Prefs.js: 0 removed from network.proxy.backup.gopher_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "Proxy" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "Proxy" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "Proxy" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "Proxy" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "Proxy" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 4 removed from network.proxy.type
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
Service MDM stopped successfully!
Service MDM deleted successfully!
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 236753864 bytes
->Temporary Internet Files folder emptied: 373253334 bytes
->Java cache emptied: 4962819 bytes
->FireFox cache emptied: 15974042 bytes
->Flash cache emptied: 2010282 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: EuFH
->Temp folder emptied: 834321815 bytes
->Temporary Internet Files folder emptied: 943398861 bytes
->Java cache emptied: 9142589 bytes
->FireFox cache emptied: 89776218 bytes
->Flash cache emptied: 2948699 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14472095 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1908702 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2147662 bytes
%systemroot%\System32 .tmp files removed: 429459 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2278254 bytes
RecycleBin emptied: 29638893 bytes

Total Files Cleaned = 2.445,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04142011_125650

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\EuFH\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\Q7K36T81\1729516519@Top1,TopRight,Right,Middle1,Right1,Right2,Right3,Right4,Right5,Right6,Bottom,Middle,Middle2,Middle3,Position1,Po sition2,Position3,x01,x02,x03,x04,x05,x70,Bottom1[1] not found!
File\Folder C:\Dokumente und Einstellungen\EuFH\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\C7M5610J\1149521306@Top1,TopRight,Right,Middle1,Right1,Right2,Right3,Right4,Right5,Right6,Bottom,Middle,Middle2,Middle3,Position1,Po sition2,Position3,x01,x02,x03,x04,x05,x70,Bottom1[1] not found!
File\Folder C:\Dokumente und Einstellungen\EuFH\Lokale Einstellungen\Temp\~DF805A.tmp not found!
File\Folder C:\Dokumente und Einstellungen\EuFH\Lokale Einstellungen\Temp\~DFD68.tmp not found!
C:\Dokumente und Einstellungen\EuFH\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IQKCRG71\97421-windows-restore-daten-wiederherstellbar-2[1].html moved successfully.

Registry entries deleted on Reboot...

Alt 14.04.2011, 13:19   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.04.2011, 21:16   #14
Guda
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



Der tdsskiller kann zwar auf dem Desktop gepseichert werden,
er öffnet sich allerdings nicht

Alt 15.04.2011, 08:50   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows restore / Daten wiederherstellbar? - Standard

Windows restore / Daten wiederherstellbar?



=> http://filepony.de/download-tdsskiller/

Diesen Link hast du benutzt? Klick mal mit Rechts auf den Link => Ziel speichern unter => Desktop auswählen => Dateinamen ändern in abc.exe => den in abc.exe umbenannten TDSS-Killer ausführen
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows restore / Daten wiederherstellbar?
board, data, data recovery, dateien, daten, eingefangen, entfernen, folge, folgendes, gen, hallo zusammen, malware, nicht mehr, problem, programme, recovery, restore, smart, software, trojaner, trojaner board, trojaner eingefangen, verloren, verschwunden, versucht, windows, zusammen




Ähnliche Themen: Windows restore / Daten wiederherstellbar?


  1. Daten von Millionen zurückgesetzten Android-Smartphones wiederherstellbar
    Nachrichten - 22.05.2015 (0)
  2. [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (50)
  3. Windows 7 Restore, Google Redirect.
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (2)
  4. Trojaner Windows Restore
    Log-Analyse und Auswertung - 26.05.2011 (4)
  5. Internet Explorer Skriptfehler nach Windows Restore
    Log-Analyse und Auswertung - 20.05.2011 (26)
  6. TR/kazy.mekml.1 und Windows Restore: ist es wirklich weg?
    Log-Analyse und Auswertung - 14.05.2011 (10)
  7. Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren.
    Log-Analyse und Auswertung - 22.04.2011 (10)
  8. Windows Restore
    Log-Analyse und Auswertung - 20.04.2011 (21)
  9. Ebenfalls Windows Restore Befall
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (13)
  10. windows restore
    Alles rund um Windows - 14.04.2011 (12)
  11. Windows Restore
    Log-Analyse und Auswertung - 14.04.2011 (1)
  12. Windows Restore, Internetbrowser funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (3)
  13. Windows Restore auf dem Notebook
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (7)
  14. Windows restore
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (4)
  15. Probleme mit Windows Restore - Schnellstartleiste wiederherstellen.
    Log-Analyse und Auswertung - 13.04.2011 (1)
  16. Windows Restore entfernen
    Anleitungen, FAQs & Links - 05.04.2011 (2)

Zum Thema Windows restore / Daten wiederherstellbar? - Hallo Zusammen, hatte mir diesen windows restore trojaner eingefangen und dank der Informationen auf trojaner board entfernen können. (Malware etc.) Habe allerdings noch folgendes Problem: Meine Dateien und Programme sind - Windows restore / Daten wiederherstellbar?...
Archiv
Du betrachtest: Windows restore / Daten wiederherstellbar? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.