Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   OTLPE Logfile erstellt - Bundespolizei Trojaner - Weiteres Vorgehen? (https://www.trojaner-board.de/103343-otlpe-logfile-erstellt-bundespolizei-trojaner-weiteres-vorgehen.html)

tamtamtam 12.09.2011 10:42
OTLPE Logfile erstellt - Bundespolizei Trojaner - Weiteres Vorgehen?
 
Hallo,

Leider hat mich auch der Bundespolizei Trojaner erwischt.
Da ich auf meinem PC wichtige Daten und Projektdateien (Video und Sounddateien) habe die ich noch brauche und weiterverarbeiten muss, kann ich meinen erstmal PC noch nich komplett platt machen.
Ich habe nun mit OTLPE ebenfalls ein Logfile erstellt und würde mich freuen, wenn sich jemand der Sache annehmen würde.
Das wäre absolut super und die Rettung für meine Projekte.

Danke und Gruß

OTL LOGFILE:OTL Logfile:
Code:
OTL logfile created on: 9/12/2011 2:26:14 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 691.33 Gb Total Space | 210.57 Gb Free Space | 30.46% Space Free | Partition Type: NTFS
Drive D: | 465.65 Gb Total Space | 8.88 Gb Free Space | 1.91% Space Free | Partition Type: FAT32
Drive E: | 298.09 Gb Total Space | 24.27 Gb Free Space | 8.14% Space Free | Partition Type: NTFS
Drive K: | 993.77 Mb Total Space | 750.94 Mb Free Space | 75.56% Space Free | Partition Type: FAT32
Drive L: | 691.28 Gb Total Space | 6.68 Gb Free Space | 0.97% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/21 00:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 11:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/25 06:54:34 | 001,918,952 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2009/06/03 06:03:44 | 001,119,304 | ---- | M] (G DATA Software AG) [Auto] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2009/06/03 06:03:44 | 000,394,312 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2009/03/09 21:47:10 | 000,298,568 | ---- | M] (G DATA Software AG) [On_Demand] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2008/12/24 11:34:12 | 000,288,120 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (CyberLink Media Server Service)
SRV - [2008/12/24 11:34:10 | 000,058,664 | ---- | M] () [Auto] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe -- (CyberLink Media Server Monitor Service)
SRV - [2008/12/18 07:51:34 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/12/04 07:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/27 06:05:28 | 000,306,736 | ---- | M] () [Auto] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/05/23 05:44:38 | 000,105,416 | ---- | M] (G Data Software) [Kernel | System] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2009/07/28 09:19:19 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2009/07/28 09:19:18 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2009/07/28 09:19:04 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System] -- C:\Windows\System32\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2009/07/02 04:46:04 | 001,708,544 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/10/27 06:06:00 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2008/10/27 06:06:00 | 000,022,064 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2008/10/27 06:06:00 | 000,020,528 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2008/07/16 04:39:06 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2007/12/04 10:25:20 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800
IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0511&m=aspire_m3800
IE - HKU\Ungermann_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Ungermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/31 17:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/03 13:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ungermann\AppData\Roaming\Mozilla\Extensions
[2011/06/03 13:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ungermann\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/08/21 14:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/21 14:28:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/06/03 13:26:04 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/06/03 13:26:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/06/03 13:26:04 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2011/08/31 17:24:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG)
O3:64bit: - HKU\Ungermann_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Ungermann_ON_C..\Run: [avupdate] C:\Users\Ungermann\AppData\Roaming\jashla.exe (Soda Butane Wags)
O4 - HKU\Ungermann_ON_C..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\Ungermann_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\UpdatusUser_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/12 03:36:46 | 000,000,000 | ---D | C] -- C:\Marta Erweiterte Version unkomprimiert
[2011/09/12 03:34:21 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/09/02 03:16:30 | 000,188,416 | ---- | C] (Soda Butane Wags) -- C:\Users\Ungermann\AppData\Roaming\jashla.exe
[2011/09/01 15:57:40 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\Desktop\FILM FREIBURG
[2011/08/30 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\Desktop\Fotos für Nachtemail
[2011/08/27 07:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/21 15:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/08/21 15:39:08 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Roaming\HP
[2011/08/21 15:36:19 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\HP
[2011/08/21 15:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/08/21 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/08/21 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/21 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/08/21 15:31:31 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/08/21 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/21 15:25:37 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids40.dll
[2011/08/21 15:25:35 | 000,145,408 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpfll70v.dll
[2011/08/21 15:23:45 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/08/21 15:23:45 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/08/21 15:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/08/21 14:29:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/21 14:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/21 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/21 14:27:36 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/08/21 14:27:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/21 14:27:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/21 14:27:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/21 14:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/08/20 06:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\{83EF7306-A35C-466F-889D-B92E5FA7C0E8}
[2011/08/19 16:17:08 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\{BCE6D0F3-ACEE-4A37-8662-0008CE7A8722}
[2011/08/19 16:08:00 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Local\{EB420047-733D-49E5-A84A-CCE956F6C4D9}
[2011/08/19 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Roaming\Skype
[2011/08/19 16:03:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/08/19 16:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/19 16:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/19 15:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6
[2011/08/19 15:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ungermann\AppData\Roaming\ICQ
[2011/08/19 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.6
[2009/07/28 17:05:17 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/11 20:02:18 | 000,139,219 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/11 20:02:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 20:02:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 20:02:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/02 12:45:33 | 000,028,672 | ---- | M] () -- C:\Users\Ungermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 12:45:22 | 000,388,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/02 03:16:30 | 000,188,416 | ---- | M] (Soda Butane Wags) -- C:\Users\Ungermann\AppData\Roaming\jashla.exe
[2011/09/01 18:56:42 | 268,591,419 | ---- | M] () -- C:\Users\Ungermann\Desktop\Charlotte Demoband 02.09.2011.wmv
[2011/09/01 17:53:23 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/09/01 17:53:23 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/01 17:53:23 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/09/01 17:53:23 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/01 15:29:29 | 000,047,742 | ---- | M] () -- C:\Users\Ungermann\Desktop\Achim und Anja.celtx
[2011/09/01 09:09:55 | 000,515,578 | ---- | M] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 3 (2).png
[2011/09/01 09:09:54 | 000,515,578 | ---- | M] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 4 (2).png
[2011/09/01 09:09:45 | 000,515,578 | ---- | M] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 1 (2).png
[2011/09/01 08:56:26 | 000,123,939 | ---- | M] () -- C:\Users\Ungermann\Documents\Video call snapshot 29.png
[2011/08/28 17:50:34 | 000,016,538 | ---- | M] () -- C:\Users\Ungermann\Desktop\Drehbuch ACHIM UND ANJA 28.08.2011.pdf
[2011/08/28 16:34:08 | 007,861,793 | ---- | M] () -- C:\Users\Ungermann\Desktop\Björn und Michal.wmv
[2011/08/28 15:39:13 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\WebReg HP Deskjet D1600 series.job
[2011/08/26 16:15:46 | 000,026,683 | ---- | M] () -- C:\Users\Ungermann\Documents\Video call snapshot 6.png
[2011/08/26 15:30:16 | 000,294,912 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0005[1].3gp
[2011/08/26 15:28:57 | 000,131,072 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0006[1].3gp
[2011/08/26 15:27:34 | 000,294,912 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0007[1].3gp
[2011/08/26 15:25:59 | 000,294,912 | ---- | M] () -- C:\Users\Ungermann\Documents\Video0008[1].3gp
[2011/08/21 15:39:02 | 000,179,498 | ---- | M] () -- C:\Windows\hphins33.dat
[2011/08/21 15:35:52 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/21 15:34:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/21 15:34:00 | 000,002,006 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/21 14:27:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/08/21 14:27:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/21 14:27:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/21 14:27:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/19 16:03:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/19 15:52:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6
[2011/08/17 12:53:37 | 001,855,822 | ---- | M] () -- C:\Users\Ungermann\Desktop\IMG_8493.JPG
[2011/08/17 12:53:12 | 002,074,348 | ---- | M] () -- C:\Users\Ungermann\Desktop\IMG_8488.JPG
[2011/08/16 06:26:14 | 000,000,130 | ---- | M] () -- C:\Windows\Goya.INI
[2011/08/15 10:01:01 | 000,013,405 | ---- | M] () -- C:\Users\Ungermann\Desktop\ACHIM UND ANJA Drehbuch 12.08.2011 Konzeptfassung.pdf
 
========== Files Created - No Company Name ==========
 
[2011/09/01 18:43:14 | 268,591,419 | ---- | C] () -- C:\Users\Ungermann\Desktop\Charlotte Demoband 02.09.2011.wmv
[2011/09/01 15:29:29 | 000,047,742 | ---- | C] () -- C:\Users\Ungermann\Desktop\Achim und Anja.celtx
[2011/09/01 09:07:21 | 000,515,578 | ---- | C] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 3 (2).png
[2011/09/01 09:07:14 | 000,515,578 | ---- | C] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 4 (2).png
[2011/09/01 09:06:47 | 000,515,578 | ---- | C] () -- C:\Users\Ungermann\Documents\Mein Schnappschuss 1 (2).png
[2011/09/01 08:56:14 | 000,123,939 | ---- | C] () -- C:\Users\Ungermann\Documents\Video call snapshot 29.png
[2011/08/28 17:50:32 | 000,016,538 | ---- | C] () -- C:\Users\Ungermann\Desktop\Drehbuch ACHIM UND ANJA 28.08.2011.pdf
[2011/08/28 16:33:12 | 007,861,793 | ---- | C] () -- C:\Users\Ungermann\Desktop\Björn und Michal.wmv
[2011/08/27 07:45:06 | 050,728,964 | ---- | C] () -- C:\Users\Ungermann\Desktop\Sequenz 01_10.MPG
[2011/08/26 16:15:42 | 000,026,683 | ---- | C] () -- C:\Users\Ungermann\Documents\Video call snapshot 6.png
[2011/08/26 15:29:58 | 000,294,912 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0005[1].3gp
[2011/08/26 15:28:43 | 000,131,072 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0006[1].3gp
[2011/08/26 15:27:18 | 000,294,912 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0007[1].3gp
[2011/08/26 15:25:43 | 000,294,912 | ---- | C] () -- C:\Users\Ungermann\Documents\Video0008[1].3gp
[2011/08/21 15:39:16 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\WebReg HP Deskjet D1600 series.job
[2011/08/21 15:34:00 | 000,002,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/21 15:26:19 | 000,179,498 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/08/17 12:52:28 | 002,074,348 | ---- | C] () -- C:\Users\Ungermann\Desktop\IMG_8488.JPG
[2011/08/17 12:52:28 | 001,855,822 | ---- | C] () -- C:\Users\Ungermann\Desktop\IMG_8493.JPG
[2011/08/15 10:01:01 | 000,013,405 | ---- | C] () -- C:\Users\Ungermann\Desktop\ACHIM UND ANJA Drehbuch 12.08.2011 Konzeptfassung.pdf
[2011/07/24 12:03:44 | 000,007,808 | ---- | C] () -- C:\Users\Ungermann\AppData\Local\d3d9caps.dat
[2011/06/07 05:02:16 | 000,000,130 | ---- | C] () -- C:\Windows\Goya.INI
[2011/06/01 12:43:05 | 000,000,075 | RHS- | C] () -- C:\Windows\ICMET20.BIN
[2011/06/01 10:07:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/01 07:07:58 | 000,028,672 | ---- | C] () -- C:\Users\Ungermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/23 05:36:52 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2011/05/23 05:36:52 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2011/05/23 05:21:27 | 000,003,800 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/05/23 05:18:18 | 000,139,219 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/05/23 05:18:17 | 000,139,219 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/28 09:23:47 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009/07/28 09:23:46 | 000,007,272 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/07/28 07:42:16 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/28 07:42:16 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/11 06:17:52 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011/05/23 05:34:06 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\Acer GameZone Console
[2011/06/03 13:26:18 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\Greyfirst
[2011/06/01 07:14:36 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\HomeMedia Connect
[2011/09/01 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\ICQ
[2011/07/27 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\MAGIX
[2011/06/01 09:59:53 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\PowerCinema
[2011/06/01 07:14:36 | 000,000,000 | ---D | M] -- C:\Users\Ungermann\AppData\Roaming\SoftDMA
[2011/05/23 05:34:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/07/28 09:22:28 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2009/07/28 10:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/28 11:23:05 | 000,000,000 | ---D | M] -- C:\ProgramData\G DATA
[2011/07/27 14:04:05 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2009/07/28 09:25:18 | 000,000,000 | ---D | M] -- C:\ProgramData\mufin
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/23 05:27:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/23 05:15:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/09/02 04:37:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

cosinus 12.09.2011 12:08
Zitat:
kann ich meinen erstmal PC noch nich komplett platt machen.
Du solltest aber schon mal möglichst alle Daten sichern auf eine externe Platte!
Ohne Backup steht man immer dumm da, daher kann es eigentlich nicht sein, dass man "alle WICHTIGEN" Daten NICHT gesichert hat und diese nur 1x auf der internen Platte liegen.
Stell dir vor, du löscht sie versehen oder die Festplatte fällt aus, was dann?

Melde dich wenn du alle Daten gesichert hat. Kannst du über OTLPE oder einer Linux-Live-CD machen.

tamtamtam 12.09.2011 18:58
Hallo,

Hab mir den Rat zu Herzen genommen und meine Daten mit OTLPE gesichert.
Gleich doppelt auf zwei externe Festplatten.
Dennoch möchte ich den Rechner erstmal noch nicht platt machen.
Bei den Dateien handelt es sich um "geschnittene" Videodateien.
Ich kann zwar die Originaldateien sichern, die "geschnittenen Projektdateien" aber nicht so ohne weiteres.
Die geschnittenen Dateien greifen auf die Original Dateien zu per Programmpfad.
In der Theorie sollte es zwar funktionieren die Projektdateien wieder aufzurufen, wenn die Originaldateien später wieder unter dem gleichen Pfad gespeichert werden, dennoch hab ich schon erlebt, das dies nicht funktioniert hat.
Damals lag es daran, das die Projektdateien nicht mehr erkannt wurden.
Daher möchte ich Windows erst neu aufspielen sobald der aktuelle Film fertig gestellt wurde.
Vielen Dank schonmal.

Gruß

cosinus 12.09.2011 21:10
Ich kann dich da schon verstehen, der Hinweis war auch nur dafür da, falls man was versehentlich löscht.

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\Ungermann_ON_C..\Run: [avupdate] C:\Users\Ungermann\AppData\Roaming\jashla.exe (Soda Butane Wags)
[2011/09/02 03:16:30 | 000,188,416 | ---- | C] (Soda Butane Wags) -- C:\Users\Ungermann\AppData\Roaming\jashla.exe
:Commands
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

tamtamtam 13.09.2011 14:09
Vielen herzlichen Dank,

Hat geklappt.
Den Quarantäneordner hab ich euch gerade hochgeladen.

Gruß

cosinus 13.09.2011 14:16
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131