Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows recovery trojaner weg?

Windows recovery trojaner weg?


Log-Analyse und Auswertung: Windows recovery trojaner weg?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.04.2011, 21:43   #1
Anabasis
 
Windows recovery trojaner weg? - Standard

Windows recovery trojaner weg?


Hallo,

gestern habe ich mir den Windows recovery Trojaner eingefangen. Bin auf dieses Forum gestoßen und bin den Anleitungen gefolgt.

1. rkill.exe mehrmals ausgeführt
2. vollständiger Scan mit Malwarebytes Anti-Malware
3. OTL-Scan.

Bin mir nicht sicher, ob der Trojaner weg ist, denn die Ordner auf dem Desktop sind immer noch ausgewaschen, als wären sie versteckt, vorher war das nicht so. Ehe ich nur formatieren kann, wollte ich euch fragen, ob ihr an dem Logfile seht, dass er weg ist oder nicht. Hier das Log-File,

vielen Dank für das drübergucken

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.04.2011 22:21:19 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\julsch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 31,14 Gb Free Space | 33,77% Space Free | Partition Type: NTFS
Drive D: | 197,09 Gb Total Space | 130,91 Gb Free Space | 66,42% Space Free | Partition Type: NTFS
 
Computer Name: JULSCH-PC | User Name: julsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\julsch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ECDeject\CDeject.exe (Dritek System Inc.)
PRC - C:\Programme\ECDeject\Mngrecd.exe (Dritek System Inc.)
PRC - C:\Programme\OEM\OSD_1.16\osd.exe (ODM)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\julsch\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (OsdService) -- C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ECDejectPortIO) -- C:\Programme\ECDeject\ECDejectIo.sys (Dritek System Inc.)
DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys ()
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (usb2vcom) -- C:\Windows\System32\drivers\usb2vcom.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.newversionchecker.com/?redr=www.easiestutils.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.hotmail.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.15 10:38:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.15 10:38:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 21:25:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 21:25:00 | 000,000,000 | ---D | M]
 
[2010.08.16 15:58:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\julsch\AppData\Roaming\mozilla\Extensions
[2010.08.16 15:58:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\julsch\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.04.07 20:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julsch\AppData\Roaming\mozilla\Firefox\Profiles\gn71tj6a.default\extensions
[2011.04.10 22:55:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\julsch\AppData\Roaming\mozilla\Firefox\Profiles\gn71tj6a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.26 22:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.22 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.10 10:17:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.15 22:29:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
[2009.12.18 14:51:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.04.22 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.10 10:17:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.15 22:29:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JULSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GN71TJ6A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.03.29 21:24:53 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.29 21:24:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.29 21:24:54 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.03.29 21:24:54 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.29 21:24:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.29 21:24:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.29 21:24:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ECDeject] C:\Programme\ECDeject\CDeject.exe (Dritek System Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [OSD] C:\Programme\OEM\OSD_1.16\osd.exe (ODM)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Julsch Programme\Word 2002\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Julsch Programme\Word 2002\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\julsch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\julsch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\Shell\AutoRun\command - "" = F:\Newst.exe eMedia Guitar Method 1 v4
O33 - MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.14 22:18:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\julsch\Desktop\OTL.exe
[2011.04.14 18:59:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.13 18:14:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 18:14:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 18:14:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.13 18:14:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.13 18:14:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 18:14:11 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 18:14:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.13 18:14:11 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 18:14:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 18:14:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.13 18:14:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.13 18:14:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.13 18:14:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.13 18:14:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.13 18:14:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.13 18:14:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.13 18:14:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.13 18:14:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.13 18:14:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.13 18:13:55 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 18:13:54 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 18:13:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 18:13:48 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 18:13:45 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 18:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.11 00:34:43 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Users\julsch\Desktop\ccsetup305.exe
[2011.04.10 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\julsch\AppData\Roaming\Malwarebytes
[2011.04.10 23:28:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.10 23:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.10 23:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.10 23:28:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.10 23:28:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.10 23:25:02 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\julsch\Desktop\herbertou.exe
[2011.04.10 23:22:20 | 000,000,000 | ---D | C] -- C:\Users\julsch\Desktop\96741-windows-recovery-entfernen-Dateien
[2011.04.05 20:19:44 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\Aufnahmen AfP
[2011.03.27 20:09:46 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\clueso - an und für sich
[2011.03.23 21:23:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 21:23:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.20 20:47:08 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\A Rush Of Blood To The Head
[2011.03.17 20:11:40 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\Coldplay - X&Y
[2011.03.16 21:01:32 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\3 Doors Down - Away From The Sun
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[9 C:\Users\julsch\Desktop\*.tmp files -> C:\Users\julsch\Desktop\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.14 22:18:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\julsch\Desktop\OTL.exe
[2011.04.14 22:10:15 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.14 22:10:15 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.14 22:10:15 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.14 22:10:15 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.14 22:06:12 | 000,237,568 | ---- | M] () -- C:\Users\julsch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 22:05:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.14 22:05:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.14 22:05:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.14 22:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.14 22:05:07 | 3178,151,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.14 22:03:34 | 000,003,525 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.14 21:46:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.14 19:23:21 | 000,321,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.12 19:05:48 | 321,924,060 | ---- | M] () -- C:\Users\julsch\Desktop\Desperate_Housewives_11.03.24_00-15_pro7_55_TVOON_DE.mpg.avi.otrkey.part
[2011.04.11 00:35:09 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.11 00:34:50 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Users\julsch\Desktop\ccsetup305.exe
[2011.04.10 23:32:21 | 000,033,280 | ---- | M] () -- C:\Users\julsch\Desktop\Normal.dot
[2011.04.10 23:28:17 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.10 23:25:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\julsch\Desktop\herbertou.exe
[2011.04.10 23:22:35 | 001,006,778 | ---- | M] () -- C:\Users\julsch\Desktop\rkill.com
[2011.04.10 23:22:21 | 000,063,650 | ---- | M] () -- C:\Users\julsch\Desktop\96741-windows-recovery-entfernen.html
[2011.04.10 22:29:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43441928
[2011.03.16 20:16:04 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[9 C:\Users\julsch\Desktop\*.tmp files -> C:\Users\julsch\Desktop\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.12 18:14:47 | 321,924,060 | ---- | C] () -- C:\Users\julsch\Desktop\Desperate_Housewives_11.03.24_00-15_pro7_55_TVOON_DE.mpg.avi.otrkey.part
[2011.04.10 23:32:21 | 000,033,280 | ---- | C] () -- C:\Users\julsch\Desktop\Normal.dot
[2011.04.10 23:28:17 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.10 23:22:31 | 001,006,778 | ---- | C] () -- C:\Users\julsch\Desktop\rkill.com
[2011.04.10 23:22:19 | 000,063,650 | ---- | C] () -- C:\Users\julsch\Desktop\96741-windows-recovery-entfernen.html
[2011.04.10 22:29:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43441928
[2011.03.29 21:25:01 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.17 20:57:00 | 000,647,168 | ---- | C] () -- C:\Users\julsch\Desktop\tetris.exe
[2011.01.05 11:43:26 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.06.09 20:38:34 | 000,304,640 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.09 20:38:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.04.13 21:12:57 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.03.22 22:16:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.07 23:53:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.17 19:16:36 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.11 16:35:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.11 16:35:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.05 10:15:52 | 000,000,680 | -H-- | C] () -- C:\Users\julsch\AppData\Local\d3d9caps.dat
[2009.06.20 10:30:15 | 000,030,368 | ---- | C] () -- C:\Windows\System32\drivers\usb2vcom.sys
[2009.05.05 11:07:38 | 000,237,568 | ---- | C] () -- C:\Users\julsch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.29 15:36:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.04.28 22:04:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.25 14:36:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.25 14:20:09 | 000,000,622 | -H-- | C] () -- C:\Users\julsch\AppData\Roaming\wklnhst.dat
[2009.04.25 14:09:54 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2009.04.25 13:58:06 | 000,003,525 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.07.30 06:34:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1473.dll
[2008.07.30 06:34:51 | 000,100,900 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.06.17 21:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 09:15:58 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,990 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.26 14:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,321,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.03.09 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\Buhl Data Service
[2010.12.12 10:57:40 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\DAEMON Tools Lite
[2009.06.18 21:30:42 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\DAEMON Tools Pro
[2009.07.31 10:28:07 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Degener
[2009.07.31 10:28:20 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Ebner
[2010.12.26 21:06:14 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\EndNote
[2010.04.13 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\Foxit
[2010.03.21 22:24:14 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\GrabPro
[2009.06.20 10:33:06 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Nokia
[2009.12.18 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\OpenOffice.org
[2011.04.01 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\Orbit
[2009.06.20 10:29:34 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\PC Suite
[2011.04.10 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\phonostar-Player
[2009.07.21 10:15:25 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\pokerth
[2011.02.26 22:02:27 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\ProgSense
[2009.05.23 14:47:30 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Template
[2010.08.16 15:58:38 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\TomTom
[2011.04.14 22:03:35 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


PS Habe den Eintrag des TRojaners in der Registry gelöscht, ist zwar weg, aber nicht wirklich. Auch die System Wiederherstellung hat nichts gebracht. Er muss also weiterhin auf dem System sein.

 

Themen zu Windows recovery trojaner weg?
.dll, 0x00000001, adobe, antivir, avgntflt.sys, avira, bho, ccsetup, defender, desktop, downloader, error, excel, excel.exe, explorer, firefox, frage, helper, home, intranet, location, log-file, logfile, mozilla, nicht sicher, oldtimer, otl.exe, pdf, plug-in, registry, scan, sched.exe, searchplugins, software, sptd.sys, staropen, start menu, system wiederherstellung, trojaner, vista, windows


« 15 infizierte Objekte bei Malwarebytes! Ist was bedrohliches dabei? | Microsoft Recovery Virus - Virus entfernt, aber Daten bleiben "unsichtbar" »


Ähnliche Themen: Windows recovery trojaner weg?


  1. Windows Recovery Fake Trojaner... Problem gelöst ?
    Log-Analyse und Auswertung - 19.06.2011 (1)
  2. Windows Recovery + Trojaner
    Log-Analyse und Auswertung - 05.06.2011 (1)
  3. Windows Vista Recovery - Virus (Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (7)
  4. Windows Recovery Trojaner und dessen Nachwirkungen
    Log-Analyse und Auswertung - 03.06.2011 (29)
  5. Windows Recovery Trojaner und weitere Probleme
    Log-Analyse und Auswertung - 01.06.2011 (3)
  6. Windows 7 Recovery Trojaner
    Log-Analyse und Auswertung - 27.05.2011 (30)
  7. Trojaner TR/Dldr.Peltpox.A' [trojan], danach Windows Recovery
    Plagegeister aller Art und deren Bekämpfung - 23.05.2011 (3)
  8. windows recovery trojaner
    Log-Analyse und Auswertung - 14.05.2011 (43)
  9. Windows Recovery Trojaner - Malewarebytes durchgeführt was nun?
    Log-Analyse und Auswertung - 11.05.2011 (29)
  10. Trojaner eingefangen: Windows Recovery
    Log-Analyse und Auswertung - 10.05.2011 (20)
  11. Windows Recovery Trojaner eingefangen
    Log-Analyse und Auswertung - 08.05.2011 (1)
  12. Windows Recovery Fake Trojaner entfernt - Jedoch nichts sichtbar
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (3)
  13. Trojaner Fake.AV / Windows Recovery?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (10)
  14. Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte
    Log-Analyse und Auswertung - 30.04.2011 (12)
  15. Windows Recovery Trojaner entfernt, Dateien jedoch weg
    Log-Analyse und Auswertung - 27.04.2011 (1)
  16. Nach Windows recovery Trojaner -Befall: Desktopsymbole transparent
    Log-Analyse und Auswertung - 25.04.2011 (1)
  17. windows recovery trojaner
    Log-Analyse und Auswertung - 22.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows recovery trojaner weg? - Hallo, gestern habe ich mir den Windows recovery Trojaner eingefangen. Bin auf dieses Forum gestoßen und bin den Anleitungen gefolgt. 1. rkill.exe mehrmals ausgeführt 2. vollständiger Scan mit Malwarebytes Anti-Malware - Windows recovery trojaner weg?...
Archiv
Du betrachtest: Windows recovery trojaner weg? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131