|
Antiviren-, Firewall- und andere Schutzprogramme: Virus kommplett löschen, aber wie?Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
31.03.2010, 14:34 | #1 |
| Virus kommplett löschen, aber wie? Hallo miteinander. Ich machs kurz, ich hab mir irgend etwas eingefangen. Ich hab kein Ahnung was es ist. Es ist nach 4 maliger formatierung und neu installation immer noch da. Nun meine Frage, wie kann ich meine 3 HDDs so formatieren dass das Ding endlich weg is? Mein Windows 7 Image is clean, auf anderen Rechner tritt das Problem nicht auf. Mein Plan war eigentlich, dass ich sämtliche Daten mit einer low lvl Formatierung lösche, aber das schient nicht zu funktionieren. Wie bekomme ich die Platten aber endlich sauber? Folgend Platten sind verbaut: 1: Western Digital WD1600JB 2: ExelStore Callist80GB 3: Samsung 1202N Bitte versteht mich richtig, ich hab schon alle meine Daten verloren, ich möchte nurnoch den Virus loswerden. Mich intressiert nicht was das für einer is, was er macht oder wie ich ihn mir zuzog. Alles was ich will is diesen Quälgeist loswerden. |
31.03.2010, 15:18 | #2 |
/// Selecta Jahrusso | Virus kommplett löschen, aber wie? Beschreib mal "irgendwas eingefangen"
__________________
__________________ |
31.03.2010, 15:39 | #3 |
| Virus kommplett löschen, aber wie? Also:
__________________Es verändert sämtlichen Link Anfragen, mal kommt man auf den Link den man angeklickt hat, mal wird gesagt die Seite könne nicht geladen werden, oder es werden einfach Porno/Viagra/Anti Spam Seiten geöffnet. Es kommt zu PopUps die mir ein ominöses Microsoft Tool anbieten wollen oder ich werde aufgefordert "StopZilla" zu installieren. Die Windows updates werden ausgeschaltet und lassen sich nicht mehr reaktivieren. Es bleibt auch nach mehrmaligem Formatieren da, ich habe sogar schon mein Windows7 Image gewechselt aber kein Erfolg. |
31.03.2010, 15:45 | #4 |
/// Selecta Jahrusso | Virus kommplett löschen, aber wie? Da wirste mit ner schnellformatierung keine Freude haben Schaun wir mal ob sich meine Vermutung bestätigt. Rootkit-Suche Was sind Rootkits? Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
31.03.2010, 16:09 | #5 |
| Virus kommplett löschen, aber wie? also da kommt ne Fehlermeldung, dann sucht er 10 sec und dann sagt er er habe nichts gefunden Die Fehlermeldung hab ich angehangen |
31.03.2010, 16:13 | #6 |
/// Selecta Jahrusso | Virus kommplett löschen, aber wie? Ich muss schnell weg, sehe ich mir dann genauer an CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav
__________________ --> Virus kommplett löschen, aber wie? |
31.03.2010, 16:30 | #7 |
| Virus kommplett löschen, aber wie?Code:
ATTFilter OTL logfile created on: 31.03.2010 17:23:23 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Cookie\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,81 Gb Total Space | 100,64 Gb Free Space | 90,01% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 235,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COOKIE-PC Current User Name: Cookie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe ========== Modules (SafeList) ========== MOD - [2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe MOD - [2009.07.14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009.07.14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2009.07.14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009.07.14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009.07.14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009.07.14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009.07.14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009.07.14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009.07.14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009.07.14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009.07.14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2009.07.14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009.07.14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009.07.14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009.07.14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009.07.14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009.07.14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV - [2010.03.22 15:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 7E 76 CF CF D0 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.31 14:45:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.03.31 15:14:06 | 000,000,000 | ---D | M] [2010.03.31 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Mozilla\Extensions [2010.03.31 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions [2010.03.31 14:48:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.03.31 14:48:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.31 15:13:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.31 14:45:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation) NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2010.03.31 17:22:19 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe [2010.03.31 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\kaspersky anti virus v9.0.0.736 incl trialresetter [2010.03.31 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010.03.31 15:38:49 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\uTorrent [2010.03.31 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Macromedia [2010.03.31 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Adobe [2010.03.31 15:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.03.31 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.03.31 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS [2010.03.31 15:12:53 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\ElevatedDiagnostics [2010.03.31 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Mozilla [2010.03.31 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Mozilla [2010.03.31 14:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.03.31 14:42:17 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Searches [2010.03.31 14:42:06 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Identities [2010.03.31 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Contacts [2010.03.31 14:42:00 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\VirtualStore [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Temporary Internet Files [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Templates [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Start Menu [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\SendTo [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Recent [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\PrintHood [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\NetHood [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Videos [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Pictures [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Music [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\My Documents [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Local Settings [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\History [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Cookies [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Application Data [2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Application Data [2010.03.31 14:41:36 | 000,000,000 | --SD | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Videos [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Saved Games [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Pictures [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Music [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Links [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Favorites [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Downloads [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Documents [2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Desktop [2010.03.31 14:41:36 | 000,000,000 | -H-D | C] -- C:\Users\Cookie\AppData [2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Temp [2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Microsoft [2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Media Center Programs [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data [2010.03.31 14:38:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.03.31 14:32:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.03.31 14:32:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC ========== Files - Modified Within 14 Days ========== [2010.03.31 17:24:01 | 000,786,432 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT [2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe [2010.03.31 17:04:30 | 000,293,376 | ---- | M] () -- C:\Users\Cookie\Desktop\vhiruvou.exe [2010.03.31 15:47:03 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.31 15:47:03 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.31 15:38:52 | 000,000,947 | ---- | M] () -- C:\Users\Cookie\Desktop\µTorrent.lnk [2010.03.31 14:46:04 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.03.31 14:46:04 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.03.31 14:46:04 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.03.31 14:45:53 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.03.31 14:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.31 14:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.31 14:41:37 | 000,000,020 | -HS- | M] () -- C:\Users\Cookie\ntuser.ini [2010.03.31 14:41:36 | 000,065,536 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.31 14:41:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.31 14:41:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.31 14:41:14 | 1610,252,288 | -HS- | M] () -- C:\hiberfil.sys [2010.03.31 14:36:24 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.03.31 14:34:57 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.03.31 14:34:57 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.03.31 14:34:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.03.31 14:34:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat ========== Files Created - No Company Name ========== [2010.03.31 17:04:29 | 000,293,376 | ---- | C] () -- C:\Users\Cookie\Desktop\vhiruvou.exe [2010.03.31 15:38:52 | 000,000,947 | ---- | C] () -- C:\Users\Cookie\Desktop\µTorrent.lnk [2010.03.31 14:45:53 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.03.31 14:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.31 14:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.31 14:41:37 | 000,000,020 | -HS- | C] () -- C:\Users\Cookie\ntuser.ini [2010.03.31 14:41:36 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT [2010.03.31 14:41:36 | 000,065,536 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.31 14:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.03.31 14:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2010.03.31 14:32:02 | 1610,252,288 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.03.31 17:05:14 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\uTorrent [2009.07.14 07:08:49 | 000,002,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.03.2010 17:23:23 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Cookie\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,81 Gb Total Space | 100,64 Gb Free Space | 90,01% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 235,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COOKIE-PC Current User Name: Cookie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent < End of report > |
31.03.2010, 16:44 | #8 |
/// Selecta Jahrusso | Virus kommplett löschen, aber wie? Sind die Umleitungen nur im Firefox oder generell ? Treten sie immer auf. Eine Frage, das erste was du installierst ist uTorrent anstatt eines AVPs? Nicht gerade schlau. uTorrent runter.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
31.03.2010, 19:57 | #9 |
| Virus kommplett löschen, aber wie? Ich will kein AV Software auf meinem Rechner, ich will wissen wie ich meinen Rechner so farmatiere dass ich den Schäfling loswerde. Die Umleitungen tauchen im jedem Browser (Google Chrom, IE und FF) auf. Am besten sieht man das wenn man bei Google was sucht, alle Links werden immer in einem neuen Fenster oder Tab, je nach Browser geöffnet, und zu 33% passieren halt die Umleitungen. Und ich kann halt keine Security Software installieren wie zB SpybotSD, die Installation wird nicht durchgeführt weil Spybot zB den Updateserver nicht findet und dann kann man nicht weiter installieren. EDIT: Und wenn ich anstatt immer wieder Windows7 zu installieren auf Windows XP gehe und versuch dann die Festplatten zu reinigen? EDIT2: Welchen Virenscanner soll ich denn installieren unter Windows7, welchen unter XP? (Ich meine von den kostenlosen) EDIT3: Achja, das Utorrent stammt auseiner sicheren Quelle, direkt von meinem (Hardwareseitig schreibgeschütztem USSB Stick) Geändert von Cookie1990 (31.03.2010 um 20:36 Uhr) |
01.04.2010, 00:44 | #10 |
| Virus kommplett löschen, aber wie? OK, ich habe gerade eine erschreckende Erkenntnis gemacht. Unter Linux bleiben die Sympthome erhalten, obwohl ich nur von einer Live CD (Mint Linux) gebootet habe... Wie kann das jetzt sein??? Ich bekomme immernoch die angeblichen Microsoft Sicherheits updates serviert... |
01.04.2010, 11:28 | #11 |
| Virus kommplett löschen, aber wie? Ich hab die Datei die ich als "Sicherheits Update von Microsoft" mal installieren soll mal bei Virus Total geuppt Code:
ATTFilter Antivirus Version Last Update Result a-squared 4.5.0.50 2010.04.01 - AhnLab-V3 5.0.0.2 2010.03.31 - AntiVir 7.10.6.13 2010.04.01 - Antiy-AVL 2.0.3.7 2010.04.01 - Authentium 5.2.0.5 2010.04.01 - Avast 4.8.1351.0 2010.03.31 - Avast5 5.0.332.0 2010.03.31 - AVG 9.0.0.787 2010.03.31 - BitDefender 7.2 2010.04.01 - CAT-QuickHeal 10.00 2010.04.01 - ClamAV 0.96.0.0-git 2010.04.01 - Comodo 4460 2010.04.01 - DrWeb 5.0.2.03300 2010.04.01 - eSafe 7.0.17.0 2010.03.31 - eTrust-Vet 35.2.7401 2010.04.01 - F-Prot 4.5.1.85 2010.04.01 - F-Secure 9.0.15370.0 2010.04.01 - Fortinet 4.0.14.0 2010.04.01 - GData 19 2010.04.01 - Ikarus T3.1.1.80.0 2010.04.01 - Jiangmin 13.0.900 2010.04.01 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.04.01 - McAfee 5937 2010.03.31 - McAfee+Artemis 5937 2010.03.31 - McAfee-GW-Edition 6.8.5 2010.04.01 Heuristic.BehavesLike.Win32.Downloader.H Microsoft 1.5605 2010.03.31 - NOD32 4991 2010.04.01 - Norman 6.04.10 2010.03.31 - nProtect 2009.1.8.0 2010.04.01 - Panda 10.0.2.2 2010.04.01 - PCTools 7.0.3.5 2010.04.01 - Prevx 3.0 2010.04.01 - Rising 22.41.03.04 2010.04.01 - Sophos 4.52.0 2010.04.01 - Sunbelt 6124 2010.04.01 - Symantec 20091.2.0.41 2010.04.01 Suspicious.Insight TheHacker 6.5.2.0.248 2010.03.31 - TrendMicro 9.120.0.1004 2010.04.01 - VBA32 3.12.12.4 2010.04.01 - ViRobot 2010.4.1.2255 2010.04.01 - VirusBuster 5.0.27.0 2010.03.31 - Additional information File size: 111057 bytes MD5...: 62b30846640a03d19f8d1ae834e5eef1 SHA1..: 19e145a1df35567b0db3eed3cf15ff18c88efcb7 SHA256: 9d33a7c66b60e29696af9b6973149265e1e786b618ff604085f51d714c94efde ssdeep: 1536:hpgpHzb9dZVX9fHMvG0D3XJH4Romu/TmSWlH5VkxlWZKmiZOcVf2wgEI:bg XdZt9P6D3XJH45UqD/YlguQ PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x30fa timedatestamp.....: 0x42316426 (Fri Mar 11 09:25:58 2005) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5c4c 0x5e00 6.44 856b32eb77dfd6fb67f21d6543272da5 .rdata 0x7000 0x129c 0x1400 5.05 dc77f8a1e6985a4361c55642680ddb4f .data 0x9000 0x25c58 0x400 4.80 7922d4ce117d7d5b3ac2cffe4b0b5e4f .ndata 0x2f000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x3b000 0x3ef0 0x4000 5.91 48eb1f486dd2c693797e2ad4bda49c3f ( 8 imports ) > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA > USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow > GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject > SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation > ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA > COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create > ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned packers (F-Prot): NSIS ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. |
01.04.2010, 16:03 | #12 |
/// Selecta Jahrusso | Virus kommplett löschen, aber wie? Jetzt wirds lustig. Wie verbindest du dich mit dem Internet? Router Modem wLan ... ? Und wo du uTorrent her hast is mir ziemlich schnuppe P2P-Filesharing P2P-Programme sind an sich saubere Programme, jedoch weißt Du niemals was Du von wo herunterlädst. Programme aus Filesharing-Börsen stammen meist aus unsicheren Quellen und da sie häufig verseucht sind, rate ich Dir auch in Zukunft davon ab. Außerdem kann es Dich zu eventuell illegalen Handlungen verleiten, z. B. die Nutzung von Raubkopien.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
01.04.2010, 19:38 | #13 |
| Virus kommplett löschen, aber wie? Ja*lustig*haha... Ich*geh*über*meinen*Switch*an*nen*Router*"Siemens*ADSL*SL-2-141-I" Und*über*Torrent*lassen*sich*Linux*und*Co*sehr*schön*verteilen. |
01.04.2010, 20:03 | #14 |
/// Selecta Jahrusso | Virus kommplett löschen, aber wie? Rooter mal reseten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
02.04.2010, 23:35 | #15 |
| Virus kommplett löschen, aber wie? OK, habe meinen Router nicht resettet aber meinen Rechner mal zum NAchbarn getragen, da bin ich Beschwerdefrei. Das Problem scheint also nur bei uns im LAN zu existieren. |
Themen zu Virus kommplett löschen, aber wie? |
ahnung, andere, anderen, clean, daten, digital, formatierung, frage, g lösche, image, installation, löschen, neu, nurnoch, platte, platten, problem, rechner, richtig, samsung, sauber, sämtliche, verloren, virus, windows, windows 7 |