Virus kommplett löschen, aber wie?

Cookie1990 · 31.03.2010, 14:34

Hallo miteinander.

Ich machs kurz, ich hab mir irgend etwas eingefangen.
Ich hab kein Ahnung was es ist.
Es ist nach 4 maliger formatierung und neu installation immer noch da.

Nun meine Frage, wie kann ich meine 3 HDDs so formatieren dass das Ding endlich weg is? Mein Windows 7 Image is clean, auf anderen Rechner tritt das Problem nicht auf.

Mein Plan war eigentlich, dass ich sämtliche Daten mit einer low lvl Formatierung lösche, aber das schient nicht zu funktionieren. Wie bekomme ich die Platten aber endlich sauber?

Folgend Platten sind verbaut:

1: Western Digital WD1600JB
2: ExelStore Callist80GB
3: Samsung 1202N

Bitte versteht mich richtig, ich hab schon alle meine Daten verloren, ich möchte nurnoch den Virus loswerden. Mich intressiert nicht was das für einer is, was er macht oder wie ich ihn mir zuzog. Alles was ich will is diesen Quälgeist loswerden.

Larusso · 31.03.2010, 15:18

Beschreib mal "irgendwas eingefangen"

Cookie1990 · 31.03.2010, 15:39

Also:
Es verändert sämtlichen Link Anfragen, mal kommt man auf den Link den man angeklickt hat, mal wird gesagt die Seite könne nicht geladen werden, oder es werden einfach Porno/Viagra/Anti Spam Seiten geöffnet.

Es kommt zu PopUps die mir ein ominöses Microsoft Tool anbieten wollen oder ich werde aufgefordert "StopZilla" zu installieren.

Die Windows updates werden ausgeschaltet und lassen sich nicht mehr reaktivieren.

Es bleibt auch nach mehrmaligem Formatieren da, ich habe sogar schon mein Windows7 Image gewechselt aber kein Erfolg.

Larusso · 31.03.2010, 15:45

Da wirste mit ner schnellformatierung keine Freude haben

Schaun wir mal ob sich meine Vermutung bestätigt.

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Cookie1990 · 31.03.2010, 16:09

also da kommt ne Fehlermeldung, dann sucht er 10 sec und dann sagt er er habe nichts gefunden

Die Fehlermeldung hab ich angehangen

Larusso · 31.03.2010, 16:13

Ich muss schnell weg, sehe ich mir dann genauer an

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Cookie1990 · 31.03.2010, 16:30

Code:

ATTFilter

OTL logfile created on: 31.03.2010 17:23:23 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Cookie\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,81 Gb Total Space | 100,64 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 235,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COOKIE-PC
Current User Name: Cookie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
MOD - [2009.07.14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009.07.14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010.03.22 15:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 7E 76 CF CF D0 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.31 14:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.03.31 15:14:06 | 000,000,000 | ---D | M]
 
[2010.03.31 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Mozilla\Extensions
[2010.03.31 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions
[2010.03.31 14:48:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.31 14:48:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.31 15:13:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.31 14:45:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010.03.31 17:22:19 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2010.03.31 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\kaspersky anti virus v9.0.0.736 incl trialresetter
[2010.03.31 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010.03.31 15:38:49 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\uTorrent
[2010.03.31 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Macromedia
[2010.03.31 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Adobe
[2010.03.31 15:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.03.31 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.03.31 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010.03.31 15:12:53 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\ElevatedDiagnostics
[2010.03.31 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Mozilla
[2010.03.31 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Mozilla
[2010.03.31 14:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.03.31 14:42:17 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Searches
[2010.03.31 14:42:06 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Identities
[2010.03.31 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Contacts
[2010.03.31 14:42:00 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\VirtualStore
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Temporary Internet Files
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Templates
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Start Menu
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\SendTo
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Recent
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\PrintHood
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\NetHood
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Videos
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Pictures
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Music
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\My Documents
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Local Settings
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\History
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Cookies
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Application Data
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Application Data
[2010.03.31 14:41:36 | 000,000,000 | --SD | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Videos
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Saved Games
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Pictures
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Music
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Links
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Favorites
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Downloads
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Documents
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Desktop
[2010.03.31 14:41:36 | 000,000,000 | -H-D | C] -- C:\Users\Cookie\AppData
[2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Temp
[2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Microsoft
[2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Media Center Programs
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010.03.31 14:38:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.03.31 14:32:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.03.31 14:32:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC
 
========== Files - Modified Within 14 Days ==========
 
[2010.03.31 17:24:01 | 000,786,432 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT
[2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2010.03.31 17:04:30 | 000,293,376 | ---- | M] () -- C:\Users\Cookie\Desktop\vhiruvou.exe
[2010.03.31 15:47:03 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.31 15:47:03 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.31 15:38:52 | 000,000,947 | ---- | M] () -- C:\Users\Cookie\Desktop\µTorrent.lnk
[2010.03.31 14:46:04 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.03.31 14:46:04 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.03.31 14:46:04 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.03.31 14:45:53 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.31 14:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.31 14:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.31 14:41:37 | 000,000,020 | -HS- | M] () -- C:\Users\Cookie\ntuser.ini
[2010.03.31 14:41:36 | 000,065,536 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.31 14:41:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.31 14:41:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.31 14:41:14 | 1610,252,288 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.31 14:36:24 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.31 14:34:57 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.03.31 14:34:57 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.03.31 14:34:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.03.31 14:34:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
 
========== Files Created - No Company Name ==========
 
[2010.03.31 17:04:29 | 000,293,376 | ---- | C] () -- C:\Users\Cookie\Desktop\vhiruvou.exe
[2010.03.31 15:38:52 | 000,000,947 | ---- | C] () -- C:\Users\Cookie\Desktop\µTorrent.lnk
[2010.03.31 14:45:53 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.31 14:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.31 14:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.31 14:41:37 | 000,000,020 | -HS- | C] () -- C:\Users\Cookie\ntuser.ini
[2010.03.31 14:41:36 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT
[2010.03.31 14:41:36 | 000,065,536 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.31 14:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.31 14:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.03.31 14:32:02 | 1610,252,288 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.03.31 17:05:14 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\uTorrent
[2009.07.14 07:08:49 | 000,002,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 31.03.2010 17:23:23 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Cookie\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,81 Gb Total Space | 100,64 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 235,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COOKIE-PC
Current User Name: Cookie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
< End of report >

Larusso · 31.03.2010, 16:44

Sind die Umleitungen nur im Firefox oder generell ?
Treten sie immer auf.

Eine Frage, das erste was du installierst ist uTorrent anstatt eines AVPs?
Nicht gerade schlau.

uTorrent runter.

Cookie1990 · 31.03.2010, 19:57

Ich will kein AV Software auf meinem Rechner, ich will wissen wie ich meinen Rechner so farmatiere dass ich den Schäfling loswerde.

Die Umleitungen tauchen im jedem Browser (Google Chrom, IE und FF) auf.
Am besten sieht man das wenn man bei Google was sucht, alle Links werden immer in einem neuen Fenster oder Tab, je nach Browser geöffnet, und zu 33% passieren halt die Umleitungen.
Und ich kann halt keine Security Software installieren wie zB SpybotSD, die Installation wird nicht durchgeführt weil Spybot zB den Updateserver nicht findet und dann kann man nicht weiter installieren.

EDIT:
Und wenn ich anstatt immer wieder Windows7 zu installieren auf Windows XP gehe und versuch dann die Festplatten zu reinigen?

EDIT2:
Welchen Virenscanner soll ich denn installieren unter Windows7, welchen unter XP?
(Ich meine von den kostenlosen)

EDIT3:
Achja, das Utorrent stammt auseiner sicheren Quelle, direkt von meinem (Hardwareseitig schreibgeschütztem USSB Stick)

Cookie1990 · 01.04.2010, 00:44

OK, ich habe gerade eine erschreckende Erkenntnis gemacht.
Unter Linux bleiben die Sympthome erhalten, obwohl ich nur von einer Live CD (Mint Linux) gebootet habe... Wie kann das jetzt sein???
Ich bekomme immernoch die angeblichen Microsoft Sicherheits updates serviert...

Cookie1990 · 01.04.2010, 11:28

Ich hab die Datei die ich als "Sicherheits Update von Microsoft" mal installieren soll mal bei Virus Total geuppt

Code:

ATTFilter

Antivirus  	Version  	Last Update  	Result
a-squared	4.5.0.50	2010.04.01	-
AhnLab-V3	5.0.0.2	2010.03.31	-
AntiVir	7.10.6.13	2010.04.01	-
Antiy-AVL	2.0.3.7	2010.04.01	-
Authentium	5.2.0.5	2010.04.01	-
Avast	4.8.1351.0	2010.03.31	-
Avast5	5.0.332.0	2010.03.31	-
AVG	9.0.0.787	2010.03.31	-
BitDefender	7.2	2010.04.01	-
CAT-QuickHeal	10.00	2010.04.01	-
ClamAV	0.96.0.0-git	2010.04.01	-
Comodo	4460	2010.04.01	-
DrWeb	5.0.2.03300	2010.04.01	-
eSafe	7.0.17.0	2010.03.31	-
eTrust-Vet	35.2.7401	2010.04.01	-
F-Prot	4.5.1.85	2010.04.01	-
F-Secure	9.0.15370.0	2010.04.01	-
Fortinet	4.0.14.0	2010.04.01	-
GData	19	2010.04.01	-
Ikarus	T3.1.1.80.0	2010.04.01	-
Jiangmin	13.0.900	2010.04.01	-
K7AntiVirus	7.10.1004	2010.03.22	-
Kaspersky	7.0.0.125	2010.04.01	-
McAfee	5937	2010.03.31	-
McAfee+Artemis	5937	2010.03.31	-
McAfee-GW-Edition	6.8.5	2010.04.01	Heuristic.BehavesLike.Win32.Downloader.H
Microsoft	1.5605	2010.03.31	-
NOD32	4991	2010.04.01	-
Norman	6.04.10	2010.03.31	-
nProtect	2009.1.8.0	2010.04.01	-
Panda	10.0.2.2	2010.04.01	-
PCTools	7.0.3.5	2010.04.01	-
Prevx	3.0	2010.04.01	-
Rising	22.41.03.04	2010.04.01	-
Sophos	4.52.0	2010.04.01	-
Sunbelt	6124	2010.04.01	-
Symantec	20091.2.0.41	2010.04.01	Suspicious.Insight
TheHacker	6.5.2.0.248	2010.03.31	-
TrendMicro	9.120.0.1004	2010.04.01	-
VBA32	3.12.12.4	2010.04.01	-
ViRobot	2010.4.1.2255	2010.04.01	-
VirusBuster	5.0.27.0	2010.03.31	-
Additional information
File size: 111057 bytes
MD5...: 62b30846640a03d19f8d1ae834e5eef1
SHA1..: 19e145a1df35567b0db3eed3cf15ff18c88efcb7
SHA256: 9d33a7c66b60e29696af9b6973149265e1e786b618ff604085f51d714c94efde
ssdeep: 1536:hpgpHzb9dZVX9fHMvG0D3XJH4Romu/TmSWlH5VkxlWZKmiZOcVf2wgEI:bg
XdZt9P6D3XJH45UqD/YlguQ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30fa
timedatestamp.....: 0x42316426 (Fri Mar 11 09:25:58 2005)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5c4c 0x5e00 6.44 856b32eb77dfd6fb67f21d6543272da5
.rdata 0x7000 0x129c 0x1400 5.05 dc77f8a1e6985a4361c55642680ddb4f
.data 0x9000 0x25c58 0x400 4.80 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 0x2f000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x3b000 0x3ef0 0x4000 5.91 48eb1f486dd2c693797e2ad4bda49c3f

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): NSIS

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Wohl gemerkt bekomme ich diese Warnung wenn ich mich mit einer Linux live CD per Firefox bewege...

Larusso · 01.04.2010, 16:03

Jetzt wirds lustig. Wie verbindest du dich mit dem Internet?
Router Modem wLan ... ?

Und wo du uTorrent her hast is mir ziemlich schnuppe

P2P-Filesharing
P2P-Programme sind an sich saubere Programme, jedoch weißt Du niemals was Du von wo herunterlädst. Programme aus Filesharing-Börsen stammen meist aus unsicheren Quellen und da sie häufig verseucht sind, rate ich Dir auch in Zukunft davon ab. Außerdem kann es Dich zu eventuell illegalen Handlungen verleiten, z. B. die Nutzung von Raubkopien.

Cookie1990 · 01.04.2010, 19:38

Ja*lustig*haha...

Ich*geh*über*meinen*Switch*an*nen*Router*"Siemens*ADSL*SL-2-141-I"

Und*über*Torrent*lassen*sich*Linux*und*Co*sehr*schön*verteilen.

Larusso · 01.04.2010, 20:03

Rooter mal reseten.

Cookie1990 · 02.04.2010, 23:35

OK, habe meinen Router nicht resettet aber meinen Rechner mal zum NAchbarn getragen, da bin ich Beschwerdefrei.
Das Problem scheint also nur bei uns im LAN zu existieren.

31.03.2010, 15:18	#2
Larusso /// Selecta Jahrusso	Virus kommplett löschen, aber wie? Beschreib mal "irgendwas eingefangen" __________________ __________________

01.04.2010, 20:03	#14
Larusso /// Selecta Jahrusso	Virus kommplett löschen, aber wie? Rooter mal reseten. __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Virus kommplett löschen, aber wie?

Antiviren-, Firewall- und andere Schutzprogramme: Virus kommplett löschen, aber wie?