Virus kommplett löschen, aber wie?

Cookie1990 · 31.03.2010, 14:34

Hallo miteinander.

Ich machs kurz, ich hab mir irgend etwas eingefangen.
Ich hab kein Ahnung was es ist.
Es ist nach 4 maliger formatierung und neu installation immer noch da.

Nun meine Frage, wie kann ich meine 3 HDDs so formatieren dass das Ding endlich weg is? Mein Windows 7 Image is clean, auf anderen Rechner tritt das Problem nicht auf.

Mein Plan war eigentlich, dass ich sämtliche Daten mit einer low lvl Formatierung lösche, aber das schient nicht zu funktionieren. Wie bekomme ich die Platten aber endlich sauber?

Folgend Platten sind verbaut:

1: Western Digital WD1600JB
2: ExelStore Callist80GB
3: Samsung 1202N

Bitte versteht mich richtig, ich hab schon alle meine Daten verloren, ich möchte nurnoch den Virus loswerden. Mich intressiert nicht was das für einer is, was er macht oder wie ich ihn mir zuzog. Alles was ich will is diesen Quälgeist loswerden.

Larusso · 31.03.2010, 15:18

Beschreib mal "irgendwas eingefangen"

Cookie1990 · 31.03.2010, 15:39

Also:
Es verändert sämtlichen Link Anfragen, mal kommt man auf den Link den man angeklickt hat, mal wird gesagt die Seite könne nicht geladen werden, oder es werden einfach Porno/Viagra/Anti Spam Seiten geöffnet.

Es kommt zu PopUps die mir ein ominöses Microsoft Tool anbieten wollen oder ich werde aufgefordert "StopZilla" zu installieren.

Die Windows updates werden ausgeschaltet und lassen sich nicht mehr reaktivieren.

Es bleibt auch nach mehrmaligem Formatieren da, ich habe sogar schon mein Windows7 Image gewechselt aber kein Erfolg.

Larusso · 31.03.2010, 15:45

Da wirste mit ner schnellformatierung keine Freude haben

Schaun wir mal ob sich meine Vermutung bestätigt.

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Cookie1990 · 31.03.2010, 16:09

also da kommt ne Fehlermeldung, dann sucht er 10 sec und dann sagt er er habe nichts gefunden

Die Fehlermeldung hab ich angehangen

Larusso · 31.03.2010, 16:13

Ich muss schnell weg, sehe ich mir dann genauer an

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Cookie1990 · 31.03.2010, 16:30

Code:

ATTFilter

OTL logfile created on: 31.03.2010 17:23:23 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Cookie\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,81 Gb Total Space | 100,64 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 235,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COOKIE-PC
Current User Name: Cookie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
MOD - [2009.07.14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009.07.14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010.03.22 15:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 7E 76 CF CF D0 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.31 14:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.03.31 15:14:06 | 000,000,000 | ---D | M]
 
[2010.03.31 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Mozilla\Extensions
[2010.03.31 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions
[2010.03.31 14:48:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.31 14:48:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.31 15:13:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\utb365r0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.31 14:45:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010.03.31 17:22:19 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2010.03.31 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Cookie\Desktop\kaspersky anti virus v9.0.0.736 incl trialresetter
[2010.03.31 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010.03.31 15:38:49 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\uTorrent
[2010.03.31 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Macromedia
[2010.03.31 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Adobe
[2010.03.31 15:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.03.31 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.03.31 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010.03.31 15:12:53 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\ElevatedDiagnostics
[2010.03.31 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Mozilla
[2010.03.31 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Mozilla
[2010.03.31 14:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.03.31 14:42:17 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Searches
[2010.03.31 14:42:06 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Identities
[2010.03.31 14:42:03 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Contacts
[2010.03.31 14:42:00 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\VirtualStore
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Temporary Internet Files
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Templates
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Start Menu
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\SendTo
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Recent
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\PrintHood
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\NetHood
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Videos
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Pictures
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Documents\My Music
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\My Documents
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Local Settings
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\History
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Cookies
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\Application Data
[2010.03.31 14:41:37 | 000,000,000 | -HSD | C] -- C:\Users\Cookie\AppData\Local\Application Data
[2010.03.31 14:41:36 | 000,000,000 | --SD | C] -- C:\Users\Cookie\AppData\Roaming\Microsoft
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Videos
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Saved Games
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Pictures
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Music
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Links
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Favorites
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Downloads
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Documents
[2010.03.31 14:41:36 | 000,000,000 | R--D | C] -- C:\Users\Cookie\Desktop
[2010.03.31 14:41:36 | 000,000,000 | -H-D | C] -- C:\Users\Cookie\AppData
[2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Temp
[2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Local\Microsoft
[2010.03.31 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\Cookie\AppData\Roaming\Media Center Programs
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010.03.31 14:38:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010.03.31 14:38:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.03.31 14:32:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.03.31 14:32:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC
 
========== Files - Modified Within 14 Days ==========
 
[2010.03.31 17:24:01 | 000,786,432 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT
[2010.03.31 17:22:20 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Cookie\Desktop\OTL.exe
[2010.03.31 17:04:30 | 000,293,376 | ---- | M] () -- C:\Users\Cookie\Desktop\vhiruvou.exe
[2010.03.31 15:47:03 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.31 15:47:03 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.31 15:38:52 | 000,000,947 | ---- | M] () -- C:\Users\Cookie\Desktop\µTorrent.lnk
[2010.03.31 14:46:04 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.03.31 14:46:04 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.03.31 14:46:04 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.03.31 14:45:53 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.31 14:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.31 14:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.31 14:41:37 | 000,000,020 | -HS- | M] () -- C:\Users\Cookie\ntuser.ini
[2010.03.31 14:41:36 | 000,065,536 | -HS- | M] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.31 14:41:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.31 14:41:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.31 14:41:14 | 1610,252,288 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.31 14:36:24 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.31 14:34:57 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.03.31 14:34:57 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.03.31 14:34:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.03.31 14:34:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
 
========== Files Created - No Company Name ==========
 
[2010.03.31 17:04:29 | 000,293,376 | ---- | C] () -- C:\Users\Cookie\Desktop\vhiruvou.exe
[2010.03.31 15:38:52 | 000,000,947 | ---- | C] () -- C:\Users\Cookie\Desktop\µTorrent.lnk
[2010.03.31 14:45:53 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.31 14:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.31 14:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.31 14:41:37 | 000,000,020 | -HS- | C] () -- C:\Users\Cookie\ntuser.ini
[2010.03.31 14:41:36 | 000,524,288 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT
[2010.03.31 14:41:36 | 000,065,536 | -HS- | C] () -- C:\Users\Cookie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.31 14:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.31 14:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.03.31 14:32:02 | 1610,252,288 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.03.31 17:05:14 | 000,000,000 | ---D | M] -- C:\Users\Cookie\AppData\Roaming\uTorrent
[2009.07.14 07:08:49 | 000,002,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 31.03.2010 17:23:23 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Cookie\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,81 Gb Total Space | 100,64 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 235,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COOKIE-PC
Current User Name: Cookie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
< End of report >

Larusso · 31.03.2010, 16:44

Sind die Umleitungen nur im Firefox oder generell ?
Treten sie immer auf.

Eine Frage, das erste was du installierst ist uTorrent anstatt eines AVPs?
Nicht gerade schlau.

uTorrent runter.

31.03.2010, 15:18	#2
Larusso /// Selecta Jahrusso	Virus kommplett löschen, aber wie? Beschreib mal "irgendwas eingefangen" __________________ __________________

Virus kommplett löschen, aber wie?

Antiviren-, Firewall- und andere Schutzprogramme: Virus kommplett löschen, aber wie?