| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows XP Recovery Virus - Formatieren notwendig?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.06.2011, 02:53
| #7 |
| |  Windows XP Recovery Virus - Formatieren notwendig? Hi Kira, kann ich denn bedenkenlos meine (Word-)Dateien, Fotos, Videos und Musikdateien sichern oder schwebt dann die Gefahr mit, dass ich das mit auf das neue System rübernehme? Die Neuinstallation sollte ich dann wohl trotzdem irgendwann vornehmen... Möchte mich an dieser Stelle schon mal sehr herzlich für deine Bemühungen bedanken! Bis dato hast du mir schon sehr weitergeholfen, vielen Dank! Du bist auf jeden Fall mein Held des Monats:-) Soweit habe ich deine Anweisungen wieder befolgt. Hier der Bericht: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517a-3918-11e0-84fa-002170761a28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517a-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517a-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517a-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517a-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517a-3918-11e0-84fa-002170761a28}\ not found.
File E:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517c-3918-11e0-84fa-002170761a28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517c-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517c-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517c-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517c-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517c-3918-11e0-84fa-002170761a28}\ not found.
File E:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517d-3918-11e0-84fa-002170761a28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517d-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517d-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517d-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0556517d-3918-11e0-84fa-002170761a28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0556517d-3918-11e0-84fa-002170761a28}\ not found.
File E:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60dd9842-ad23-11df-84d5-002170761a28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60dd9842-ad23-11df-84d5-002170761a28}\ not found.
File G:\PMBP_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8d75808-390a-11e0-84f9-00226912dd12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8d75808-390a-11e0-84f9-00226912dd12}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8d75808-390a-11e0-84f9-00226912dd12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8d75808-390a-11e0-84f9-00226912dd12}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8d75808-390a-11e0-84f9-00226912dd12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8d75808-390a-11e0-84f9-00226912dd12}\ not found.
File E:\.\Autorun.exe AUTORUN=1 not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66369 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Jan
->Temp folder emptied: 4582915 bytes
->Temporary Internet Files folder emptied: 9676944 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 153289949 bytes
->Flash cache emptied: 3380 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 643 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 266530 bytes
Total Files Cleaned = 160,00 mb
OTL by OldTimer - Version 3.2.23.0 log created on 06042011_034338
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
| Themen zu Windows XP Recovery Virus - Formatieren notwendig? |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, avira, c:\windows\system32\rundll32.exe, converter, einstellungen, error, explorer, firefox, google, kaspersky, logfile, mozilla, mp3, neu, object, oldtimer, picasa, plug-in, port, programme, registry, rundll, searchplugins, security, software, spigot, temp, trojan.fakems, virus, wieder herstellen, windows, windows xp, winlogon.exe, wrapper, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |
Baum-Darstellung