Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected ... but by what? I am stuck.


  • Please log in to reply
25 replies to this topic

#16 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 26 June 2013 - 12:39 AM

Somewhere above you asked how my PC was running now.

Before we started, it was running OK and it continues to do so.

I just knew something had "invaded" my PC and I was worried.

 

I have no idea if I will still have problems reinstalling MS Security Essentials (have not tried yet), which I'd like to do.

I know it isn't the greatest but neither is my machine (nor my Internet connection).

It was the program that slowed down things the least.

 

Question: I'm not good at reading all these logs at all. What did we find/fix?

 

Thank you very much for your continued help, Dark Knight!



BC AdBot (Login to Remove)

 


#17 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:51 AM

Posted 26 June 2013 - 04:36 PM

Hello deus62,

 

Haven't really fixed anything yet. :)

  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#18 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 26 June 2013 - 10:44 PM

I ran RogueKiller twice today (restarted inbetween) because after I pressed "Delete", it said that one file could not be found.

 

When I was done, I found four text files on my desktop which were very close to each other in regard to timestamp. One/two files must be from yesterday, but they all said June 27th.

 

I put all of them into this post, starting with the earliest timestamp and ending with the latest.

 

Thanks for your continued help, Dark Knight!

 

 

 

RogueKiller V8.6.1 _x64_ [Jun 25 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Gestartet in : Normaler Modus
Benutzer : deus62 [Admin Rechte]
Funktion : Scannen -- Datum : 06/27/2013 05:28:43
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 10 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB} : NameServer (217.0.43.97 217.0.43.113) -> GEFUNDEN
[DNS] HKLM\[...]\CS001\[...]\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB} : NameServer (217.0.43.97 217.0.43.113) -> GEFUNDEN
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] ae7b357ccd71cb4979195fdcb4e0053f
[BSP] 41a1355388ebc429995426207bf8e81a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 102532 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 210194460 | Size: 374303 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 7d75208c95f93f9979dcf21ab3e77ac6
[BSP] 5d8bfc720c702b9af37896fb77315a35 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_06272013_052843.txt >>
RKreport[0]_S_06262013_073400.txt



RogueKiller V8.6.1 _x64_ [Jun 25 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Gestartet in : Normaler Modus
Benutzer : deus62 [Admin Rechte]
Funktion : Entfernen -- Datum : 06/27/2013 05:31:20
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 10 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB} : NameServer (217.0.43.97 217.0.43.113) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
[DNS] HKLM\[...]\CS001\[...]\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB} : NameServer (217.0.43.97 217.0.43.113) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> GELÖSCHT
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> ERSETZT (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Das System kann die angegebene Datei nicht finden.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> ERSETZT (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> ERSETZT (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> ERSETZT (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] ae7b357ccd71cb4979195fdcb4e0053f
[BSP] 41a1355388ebc429995426207bf8e81a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 102532 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 210194460 | Size: 374303 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 7d75208c95f93f9979dcf21ab3e77ac6
[BSP] 5d8bfc720c702b9af37896fb77315a35 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_D_06272013_053120.txt >>
RKreport[0]_S_06262013_073400.txt;RKreport[0]_S_06272013_052843.txt



RogueKiller V8.6.1 _x64_ [Jun 25 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Gestartet in : Normaler Modus
Benutzer : deus62 [Admin Rechte]
Funktion : Scannen -- Datum : 06/27/2013 05:37:49
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] ae7b357ccd71cb4979195fdcb4e0053f
[BSP] 41a1355388ebc429995426207bf8e81a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 102532 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 210194460 | Size: 374303 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 7d75208c95f93f9979dcf21ab3e77ac6
[BSP] 5d8bfc720c702b9af37896fb77315a35 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_06272013_053749.txt >>
RKreport[0]_D_06272013_053120.txt;RKreport[0]_S_06262013_073400.txt;RKreport[0]_S_06272013_052843.txt




RogueKiller V8.6.1 _x64_ [Jun 25 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Gestartet in : Normaler Modus
Benutzer : deus62 [Admin Rechte]
Funktion : Entfernen -- Datum : 06/27/2013 05:38:03
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] ae7b357ccd71cb4979195fdcb4e0053f
[BSP] 41a1355388ebc429995426207bf8e81a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 102532 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 210194460 | Size: 374303 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 7d75208c95f93f9979dcf21ab3e77ac6
[BSP] 5d8bfc720c702b9af37896fb77315a35 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_D_06272013_053803.txt >>
RKreport[0]_D_06272013_053120.txt;RKreport[0]_S_06262013_073400.txt;RKreport[0]_S_06272013_052843.txt
RKreport[0]_S_06272013_053749.txt


 



#19 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:51 AM

Posted 27 June 2013 - 04:33 PM

Hey deus62,

 

What issues remain?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#20 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:51 AM

Posted 08 July 2013 - 07:31 AM

Are you still with me?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#21 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 12 July 2013 - 12:58 AM

Are you still with me?

Now I am again.

I'm really sorry about this. I ended up in the hospital after my last post and did not get out until today.

I'll get back to you as soon as possible (sometime today).

 

deus62



#22 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:51 AM

Posted 12 July 2013 - 06:23 PM

Hey deus62,

 

Take your time. I hope things are well. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#23 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 14 July 2013 - 12:38 AM

OK, here I am again. All's well.

 

The PC seems to be running fine. When I got back yesterday, I updated Windows with the latest updates that had accumulated. Astonishingly enough, although I had tried to delete Security Essentials previously (see beginning of my "story"), now it is back. It's almost as if this latest update has repaired my installation. The icon in the taskbar is back, the latest definitions have been downloaded, scanning seems to work.

 

I think all I need to do is a cleanup of my PC because I have some folders that were created when we ran all those diagnostics and repair routines. I have, for example, "$ Recycle Bin" folders on some drives, "_OTL", etc.

 

So, things look good but I'll wait for your response before I do anything.

 

Again, thanks for your continued help and for sticking with me. :)



#24 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:51 AM

Posted 15 July 2013 - 04:44 PM

Hello deus62,

 

Sounds great!

 

One last scan.

 

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is checked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#25 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 16 July 2013 - 12:33 PM

Here it is (note: I selected "Uninstall application on close" and "Delete quarantined files" upon shutdown of the scanner.)

 

****************************************************************************

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=78fd5a968cf1784fbf8a829f1a406654
# engine=14418
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-16 05:21:47
# local_time=2013-07-16 07:21:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 107436001 211519213 0 0
# scanned=454703
# found=34
# cleaned=34
# scan_time=6961
sh=1F7DEE9C52555D09D0AEA954E343A0DFD56808A1 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Baja & Los Cabos7th Edition  August 2007\baja--southern-baja_v1_m56577569830496005.pdf"
sh=742E2779C4C5699343B5CA648A4212B7F64E6F49 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Baja & Los Cabos7th Edition  August 2007\baja-directory-transport_v1_m56577569830496000.pdf"
sh=22D9CE8A2D40FD5D7388C7936D0DD70E3F714EAC ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Baja & Los Cabos7th Edition  August 2007\baja-health_v1_m56577569830496001.pdf"
sh=1F931FE9428DE9CA8F7D6C9E536E12187A70455F ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Baja & Los Cabos7th Edition  August 2007\baja-language_v1_m56577569830496002.pdf"
sh=23014054B72ED00C6C02EFE1272502D6AB0B61E5 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Baja & Los Cabos7th Edition  August 2007\baja-los-cabos-planning-information.pdf"
sh=9C2DB04EEFE3B3AEF9E9C60860528BEDC15FBD77 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Baja & Los Cabos7th Edition  August 2007\baja-los-cabos_v1_m56577569830496003.pdf"
sh=D94EA87DAEAAFF45C05EAF899869118D41747621 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Guatemala3rd Edition  September 2007\guatemala-language_v1_m56577569830495601.pdf"
sh=D72F804528514E65FCA251F39E911A332E222FCE ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Honduras & the Bay Islands1st Edition  January 2007\central-honduras_v1_m56577569830489916.pdf"
sh=6811183C79B1FC0C09FE7F2C563EF2F90370CC58 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Honduras & the Bay Islands1st Edition  January 2007\honduras-language_v1_m56577569830489923.pdf"
sh=EBE19B076B3DF1996B4B7E74DB25EFD05A5B7E5E ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Honduras & the Bay Islands1st Edition  January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf"
sh=D397C121074EF254BBD51DD45C2C828A30D6CF12 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Mexican Spanish1st Edition  October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf"
sh=DBA40161434FDE348FD738C3A91DC1DDF2305FBF ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Mexican Spanish1st Edition  October 2003\mexican-spanish-food_v1_m56577569830491278.pdf"
sh=F20E3C17D499A07B2E3E4C425902DC127125F498 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Mexican Spanish1st Edition  October 2003\mexican-spanish-introduction-tools.pdf"
sh=5DC6D6177D28A0FA897C419FA09FE2AB551AEF29 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Mexican Spanish1st Edition  October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf"
sh=A7169901307775A0DD42E322659F1C40E7EE261C ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Mexican Spanish1st Edition  October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf"
sh=AEE906896A01D80E66AD68B4F93CB9599F3F40F8 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Mexican Spanish1st Edition  October 2003\mexican-spanish-social_v1_m56577569830491277.pdf"
sh=83301AB78D20D3D6BAB4D749C25E1B2C3D1DCCA0 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Mexican Spanish1st Edition  October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf"
sh=053078673C2AB31ED807622B08282CAAAEE1126B ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Nicaragua & El Salvador1st Edition  October 2006\nic-el-directory_v1_m56577569830489993.pdf"
sh=B390BBFB4539590BE18F19E83395571CE36E2426 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Nicaragua & El Salvador1st Edition  October 2006\nic-el-health_v1_m56577569830489994.pdf"
sh=6A0A7FFB429E2A9067580BFC3141A567844173C8 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Nicaragua & El Salvador1st Edition  October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf"
sh=74979FB80FF91D2767FAE28E94DEAC51A65B97A8 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Panama4th Edition  November 2007\panama-language_v1_m56577569830490020.pdf"
sh=E4C1F167B8F4C5A20B7A15265A55E72DAC7BAF0B ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf"
sh=76CB5263ED85577503BE14321BDED34C9A582FA6 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-acapulco_v1_m56577569830490072.pdf"
sh=E3832F0F19C4195E8BC4A787805216C3EE8D9CE6 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-directory_v1_m56577569830490075.pdf"
sh=B22D563B8DD42FD4DE82BEC0EBB2A2441B373DC1 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-health_v1_m56577569830490076.pdf"
sh=DACB6FBC4E0A53E307F972F4FB70DF7C1295C0AF ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-language_v1_m56577569830490078.pdf"
sh=5D4665612573DC6FEE4E229CBE33B3AC06C16037 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-mazatlan_v1_m56577569830490062.pdf"
sh=6A202C3BBD455FE25F02FB3C06013EAA20EF2E0A ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Puerto Vallarta & Pacific Mexico2nd Edition  August 2006\pv-nayarit_v1_m56577569830490064.pdf"
sh=B1122DFA2947E027AD44A1850820ED715E861E18 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Yucatan3rd Edition  November 2006\yucatan-background-information_v1_m56577569830490126.pdf"
sh=2A6F5D4DCAB5528120FE3C7B0465ED915EE771CE ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Yucatan3rd Edition  November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf"
sh=12336B1141309733C0354B58AD8C668AEA5B8BFE ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Yucatan3rd Edition  November 2006\yucatan-health_v1_m56577569830490135.pdf"
sh=E99E3CBF123158E0217927CFB0BF3DD47D0AF8B1 ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Yucatan3rd Edition  November 2006\yucatan-language_v1_m56577569830490136.pdf"
sh=8CF0D85F876CC8387B5D3D93D1B165F1BD6CD7CA ft=0 fh=0000000000000000 vn="JS/Trackware.ReadNotify.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\0010 Privat\0200 eBooks\0810 Travelling\Lonely Planet\Yucatan3rd Edition  November 2006\yucatan-planning-information.pdf"
sh=43AFFB5B239AB3E0AA1B913051D43A6C1B25B504 ft=1 fh=50db72b1e2860d88 vn="a variant of Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="D:\Dokumente\9999 z_sort\_Englisch Klassen\Cornelsen\Digitaler Planer\Alcohol52_FE_2.0.2.4713.exe"



#26 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:51 AM

Posted 16 July 2013 - 04:38 PM

Hey deus62,

 

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

 

 

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

 

Right-click the Recycle Bin and please select Empty Recycle Bin.

=====

 

Please consider using these ideas to help secure your computer.  While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection.  While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.   :)


IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.


Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.  A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection.  However, it is important to run only one resident program of each type since they can conflict and become less effective.  That means only one antivirus, firewall and scanning anti-spyware program at a time.  Passive protectors, like SpywareBlaster, can be run with any of them.  

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs.  If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately.  It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information.  Ask in a security forum that you trust if you are not sure.  If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware."  Scareware programs are active infections that will pop-up on your computer and tell you that you are infected.  If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed.  It tells you to click and install it right away.  If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further.  Keeping protection updated and running resident protection can help prevent these infections.  If it happens anyway, get offline as quickly as you can.  Pull the internet connection cable or shut down the computer if you have to.  Contact someone to help by using another computer if possible.  These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative.  In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free.  If you run into more difficulty, we will certainly do what we can to help.  :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users