Trojan:Win32/Sirefef.ah kann nicht enfernt werden

Psychotic · 12.06.2012, 07:21

FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

kunz123 · 12.06.2012, 19:13

txt:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012
Ran by SYSTEM at 12-06-2012 20:07:51
Running from J:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Acer Tour] [x]
HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [319488 2007-01-24] ()
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [464168 2007-02-06] (HiTRUST)
HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [eRecoveryService] [x]
HKLM\...\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [151552 2007-02-15] (Acer Inc.)
HKLM\...\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd [x]
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-04-20] (Avira GmbH)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Dankesreiter\...\Run: [Acer Tour Reminder] [x]
HKU\Dankesreiter\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
HKLM\...\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PCM Media Sharing.lnk
ShortcutTarget: PCM Media Sharing.lnk -> C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe (No File)

================================ Services (Whitelisted) ==================

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-12-29] ()
2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-20] (Avira GmbH)
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [269480 2011-07-21] (Avira GmbH)
3 DFSR; C:\Windows\System32\DFSR.exe [2089984 2006-11-02] (Microsoft Corporation)
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-02-06] (HiTRSUT)
2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-01-31] (Acer Inc.)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [69120 2006-11-02] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-20] (NVIDIA Corporation)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
2 Realtek11nSU; C:\Program Files\Hama\Wireless LAN RTL8192SU\RtlService.exe [36864 2010-04-16] (Realtek)
3 BITCOMET_HELPER_SERVICE; C:\Users\Dankesreiter\Desktop\BitComet\tools\BitCometService.exe -service [x]
2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [x]

========================== Drivers (Whitelisted) =============

0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [8192 2006-10-29] (ATI Technologies Inc.)
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-07-21] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-07-21] (Avira GmbH)
3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2008-09-04] (AVM Berlin)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2010-01-18] (Symantec Corporation)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2008-09-04] (AVM GmbH)
4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)
2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-09] (Apple Inc.)
3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-05-06] (NewTech Infosystems, Inc.)
0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20264 2007-02-06] (HiTRUST)
0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-02-06] (HiTRUST)
0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-02-06] (HiTRUST)
3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [540192 2010-07-07] (Realtek Semiconductor Corporation )
3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [83496 2007-11-02] (MCCI Corporation)
1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [x]
4 sptd; C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-12 20:07 - 2012-06-12 20:07 - 00000000 ____D C:\FRST
2012-06-12 10:05 - 2012-06-12 10:05 - 00874092 ____A C:\Users\Dankesreiter\Desktop\FRST.exe
2012-06-12 08:14 - 2012-06-12 08:14 - 00000000 ____D C:\Program Files\PriceGong
2012-06-11 06:32 - 2012-06-11 06:32 - 00000000 ____D C:\Qoobox
2012-06-08 06:55 - 2012-06-08 06:55 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\16951383.sys
2012-06-08 06:55 - 2012-06-08 06:55 - 00078178 ____A C:\TDSSKiller.2.7.36.0_08.06.2012_16.55.05_log.txt
2012-06-06 10:04 - 2012-06-06 10:05 - 00001422 ____A C:\AdwCleaner[S3].txt
2012-06-06 10:04 - 2012-06-06 10:04 - 00001360 ____A C:\AdwCleaner[R2].txt
2012-06-06 09:59 - 2012-06-06 10:00 - 00114334 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_19.59.49_log.txt
2012-06-06 04:50 - 2012-06-11 06:32 - 00000000 ___SD C:\32788R22FWJFW
2012-06-06 04:23 - 2012-06-06 04:23 - 04537562 ____R (Swearware) C:\Users\Dankesreiter\Desktop\ComboFix.exe
2012-06-06 02:11 - 2012-06-12 10:03 - 03996552 ____A C:\Windows\ntbtlog.txt
2012-06-05 11:39 - 2012-06-05 11:41 - 00001302 ____A C:\AdwCleaner[S2].txt
2012-06-05 10:31 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-05 10:31 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-05 10:31 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-05 10:31 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-05 10:31 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-05 10:31 - 2000-08-30 16:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-06-05 10:31 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-05 10:31 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-05 10:31 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-05 10:30 - 2012-06-05 10:30 - 00000000 ____D C:\Windows\ERDNT
2012-06-05 09:41 - 2012-06-05 09:45 - 00097001 ____A C:\AdwCleaner[S1].txt
2012-06-05 04:27 - 2012-06-07 06:32 - 00187749 ____A C:\Windows\WindowsUpdate.log
2012-06-05 02:09 - 2012-06-05 02:10 - 00094457 ____A C:\AdwCleaner[R1].txt
2012-06-05 02:09 - 2012-06-05 02:09 - 00591235 ____A C:\Users\Dankesreiter\Desktop\adwcleaner.exe
2012-06-04 06:55 - 2012-06-04 06:55 - 00561496 ____A C:\Users\Dankesreiter\Desktop\Gmer.txt
2012-06-04 06:05 - 2012-06-04 06:05 - 00000000 ____A C:\Users\Dankesreiter\defogger_reenable
2012-06-04 03:06 - 2012-06-04 03:06 - 00028614 ____A C:\Users\Dankesreiter\Desktop\Extras.Txt
2012-06-04 02:50 - 2012-06-08 04:06 - 00000538 ____A C:\Users\Dankesreiter\Desktop\defogger_disable.log
2012-06-04 02:49 - 2012-06-04 02:50 - 00050477 ____A C:\Users\Dankesreiter\Desktop\Defogger.exe
2012-06-04 02:45 - 2012-06-04 02:46 - 00113508 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_12.45.09_log.txt
2012-06-04 02:31 - 2012-06-04 02:33 - 00113530 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_12.31.40_log.txt
2012-06-04 02:31 - 2012-06-04 02:31 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Dankesreiter\Desktop\tdsskiller.exe
2012-06-04 02:31 - 2012-06-04 02:31 - 00596480 ____A (OldTimer Tools) C:\Users\Dankesreiter\Desktop\OTL.exe
2012-06-04 02:26 - 2012-06-04 03:05 - 05048776 ____A C:\Users\Dankesreiter\Desktop\OTL.Txt
2012-06-03 07:44 - 2012-06-03 07:45 - 00000190 ____A C:\Users\Dankesreiter\Desktop\defogger_reenable
2012-06-03 07:43 - 2012-06-03 07:43 - 00302592 ____A C:\Users\Dankesreiter\Desktop\z6kt3wxo.exe
2012-06-03 05:29 - 2012-06-03 05:29 - 00000000 ____A C:\Users\Dankesreiter\Downloads\245.tmp
2012-06-02 13:04 - 2012-06-11 11:50 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-02 13:04 - 2012-06-10 11:15 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-02 13:03 - 2012-06-02 13:05 - 00000000 ____D C:\Program Files\Google
2012-06-02 13:02 - 2012-06-02 13:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-02 13:02 - 2012-06-02 13:02 - 00000000 ____D C:\Program Files\Adobe
2012-06-02 13:01 - 2012-06-03 02:35 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-02 09:15 - 2012-06-02 09:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-02 09:03 - 2012-06-02 09:03 - 00001921 ____A C:\Users\Public\Desktop\4Media Video Converter Ultimate 6.lnk
2012-06-02 09:03 - 2012-06-02 09:03 - 00000000 ____D C:\Users\All Users\4Media
2012-06-02 09:03 - 2012-06-02 09:03 - 00000000 ____D C:\Program Files\4Media
2012-06-02 01:23 - 2012-06-02 01:23 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\NVIDIA
2012-06-02 01:13 - 2012-06-02 01:13 - 00001869 ____A C:\Users\Public\Desktop\Xilisoft HD Video Converter.lnk
2012-06-02 01:02 - 2012-06-02 01:14 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-06-02 01:02 - 2012-06-02 01:14 - 00000000 ____D C:\Program Files\Xilisoft
2012-06-02 00:51 - 2012-06-02 08:57 - 00000000 ____D C:\Program Files\1ClickDownload
2012-06-01 05:20 - 2012-06-01 05:20 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\4Media
2012-05-31 06:56 - 2012-05-31 06:56 - 00000000 ____D C:\Users\Dankesreiter\AppData\Local\CrashRpt
2012-05-31 06:51 - 2012-05-31 06:52 - 00000000 ____D C:\Users\All Users\RapidSolution
2012-05-31 06:47 - 2012-05-31 07:09 - 00000000 ____D C:\Users\Dankesreiter\AppData\Local\RapidSolution
2012-05-31 05:34 - 2012-05-31 05:34 - 00000955 ____A C:\Users\Dankesreiter\Desktop\Format Factory.lnk
2012-05-31 05:33 - 2012-05-31 05:33 - 00000000 ____D C:\Program Files\FreeTime
2012-05-31 02:44 - 2012-05-31 05:41 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\Any DVD Converter Professional
2012-05-31 02:33 - 2012-05-31 02:33 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\AnvSoft
2012-05-31 02:28 - 2012-05-31 02:28 - 00000000 ____D C:\Program Files\AviSynth 2.5
2012-05-31 02:28 - 2009-09-26 23:39 - 00369152 ____A (The Public) C:\Windows\System32\avisynth.dll
2012-05-31 02:28 - 2004-02-22 00:11 - 00719872 ____A (Abysmal Software) C:\Windows\System32\devil.dll
2012-05-30 02:36 - 2012-05-30 03:01 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\WinAVI
2012-05-30 02:36 - 2012-05-30 03:01 - 00000000 ____D C:\Users\Dankesreiter\AppData\Local\WinAVI
2012-05-29 11:42 - 2012-05-29 11:42 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\XMedia Recode
2012-05-28 09:49 - 2012-06-02 09:12 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-28 09:49 - 2012-06-02 09:12 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-28 08:56 - 2012-05-28 08:56 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\Apowersoft
2012-05-27 10:15 - 2012-05-27 10:15 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-27 10:14 - 2012-05-27 10:14 - 00000000 ____D C:\Program Files\VideoLAN
2012-05-27 07:24 - 2004-07-01 15:00 - 00327749 ____A (RealNetworks, Inc.) C:\Windows\System32\drvc.dll
2012-05-27 07:23 - 2012-05-27 07:32 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\systweak
2012-05-27 07:23 - 2012-01-20 04:14 - 00017280 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot.exe
2012-05-27 07:04 - 2012-05-27 07:04 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\mkvtoolnix
2012-05-27 06:47 - 2012-05-27 06:47 - 00000000 ____D C:\Users\All Users\Apple
2012-05-24 09:47 - 2012-05-30 11:07 - 00001382 ____A C:\user.js
2012-05-17 07:35 - 2012-05-17 07:35 - 00069632 ____A C:\Users\Dankesreiter\Documents\htl bio.wps
2012-05-15 07:09 - 2008-04-17 21:40 - 02252288 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-05-15 07:09 - 2008-04-17 21:40 - 00332800 ____A (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2012-05-15 07:09 - 2008-04-17 18:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\msiexec.exe
2012-05-15 07:09 - 2008-04-17 16:57 - 00002560 ____A (Microsoft Corporation) C:\Windows\System32\msimsg.dll

============ 3 Months Modified Files and Folders ===============

2012-06-12 20:07 - 2012-06-12 20:07 - 00000000 ____D C:\FRST
2012-06-12 10:05 - 2012-06-12 10:05 - 00874092 ____A C:\Users\Dankesreiter\Desktop\FRST.exe
2012-06-12 10:05 - 2006-11-02 00:35 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-12 10:03 - 2012-06-06 02:11 - 03996552 ____A C:\Windows\ntbtlog.txt
2012-06-12 08:14 - 2012-06-12 08:14 - 00000000 ____D C:\Program Files\PriceGong
2012-06-12 07:37 - 2006-11-02 02:33 - 00074028 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 11:50 - 2012-06-02 13:04 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 11:50 - 2006-11-02 04:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 11:50 - 2006-11-02 04:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-11 11:49 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 11:48 - 2006-11-02 05:01 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 06:32 - 2012-06-11 06:32 - 00000000 ____D C:\Qoobox
2012-06-11 06:32 - 2012-06-06 04:50 - 00000000 ___SD C:\32788R22FWJFW
2012-06-10 11:15 - 2012-06-02 13:04 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-08 06:56 - 2012-06-08 06:55 - 00078178 ____A C:\TDSSKiller.2.7.36.0_08.06.2012_16.55.05_log.txt
2012-06-08 06:55 - 2012-06-08 06:55 - 00098992 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\16951383.sys
2012-06-08 04:06 - 2012-06-04 02:50 - 00000538 ____A C:\Users\Dankesreiter\Desktop\defogger_disable.log
2012-06-07 06:32 - 2012-06-05 04:27 - 00187749 ____A C:\Windows\WindowsUpdate.log
2012-06-06 10:05 - 2012-06-06 10:04 - 00001422 ____A C:\AdwCleaner[S3].txt
2012-06-06 10:04 - 2012-06-06 10:04 - 00001360 ____A C:\AdwCleaner[R2].txt
2012-06-06 10:00 - 2012-06-06 09:59 - 00114334 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_19.59.49_log.txt
2012-06-06 05:43 - 2011-01-31 10:51 - 00002086 ____A C:\Windows\epplauncher.mif
2012-06-06 04:30 - 2012-01-28 02:50 - 00000000 __SHD C:\Config.Msi
2012-06-06 04:29 - 2011-01-31 10:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-06 04:24 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2012-06-06 04:23 - 2012-06-06 04:23 - 04537562 ____R (Swearware) C:\Users\Dankesreiter\Desktop\ComboFix.exe
2012-06-06 02:56 - 2010-10-26 08:02 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\vlc
2012-06-05 11:41 - 2012-06-05 11:39 - 00001302 ____A C:\AdwCleaner[S2].txt
2012-06-05 10:39 - 2006-11-02 04:47 - 00296800 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-05 10:30 - 2012-06-05 10:30 - 00000000 ____D C:\Windows\ERDNT
2012-06-05 09:45 - 2012-06-05 09:41 - 00097001 ____A C:\AdwCleaner[S1].txt
2012-06-05 09:45 - 2009-02-08 23:15 - 00000000 ____D C:\Users\Dankesreiter\AppData\LocalLow
2012-06-05 04:25 - 2009-02-09 22:24 - 00000000 ____D C:\Windows\Minidump
2012-06-05 02:10 - 2012-06-05 02:09 - 00094457 ____A C:\AdwCleaner[R1].txt
2012-06-05 02:09 - 2012-06-05 02:09 - 00591235 ____A C:\Users\Dankesreiter\Desktop\adwcleaner.exe
2012-06-04 06:55 - 2012-06-04 06:55 - 00561496 ____A C:\Users\Dankesreiter\Desktop\Gmer.txt
2012-06-04 06:05 - 2012-06-04 06:05 - 00000000 ____A C:\Users\Dankesreiter\defogger_reenable
2012-06-04 06:05 - 2009-02-08 23:14 - 00000000 ____D C:\users\Dankesreiter
2012-06-04 03:06 - 2012-06-04 03:06 - 00028614 ____A C:\Users\Dankesreiter\Desktop\Extras.Txt
2012-06-04 03:05 - 2012-06-04 02:26 - 05048776 ____A C:\Users\Dankesreiter\Desktop\OTL.Txt
2012-06-04 02:50 - 2012-06-04 02:49 - 00050477 ____A C:\Users\Dankesreiter\Desktop\Defogger.exe
2012-06-04 02:46 - 2012-06-04 02:45 - 00113508 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_12.45.09_log.txt
2012-06-04 02:45 - 2009-02-08 23:15 - 00071064 ____A C:\Users\Dankesreiter\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-04 02:33 - 2012-06-04 02:31 - 00113530 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_12.31.40_log.txt
2012-06-04 02:31 - 2012-06-04 02:31 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Dankesreiter\Desktop\tdsskiller.exe
2012-06-04 02:31 - 2012-06-04 02:31 - 00596480 ____A (OldTimer Tools) C:\Users\Dankesreiter\Desktop\OTL.exe
2012-06-03 07:45 - 2012-06-03 07:44 - 00000190 ____A C:\Users\Dankesreiter\Desktop\defogger_reenable
2012-06-03 07:43 - 2012-06-03 07:43 - 00302592 ____A C:\Users\Dankesreiter\Desktop\z6kt3wxo.exe
2012-06-03 05:29 - 2012-06-03 05:29 - 00000000 ____A C:\Users\Dankesreiter\Downloads\245.tmp
2012-06-03 02:35 - 2012-06-02 13:01 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-02 13:05 - 2012-06-02 13:03 - 00000000 ____D C:\Program Files\Google
2012-06-02 13:03 - 2012-06-02 13:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-02 13:02 - 2012-06-02 13:02 - 00000000 ____D C:\Program Files\Adobe
2012-06-02 09:15 - 2012-06-02 09:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-02 09:12 - 2012-05-28 09:49 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-02 09:12 - 2012-05-28 09:49 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-02 09:03 - 2012-06-02 09:03 - 00001921 ____A C:\Users\Public\Desktop\4Media Video Converter Ultimate 6.lnk
2012-06-02 09:03 - 2012-06-02 09:03 - 00000000 ____D C:\Users\All Users\4Media
2012-06-02 09:03 - 2012-06-02 09:03 - 00000000 ____D C:\Program Files\4Media
2012-06-02 08:57 - 2012-06-02 00:51 - 00000000 ____D C:\Program Files\1ClickDownload
2012-06-02 01:23 - 2012-06-02 01:23 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\NVIDIA
2012-06-02 01:14 - 2012-06-02 01:02 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-06-02 01:14 - 2012-06-02 01:02 - 00000000 ____D C:\Program Files\Xilisoft
2012-06-02 01:13 - 2012-06-02 01:13 - 00001869 ____A C:\Users\Public\Desktop\Xilisoft HD Video Converter.lnk
2012-06-02 01:03 - 2011-03-29 06:25 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\Xilisoft
2012-06-01 05:20 - 2012-06-01 05:20 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\4Media
2012-05-31 07:27 - 2009-02-09 07:22 - 00094208 ____A C:\Users\Dankesreiter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-31 07:09 - 2012-05-31 06:47 - 00000000 ____D C:\Users\Dankesreiter\AppData\Local\RapidSolution
2012-05-31 06:56 - 2012-05-31 06:56 - 00000000 ____D C:\Users\Dankesreiter\AppData\Local\CrashRpt
2012-05-31 06:52 - 2012-05-31 06:51 - 00000000 ____D C:\Users\All Users\RapidSolution
2012-05-31 05:41 - 2012-05-31 02:44 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\Any DVD Converter Professional
2012-05-31 05:34 - 2012-05-31 05:34 - 00000955 ____A C:\Users\Dankesreiter\Desktop\Format Factory.lnk
2012-05-31 05:33 - 2012-05-31 05:33 - 00000000 ____D C:\Program Files\FreeTime
2012-05-31 04:29 - 2011-12-25 10:30 - 00000000 ____D C:\Users\Dankesreiter\Documents\FIFA 12
2012-05-31 02:33 - 2012-05-31 02:33 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\AnvSoft
2012-05-31 02:28 - 2012-05-31 02:28 - 00000000 ____D C:\Program Files\AviSynth 2.5
2012-05-30 11:07 - 2012-05-24 09:47 - 00001382 ____A C:\user.js
2012-05-30 03:01 - 2012-05-30 02:36 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\WinAVI
2012-05-30 03:01 - 2012-05-30 02:36 - 00000000 ____D C:\Users\Dankesreiter\AppData\Local\WinAVI
2012-05-30 02:32 - 2011-02-02 09:00 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\GetRightToGo
2012-05-30 02:20 - 2009-02-10 05:01 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-05-30 01:18 - 2007-05-06 14:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-05-29 11:42 - 2012-05-29 11:42 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\XMedia Recode
2012-05-29 04:18 - 2009-03-17 11:30 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2012-05-28 09:25 - 2009-02-26 15:59 - 00000000 ____D C:\Users\Dankesreiter\AppData\Local\Google
2012-05-28 08:56 - 2012-05-28 08:56 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\Apowersoft
2012-05-27 10:15 - 2012-05-27 10:15 - 00000823 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-27 10:14 - 2012-05-27 10:14 - 00000000 ____D C:\Program Files\VideoLAN
2012-05-27 07:32 - 2012-05-27 07:23 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\systweak
2012-05-27 07:04 - 2012-05-27 07:04 - 00000000 ____D C:\Users\Dankesreiter\AppData\Roaming\mkvtoolnix
2012-05-27 06:47 - 2012-05-27 06:47 - 00000000 ____D C:\Users\All Users\Apple
2012-05-24 05:50 - 2010-02-07 00:00 - 00000572 ___AH C:\Windows\Tasks\Norton Security Scan for Dankesreiter.job
2012-05-23 04:27 - 2012-01-13 10:41 - 00000000 ____D C:\Program Files\Origin
2012-05-22 06:25 - 2012-05-09 09:29 - 00018432 ____A C:\Users\Dankesreiter\Documents\Bewerbung.wps
2012-05-22 06:19 - 2009-02-09 05:40 - 00009332 ____A C:\Users\Dankesreiter\AppData\Roaming\wklnhst.dat
2012-05-22 04:53 - 2010-10-01 09:31 - 00000000 ____D C:\Users\Dankesreiter\Desktop\jonas
2012-05-18 09:39 - 2011-06-09 05:44 - 00000000 ____D C:\Program Files\CDBurnerXP
2012-05-18 04:29 - 2011-06-09 05:45 - 00001698 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk
2012-05-17 07:35 - 2012-05-17 07:35 - 00069632 ____A C:\Users\Dankesreiter\Documents\htl bio.wps
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-TW
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-CN
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\uk-UA
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\tr-TR
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\th-TH
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sl-SI
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sk-SK
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ru-RU
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ro-RO
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-PT
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-BR
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pl-PL
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nl-NL
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nb-NO
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lv-LV
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lt-LT
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ko-KR
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ja-JP
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\it-IT
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hu-HU
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hr-HR
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\he-IL
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fr-FR
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fi-FI
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\et-EE
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\el-GR
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\bg-BG
2012-05-15 08:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ar-SA
2012-05-13 05:06 - 2006-11-02 02:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-12 06:49 - 2010-07-24 02:54 - 00000000 ____D C:\Program Files\Opera
2012-05-11 04:45 - 2007-05-06 14:56 - 00000000 ____D C:\Program Files\Common Files\NewTech Infosystems
2012-05-10 10:28 - 2006-11-02 07:31 - 00000000 ____D C:\Windows\System32\Drivers\de-DE
2012-05-10 10:27 - 2012-05-10 06:10 - 00020480 ____A C:\Users\Dankesreiter\Documents\lebenslauf.wps
2012-05-10 09:08 - 2012-05-10 09:08 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2012-05-10 09:08 - 2012-05-10 09:08 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2012-05-03 23:04 - 2012-05-03 23:04 - 02174976 ____A (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2012-04-26 13:12 - 2012-04-26 13:10 - 00022016 ____A C:\Users\Dankesreiter\Documents\TGA.wps
2012-04-26 11:05 - 2012-04-26 11:04 - 07524981 ____A C:\Users\Dankesreiter\Documents\Maroy_Ft_James_Stefano_-_She_Rocks_RooViieira_remi....mp3
2012-04-25 06:38 - 2012-04-25 06:38 - 00001822 ____A C:\Users\Public\Desktop\Hama Wireless LAN Utility.lnk
2012-04-25 06:38 - 2012-04-25 06:38 - 00000000 ____D C:\Program Files\Cisco
2012-04-25 05:55 - 2012-04-25 05:55 - 00000000 ____D C:\Program Files\Hama
2012-04-18 10:58 - 2006-11-02 03:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2012-04-13 03:22 - 2011-01-20 08:20 - 00015360 ____A C:\Users\Dankesreiter\Documents\hopo.wps
2012-04-13 03:17 - 2010-10-06 10:48 - 00000000 ____D C:\Users\Public\Games.temp
2012-03-23 10:55 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-03-20 10:44 - 2012-03-20 10:44 - 00171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-19 06:59 - 2011-06-29 11:41 - 00408576 ___AH C:\Users\Dankesreiter\Documents\photothumb.db

ZeroAccess:
C:\Windows\Installer\{085712da-271c-9fc7-2179-6d165a291683}
C:\Windows\Installer\{085712da-271c-9fc7-2179-6d165a291683}\@
C:\Windows\Installer\{085712da-271c-9fc7-2179-6d165a291683}\L
C:\Windows\Installer\{085712da-271c-9fc7-2179-6d165a291683}\n
C:\Windows\Installer\{085712da-271c-9fc7-2179-6d165a291683}\U

ZeroAccess:
C:\Users\Dankesreiter\AppData\Local\{085712da-271c-9fc7-2179-6d165a291683}
C:\Users\Dankesreiter\AppData\Local\{085712da-271c-9fc7-2179-6d165a291683}\@
C:\Users\Dankesreiter\AppData\Local\{085712da-271c-9fc7-2179-6d165a291683}\L
C:\Users\Dankesreiter\AppData\Local\{085712da-271c-9fc7-2179-6d165a291683}\n
C:\Users\Dankesreiter\AppData\Local\{085712da-271c-9fc7-2179-6d165a291683}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2006-11-02 00:35] - [2012-06-12 10:05] - 0279552 ____A (Microsoft Corporation) A246A7052A70C2E1BE4F7E54DF31E4DF

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 2046.88 MB
Available physical RAM: 1783.88 MB
Total Pagefile: 1978.58 MB
Available Pagefile: 1835.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:228.13 GB) (Free:133.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:227.87 GB) (Free:227.76 GB) NTFS
8 Drive j: (STORE N GO) (Removable) (Total:3.73 GB) (Free:1.57 GB) FAT32
9 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.53 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 Online 466 GB 466 GB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 32 KB
Partition 2 Primary 228 GB 10 GB
Partition 3 Primary 228 GB 238 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 X PQSERVICE NTFS Partition 10 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C ACER NTFS Partition 228 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 D DATA NTFS Partition 228 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

There are no partitions on this disk to show.

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3820 MB 4032 KB

======================================================================================================

Disk: 6
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 J STORE N GO FAT32 Removable 3820 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-06 04:22

======================= End Of Log ==========================
mfg

Trojan:Win32/Sirefef.ah kann nicht enfernt werden

Log-Analyse und Auswertung: Trojan:Win32/Sirefef.ah kann nicht enfernt werden

Trojan:Win32/Sirefef.ah kann nicht enfernt werden

Trojan:Win32/Sirefef.ah kann nicht enfernt werden

Ähnliche Themen: Trojan:Win32/Sirefef.ah kann nicht enfernt werden