|
Plagegeister aller Art und deren Bekämpfung: Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 MinuteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.08.2012, 10:09 | #1 |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Hallo, habe mir gestern den Virus "Sirefef" eingefangen. Mein System: -Win7 64bit Pro -Microsoft Security Essentials -keine anderen Sicherungsprogramme Ablauf: Während einer Internetrecherche erscheint plötzlich das Fenster "Benutzerkontensteuerung" zur Admin-Freigabe. Programmname, Hersteller etc. sind exakt die Angaben des Adobe Flash Player Updates. Ich bin verunsichert und klicke zunächst auf "Nein", das Fenster erscheint aber immer und immer wieder. Da die geöffnete Website wichtig war, klicke ich schließlich doch auf "Ja" um weiterarbeiten zu können. Unten rechts neben der Uhr könnte das Java-Symbol geleuchtet haben, obwohl ich keine Java-Inhalte abgerufen habe. Sofort meldet MSE einen Virusbefall und versucht zu bereinigen. > MSE stürzt ab. Ich deinstalliere und installiere MSE erneut. Bei der Installation kann MSE die Firewall nicht mehr aktivieren. Beim ersten Scan findet MSE dann die im Titel genannten Viren, sagt ein Neustart ist nötig, zeitgleich erscheint ein Dialogfenster von Windows: "Kritischer Fehler erkannt. Neustart in 1 Minute. Speichern sie ihre Daten" Bis hierhin war der PC mind. noch 10 Minuten mit dem Internet verbunden. Fortan konnte ich nur noch den PC hochfahren und 1 Minute verwenden (Dialogfenster erscheint sofort nach Start). Systemwiederherstellung aus der Start-Konsole findet keine Wiederherstellungspunkte... MSE startet beim Start nicht mehr/rechtzeitig. Analyse-Tools (OTL..) kann ich auch nicht rechtzeitig zum Laufen bringen. >mind. 5-7 Versuche, leider immer mit Inet-Verbindung. Lösungen? -Komplettes Löschen der gesamten Festplatte (alle Partitionen,MBR) -weitere? Hoffentlich Ich hoffe ihr könnt mir helfen, sodass ich einer Neuinstallation vllt. entkommen kann, bzw. sicher meine Daten sichern kann, ohne Virusteile mit zu kopieren. Danke im Vorraus! |
09.08.2012, 11:26 | #2 |
/// Helfer-Team | Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 MinuteMit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ |
09.08.2012, 12:37 | #3 |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Danke für die schnelle Antwort.
__________________Also ich habe das Programm ausgeführt. Nach "Do you wish to load the remote registry" wurde ich nicht gefragt. Es wurde auch keine Extras.txt erstellt lediglich die OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/9/2012 2:07:48 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 110.00 Gb Total Space | 8.50 Gb Free Space | 7.73% Space Free | Partition Type: NTFS Drive D: | 123.08 Gb Total Space | 18.47 Gb Free Space | 15.00% Space Free | Partition Type: NTFS Drive E: | 65.01 Gb Total Space | 38.28 Gb Free Space | 58.88% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/06/26 12:21:54 | 000,239,616 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/03/26 12:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 12:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/12/13 04:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/08/06 03:03:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/30 09:18:48 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/18 10:03:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/11 09:26:34 | 000,296,576 | ---- | M] (Steganos Software GmbH) [Auto] -- C:\Program Files (x86)\OkayFreedom\VPNService.exe -- (OkayFreedom VPN Starter Service) SRV - [2012/06/27 06:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/05/30 02:53:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/04/25 13:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/01/26 09:08:56 | 003,665,752 | ---- | M] () [Auto] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/13 04:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/12/13 04:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011/08/31 11:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc) SRV - [2010/07/08 06:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/06/26 13:36:26 | 010,256,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/06/26 11:22:10 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/05/18 13:50:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/03/24 07:08:23 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2012/03/20 14:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/06/02 01:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011/06/02 01:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011/06/02 01:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011/04/26 05:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/03 10:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System] -- C:\Windows\System32\drivers\STGMFEngine64.sys -- (STGMFEngine64) DRV:64bit: - [2010/02/24 06:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009/08/22 23:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2011/07/07 09:46:56 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010/02/17 08:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C E9 69 1A 97 07 CD 01 [binary data] IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_270.dll () FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012/04/09 05:20:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012/04/09 05:20:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 10:03:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 10:03:11 | 000,000,000 | ---D | M] [2012/07/05 09:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Extensions [2012/07/05 10:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Firefox\Profiles\slsie75b.default\extensions [2012/07/26 07:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Firefox\Profiles\v9113y5e.default\extensions [2012/07/05 09:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.XPI () (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012/07/18 10:03:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/14 18:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/14 18:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/14 18:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/14 18:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/14 18:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/14 18:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\Kilian_ON_C..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKU\Kilian_ON_C..\Run: [RfxSrvTray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell - "" = AutoRun O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/08/09 04:43:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.D2A32AB0FB2287A7 [2012/08/09 04:40:08 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8C2761D6686D7D15 [2012/08/09 04:34:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kilian\Desktop\OTL.exe [2012/08/08 14:25:56 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.99DF3ABB394E84E5 [2012/08/08 13:31:54 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.410513AFAC00BF4E [2012/08/08 13:27:07 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.13648EA584A08AC6 [2012/08/08 13:23:02 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.5906DD4C46EDAE31 [2012/08/08 13:18:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.46094B52FD5F3D59 [2012/08/08 12:59:19 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.95D64C207261B9EC [2012/08/08 12:53:48 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8F7DAD3C40059AB2 [2012/08/08 12:48:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012/08/08 12:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/08/08 12:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/08/08 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2012/08/08 12:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/08/08 12:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012/08/08 12:34:40 | 012,633,984 | ---- | C] (Microsoft Corporation) -- C:\Users\Kilian\Desktop\mseinstall.exe [2012/08/08 08:54:47 | 000,000,000 | ---D | C] -- C:\Windows\de [2012/08/08 08:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012/08/08 05:14:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2D36DB6B-A4BD-4430-A9EC-54BBB2729266} [2012/08/08 05:13:52 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{41F4B885-B215-4FE1-87C9-14EC0433D297} [2012/08/08 04:37:26 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{15A39281-DA12-4F44-9595-B670AB33590C} [2012/08/07 16:23:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{00265519-A56C-42C5-AB06-038895EB9F2C} [2012/08/07 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{A39A6767-3836-4B55-94B7-8CFF58EA5F24} [2012/08/07 03:29:40 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2B0A883C-13DD-4764-9A4F-AC56DBBB3040} [2012/08/07 03:29:18 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{1B3FA0F3-E05A-4F55-9042-F38F37B16C8D} [2012/08/07 03:12:12 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{665D92A6-2F78-4DDC-8926-B4AA45782597} [2012/08/07 01:55:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6529E9C4-AEE1-4282-AEE1-A59437825E8B} [2012/08/07 01:23:33 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{E9B3B1D2-D031-4537-BC7F-9FFCF4CA0180} [2012/08/06 07:46:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{22B860A0-86D2-45D5-86AF-AFF839D82815} [2012/08/06 07:46:35 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{8C2240A7-A3DB-437C-92F4-28C8F39FC9CE} [2012/08/06 06:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{43E9CE71-98CC-4CDE-96C1-68AB919146BB} [2012/08/06 05:44:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{FDAB17FA-74BB-4B16-BC32-60536A665B98} [2012/08/06 03:04:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\Macromedia [2012/08/06 03:04:43 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3CE68B40-8AF2-4B57-B7C5-7254C06C69E9} [2012/08/06 03:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{945047BD-2DFE-49F5-A30E-180F6228DECB} [2012/08/05 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{564D2BC1-685F-448B-9809-020200E4E023} [2012/08/05 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{205BBBA9-DC90-47B9-A7EE-99C020819A80} [2012/08/01 03:14:44 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{61EC093F-7CD7-46AA-B9B7-4EB4E58BA594} [2012/08/01 03:14:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{754F6952-699A-4C25-866C-0418482927B0} [2012/07/31 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DDD8717F-55D2-4446-B55E-E9E0C2836992} [2012/07/31 15:09:05 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6AEA86D9-9462-4E9A-97A5-5DCD8C0C10C6} [2012/07/31 14:35:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{39C6E035-17D1-4266-A305-4F8CA09303D2} [2012/07/31 02:57:41 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\Stronghold 3 [2012/07/31 02:28:08 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{BC44443C-0FD6-4F51-B2A4-24DB4BEDD447} [2012/07/31 02:27:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B397EFD3-8158-40DE-A51B-B3B49EFCE673} [2012/07/30 09:22:19 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012/07/30 09:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/07/30 09:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/07/30 09:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/07/30 08:55:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{46331FCD-CA44-4AA0-8954-FC8C0AFF07E4} [2012/07/30 08:55:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{ED5F6487-4BB1-49BF-BB42-98ED2C62E37A} [2012/07/29 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F6E06800-FA01-449E-BF8D-A1B263808962} [2012/07/29 15:11:37 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{86BA98F7-3C00-4BCE-8DF9-672C0F7A1125} [2012/07/29 02:50:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{54C12BC5-E3F2-488C-BA27-4F253AD25245} [2012/07/29 02:50:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D3E34700-6068-4502-AF56-6598B11E8500} [2012/07/28 03:39:44 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{5A01197B-87D9-4148-9FF2-B1729A1091AC} [2012/07/28 03:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{21EF2726-5B99-4C80-9BDF-9BEA8D53BEC7} [2012/07/27 20:54:00 | 000,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [2012/07/27 08:53:53 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3B3B3D61-D64B-465C-A986-FAD91F871D1A} [2012/07/27 08:53:29 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6989D9AF-47FF-4883-A613-74732D65B6AB} [2012/07/26 13:08:06 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll [2012/07/26 13:08:06 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll [2012/07/26 13:08:06 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll [2012/07/26 13:08:06 | 000,153,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl110.dll [2012/07/26 13:08:06 | 000,115,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcomp110.dll [2012/07/26 09:22:10 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll [2012/07/26 09:22:10 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll [2012/07/26 09:22:10 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll [2012/07/26 09:22:10 | 000,177,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll [2012/07/26 09:22:10 | 000,124,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll [2012/07/26 07:22:25 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DB956D4F-4BBB-4827-8F3E-11BB345F66A2} [2012/07/26 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{20B9196D-ECC2-474D-AAEA-D50A91BB4D92} [2012/07/25 14:27:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{837FC125-F251-41D3-9FE4-2FF46A0491A5} [2012/07/25 14:27:34 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{52C78030-8992-436E-AE58-6B23E7E1979A} [2012/07/25 01:40:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2A16B712-3957-4F96-A79D-87ED53EE930D} [2012/07/25 01:39:49 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DD6122B9-6FAC-4A10-8B35-56824D0EE730} [2012/07/24 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\3DMark 11 [2012/07/24 05:35:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{36C53421-C515-4AF9-AB83-B97BFD17A8E3} [2012/07/24 05:35:05 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{7D8AD1D0-AE71-46F0-BB30-C1E09818D9C3} [2012/07/23 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{35F7E946-07E3-40C1-AEE6-1AFCC8F558C5} [2012/07/23 14:15:24 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\Podcast Studio [2012/07/23 14:14:48 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\SysWow64\advdaudio.ocx [2012/07/23 14:14:47 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll [2012/07/23 14:14:47 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll [2012/07/23 14:14:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll [2012/07/23 14:14:46 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll [2012/07/23 14:14:46 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll [2012/07/23 14:14:46 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll [2012/07/23 14:14:46 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll [2012/07/23 14:14:45 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax [2012/07/23 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\concept design [2012/07/23 14:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\concept design [2012/07/23 11:26:40 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\NFSTR [2012/07/23 11:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012/07/23 10:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed(TM) The Run [2012/07/23 10:40:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012/07/23 04:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{ADB62121-EFF3-4D5A-83A1-86363248B416} [2012/07/23 04:39:18 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{4C618B48-46D1-4C71-A731-9F39C7E662B1} [2012/07/22 16:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Tobit [2012/07/22 16:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software [2012/07/22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tobit Radio.fx [2012/07/22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit [2012/07/22 16:25:43 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe [2012/07/22 16:25:43 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe [2012/07/22 11:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom [2012/07/22 11:55:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3438DCFC-0FC1-4CDA-BBD5-7BDE9F85A5C9} [2012/07/22 11:55:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B2DADBBA-7A13-4C71-B3B0-A55BD0C9C45A} [2012/07/20 07:03:24 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{30DE8281-603B-4C48-A991-0B5662C2D4B1} [2012/07/20 07:03:12 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{97C82C63-1FB5-4F18-B738-DBCA54F0AB87} [2012/07/20 04:34:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6BC89ADB-B5CB-4273-B747-B1519DFBA8D2} [2012/07/19 15:05:29 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{569564B6-5132-41FC-8FE8-353D0D7CC65D} [2012/07/19 15:05:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{55C91429-A3EC-4121-899E-BAEFA96F55B8} [2012/07/19 03:00:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{0944B6F2-EB49-433B-A5F3-94A81D269C52} [2012/07/19 03:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{934FF342-3149-4016-B71B-E59F90BE67D1} [2012/07/18 07:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012/07/18 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012/07/18 07:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/07/18 06:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012/07/18 05:41:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CD00B4D5-78AB-4A65-9F69-8E2DFE1C9427} [2012/07/18 05:40:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{330A37C2-1EB5-439C-8E4F-689B9E1B2863} [2012/07/17 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\AudioXP [2012/07/17 16:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioExpert [2012/07/17 16:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioExpert [2012/07/17 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\Geckofx [2012/07/17 09:49:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CAC41E6B-14BA-41AF-9BA5-615304647569} [2012/07/17 09:48:57 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{79BC0701-9BFF-4602-9D1C-01CDC5A2DE00} [2012/07/16 13:56:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CD37F23A-AD08-4FB1-8450-FE81E4D53388} [2012/07/16 13:56:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B3F3EC7B-12A4-444A-A38E-BE9B72880257} [2012/07/16 01:13:56 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{14311B34-2569-49D7-BAE4-36A3F5EA9F53} [2012/07/16 01:13:31 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D11DB065-D0C8-491E-AE44-99067FFE2EBC} [2012/07/15 05:00:49 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{29539E34-0F3B-46C5-AAE8-E73803E94D78} [2012/07/15 05:00:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B6AF6B92-FD5F-4A17-9431-B6A2858D1970} [2012/07/14 19:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D1AB1454-FFA0-449E-90C3-9210FE4C9B83} [2012/07/14 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6B93524C-355C-4F24-B70C-0A638531A871} [2012/07/14 02:36:35 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D7E4CB9B-1241-4265-980B-EAD0D31D4AF2} [2012/07/14 02:36:23 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2CF42721-9A8C-4916-BB6A-17B76DEDEC79} [2012/07/13 03:03:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{9B9CC927-537F-4A2D-9B42-AF3CFB235E00} [2012/07/13 03:03:09 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F00E7599-2058-4B58-8863-899538E8D297} [2012/07/12 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F810049F-21A6-4363-AEF9-F9361EA219D7} [2012/07/12 09:31:51 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{29D8FB58-B60F-4286-B086-348C98005177} [2012/07/12 08:51:34 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{AED5362E-8024-4EC6-A67C-E6E17800AFC5} [2012/07/11 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\MusicBee [2012/07/11 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\LocalGoogle [2012/07/11 14:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012/07/11 05:34:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{A120A441-FDB8-4B43-9836-92989D949E04} [2012/07/11 05:34:00 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D266341C-F003-4516-9BE2-472D849698E5} [2012/07/11 02:28:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll [2012/07/11 02:28:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/11 02:28:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/07/11 02:28:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/11 02:28:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/07/11 02:28:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/11 02:28:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/07/11 02:28:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/11 02:28:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/07/11 02:28:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/07/11 02:28:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/11 02:28:01 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2012/07/11 02:28:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2012/07/11 02:28:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 02:26:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/11 02:26:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012/07/11 02:26:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012/07/11 02:26:49 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll [2012/07/11 02:26:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/11 02:26:44 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012/07/10 15:16:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CCDBD618-3080-4D76-99A9-9DBB6A8D244E} [2012/07/10 15:16:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D6CEC54E-2C20-40FE-BD9C-9A2119D4C7A8} [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/09 04:47:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/09 04:46:14 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe [2012/08/09 04:45:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/09 04:43:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.D2A32AB0FB2287A7 [2012/08/09 04:42:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/09 04:40:08 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8C2761D6686D7D15 [2012/08/09 04:34:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kilian\Desktop\OTL.exe [2012/08/09 04:34:00 | 000,050,477 | ---- | M] () -- C:\Users\Kilian\Desktop\Defogger.exe [2012/08/08 14:25:56 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.99DF3ABB394E84E5 [2012/08/08 13:31:54 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.410513AFAC00BF4E [2012/08/08 13:27:07 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.13648EA584A08AC6 [2012/08/08 13:23:02 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.5906DD4C46EDAE31 [2012/08/08 13:18:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.46094B52FD5F3D59 [2012/08/08 12:59:19 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.95D64C207261B9EC [2012/08/08 12:53:48 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8F7DAD3C40059AB2 [2012/08/08 12:49:01 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/08 12:49:01 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/08 12:46:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/08/08 12:45:34 | 000,001,924 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/08/08 12:45:29 | 001,520,484 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/08/08 12:45:29 | 000,654,124 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/08/08 12:45:29 | 000,616,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/08/08 12:45:29 | 000,130,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/08/08 12:45:29 | 000,106,454 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/08/08 12:36:05 | 000,001,086 | ---- | M] () -- C:\Users\Kilian\Desktop\Kaspersky Security Scan.lnk [2012/08/08 12:34:45 | 012,633,984 | ---- | M] (Microsoft Corporation) -- C:\Users\Kilian\Desktop\mseinstall.exe [2012/08/08 12:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/08 08:54:33 | 000,001,314 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012/08/08 08:54:21 | 000,001,383 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012/08/08 08:53:51 | 000,001,467 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012/08/06 12:58:15 | 000,147,242 | ---- | M] () -- C:\Users\Kilian\Desktop\BF.jpg [2012/08/06 03:03:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/06 03:03:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/05 15:07:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012/07/31 10:51:44 | 002,124,670 | ---- | M] () -- C:\Users\Kilian\Desktop\DSC_0023.JPG [2012/07/30 09:22:19 | 000,000,221 | ---- | M] () -- C:\Users\Kilian\Desktop\Stronghold 3.url [2012/07/30 09:18:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/07/27 20:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [2012/07/26 13:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll [2012/07/26 13:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll [2012/07/26 13:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll [2012/07/26 13:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\atl110.dll [2012/07/26 13:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vcomp110.dll [2012/07/26 09:22:10 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll [2012/07/26 09:22:10 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll [2012/07/26 09:22:10 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll [2012/07/26 09:22:10 | 000,177,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll [2012/07/26 09:22:10 | 000,124,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll [2012/07/23 10:40:22 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed(TM) The Run.lnk [2012/07/23 10:40:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed(TM) The Run [2012/07/23 10:40:21 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2012/07/22 16:25:58 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Radio.fx.LNK [2012/07/22 16:25:58 | 000,002,096 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Radio.fx.LNK [2012/07/22 16:25:58 | 000,002,082 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\djukebox.LNK [2012/07/22 16:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software [2012/07/22 11:56:32 | 000,001,110 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OkayFreedom.lnk [2012/07/22 11:56:32 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\OkayFreedom.lnk [2012/07/22 11:56:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom [2012/07/18 07:22:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/07/17 16:29:21 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\AudioExpert.lnk [2012/07/17 16:29:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioExpert [2012/07/11 15:17:31 | 000,001,727 | ---- | M] () -- C:\Users\Kilian\Desktop\Google Drive.lnk [2012/07/11 05:29:56 | 002,280,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/09 04:34:25 | 000,050,477 | ---- | C] () -- C:\Users\Kilian\Desktop\Defogger.exe [2012/08/08 12:45:34 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/08/08 12:36:17 | 000,001,086 | ---- | C] () -- C:\Users\Kilian\Desktop\Kaspersky Security Scan.lnk [2012/08/08 08:54:33 | 000,001,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012/08/08 08:54:21 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012/08/06 12:58:14 | 000,147,242 | ---- | C] () -- C:\Users\Kilian\Desktop\BF.jpg [2012/07/31 10:51:43 | 002,124,670 | ---- | C] () -- C:\Users\Kilian\Desktop\DSC_0023.JPG [2012/07/30 09:22:19 | 000,000,221 | ---- | C] () -- C:\Users\Kilian\Desktop\Stronghold 3.url [2012/07/23 14:14:48 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012/07/23 14:14:47 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012/07/23 14:14:46 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012/07/23 10:40:22 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed(TM) The Run.lnk [2012/07/22 16:25:58 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Radio.fx.LNK [2012/07/22 16:25:58 | 000,002,096 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Radio.fx.LNK [2012/07/22 16:25:58 | 000,002,082 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\djukebox.LNK [2012/07/22 16:25:43 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012/07/22 11:56:32 | 000,001,110 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OkayFreedom.lnk [2012/07/22 11:56:32 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\OkayFreedom.lnk [2012/07/17 16:29:21 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\AudioExpert.lnk [2012/07/11 15:17:31 | 000,001,727 | ---- | C] () -- C:\Users\Kilian\Desktop\Google Drive.lnk [2012/05/23 12:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/05/05 15:58:29 | 000,007,640 | ---- | C] () -- C:\Users\Kilian\AppData\Local\Resmon.ResmonCfg [2012/04/16 10:48:57 | 000,006,656 | ---- | C] () -- C:\Users\Kilian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/09 07:20:16 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini [2012/04/09 02:44:40 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012/04/09 02:44:40 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012/04/09 02:44:40 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012/04/09 02:44:40 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012/04/09 02:44:40 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012/04/09 02:44:40 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012/04/09 02:44:40 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012/04/09 02:44:40 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012/04/09 02:44:40 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012/04/09 02:44:40 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012/04/09 02:44:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012/04/09 02:44:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012/04/09 02:44:40 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012/04/09 02:44:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012/04/09 02:44:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012/04/09 02:44:40 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012/04/09 02:44:40 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012/04/09 02:44:40 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012/04/09 02:44:40 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012/03/28 16:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/03/28 16:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/03/28 16:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/03/28 16:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/03/24 08:00:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012/03/24 08:00:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012/03/24 07:10:08 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012/03/24 07:10:08 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012/03/24 06:52:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/03/22 12:21:13 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2012/03/22 12:21:13 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E} [2012/03/21 15:35:05 | 001,520,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/21 15:28:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/03/09 08:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/04/09 13:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll [2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012/04/09 08:16:25 | 000,000,000 | -HSD | M] -- C:\Users\Kilian\AppData\Roaming\.# [2012/07/17 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\AllDup [2012/07/01 14:25:46 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Android [2012/06/25 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Audacity [2012/07/18 10:48:40 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\AudioXP [2012/07/23 14:22:04 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\concept design [2012/06/04 03:42:42 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\CrystalIdea Software [2012/06/16 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\D01 Software Manager [2012/07/04 12:51:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\DAEMON Tools Lite [2012/03/22 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Degener [2012/06/22 03:36:00 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Downloaded Installations [2012/07/14 08:10:05 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Dropbox [2012/04/25 06:33:08 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\DVDVideoSoft [2012/06/22 03:37:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FileOpen [2012/07/08 04:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Folder2List [2012/06/24 03:00:22 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FreeFLVConverter [2012/03/29 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FRITZ! [2012/07/05 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\GHISLER [2012/05/15 06:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\IrfanView [2012/04/29 10:20:42 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Leadertech [2012/06/24 07:19:34 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Mirillis [2012/07/17 16:15:21 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Mp3tag [2012/07/12 09:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\MusicBee [2012/04/23 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\MusicBrainz [2012/06/22 03:38:58 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Nitro PDF [2012/07/02 12:40:09 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Notepad++ [2012/03/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Nvu [2012/03/22 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Origin [2012/05/25 05:39:29 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\ProtectDISC [2012/07/07 03:27:13 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Samsung [2012/06/10 05:07:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Steganos [2012/07/08 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Steganos VPN [2012/06/18 12:45:39 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\streamWriter [2012/03/27 09:57:20 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\TeamViewer [2012/06/13 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Temp [2012/07/22 16:26:03 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Tobit [2012/07/07 03:48:45 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\TuneUp Software [2012/03/26 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Windows Live Writer [2012/05/12 05:43:31 | 000,000,000 | ---D | M] -- C:\ProgramData\AllDup [2012/05/06 03:00:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD [2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012/03/23 13:44:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2012/05/18 13:54:54 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2012/03/22 12:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2012/04/29 10:44:14 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core [2012/07/24 06:29:36 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs [2012/06/24 12:50:49 | 000,000,000 | ---D | M] -- C:\ProgramData\eBay [2012/07/23 11:26:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012/06/22 03:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\FileOpen [2012/07/31 02:57:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios [2012/06/24 07:19:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Mirillis [2012/06/22 03:36:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF [2012/07/23 11:26:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin [2012/04/09 03:03:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic [2012/06/11 08:39:59 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution [2012/07/07 03:27:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012/07/07 03:49:15 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2012/07/07 03:47:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2012/04/24 06:16:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/07/30 02:17:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
09.08.2012, 13:07 | #4 |
/// Helfer-Team | Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Fixen mit OTLpe
Code:
ATTFilter :OTL IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found File not found (No name found) -- O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell - "" = AutoRun O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2012/04/09 08:16:25 | 000,000,000 | -HSD | M] -- C:\Users\Kilian\AppData\Roaming\.# :Files c:\ProgramData\*.exe C:\Users\Kilian\AppData\Roaming\*.exe ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
|
09.08.2012, 13:35 | #5 | |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute So, hier die Log-File: Code:
ATTFilter ========== OTL ========== HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: true removed from browser.search.openintab Prefs.js: false removed from browser.search.suggest.enabled Prefs.js: "hxxp://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476" removed from browser.startup.homepage 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found. Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found. File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found. File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found. File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. X:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found. File G:\setup.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\Windows\SysWow64\tmpB386.tmp deleted successfully. C:\Windows\SysWow64\tmpB397.tmp deleted successfully. C:\Users\Kilian\AppData\Roaming\.# folder moved successfully. ========== FILES ========== File\Folder c:\ProgramData\*.exe not found. File\Folder C:\Users\Kilian\AppData\Roaming\*.exe not found. < ipconfig /flushdns /c > Windows IP Configuration An internal error occurred: The system cannot find the file specified. Please contact Microsoft Product Support Services for further help. Additional information: Unable to open registry key for tcpip. C:\cmd.bat deleted successfully. C:\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kilian ->Temp folder emptied: 54952054 bytes ->Temporary Internet Files folder emptied: 56841760 bytes ->Java cache emptied: 5178758 bytes ->FireFox cache emptied: 225790084 bytes ->Flash cache emptied: 4113 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1024485305 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46212769 bytes Total Files Cleaned = 1,348.00 mb [EMPTYFLASH] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kilian ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 08092012_162420 EDIT: 2.Neustart: Start geht an sich dtl. schneller als beim 1.Mal. "Kritischer Fehler..." erscheint wieder. MSE sagt jetzt nicht nur "Jetzt neustarten" sondern warnt vor einer Bedrohung und fordert zum bereinigen auf. Die Details lauten: Hier die Details als Fotografie vom Bildschirm, Hoffentlich kann mans sehen: Image-Link geht iwie nicht (IMG) Zitat:
Geändert von jokifeki (09.08.2012 um 13:55 Uhr) |
10.08.2012, 14:41 | #6 |
/// Helfer-Team | Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Kannst du ihn entfernen lassen?
__________________ --> Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute |
12.08.2012, 18:06 | #7 |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute nein, nach "kritischer Fehler..." klick auf "Jetzt bereinigen" kommt "Jetzt neustarten (in MSE)". Nach dem "Neustart" erscheint wieder "Kritischer Fehler" und bei MSE gleich "Jetzt neustarten"....und eben immer so weiter. Gibt es noch Hoffnung? Danke! |
12.08.2012, 18:12 | #8 |
/// Helfer-Team | Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
12.08.2012, 18:30 | #9 |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Problem könnte sein, dass ich ja weiterhin nur 1 Minute Zeit habe, da der PC ja nach dieser Nachricht "Kritscher Fehler - Neustart in 1 Minute", den Countdown startet. Aber ich probiers mal. |
12.08.2012, 19:46 | #10 |
/// Helfer-Team | Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Auch im abgesichertem Modus? |
12.08.2012, 20:04 | #11 |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Ja, aber durch die kürzeren Ladezeiten konnte ich das 1.Programm installieren und 40000 Objekte scannen lassen - dann war wieder Schluss. Das 2.Programm konnte ich laufen lassen, hab da auch die Datei erhalten. Bringt die etwas? Ich habe davor Schritt 1 ja nicht ausführen können. |
12.08.2012, 20:25 | #12 |
/// Helfer-Team | Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Ist das auch im abgesicherten Modus der Fall? |
12.08.2012, 20:35 | #13 |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Ja genau, auch im abgesicherten Modus (egal ob mit oder ohne Netzwerktreiber). Ich komme momentan nicht weiter... |
12.08.2012, 20:48 | #14 |
/// Helfer-Team | Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Das Problem ist: eine Systemdatei wurde infiziert. Das erkennt Windows und stoppt. Versuche (im normalen Modus): Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
12.08.2012, 21:17 | #15 |
| Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute Geht leider nicht. Ich hab einfach zuwenig Zeit - 1 Minute kann so verdammt kurz sein... Die Installation startet zwar, aber läuft nichtmal bis zur Hälfte durch. MSE deaktivieren ist erst recht nicht möglich. Dafür hat MSE aber beim 3. Versuch eine Bereinigung vorgeschlagen - nach dem Start der Bereinigung war dann MSE aber plötzlich nicht mehr aufzufinden.... Es gibt glaube ich nur noch 3 Möglichkeiten: - Auto-Neustart deaktivieren > Bereinigen o.ä. - Zugriff auf Festplatte von anderem OS > könnte evtl. per Win8-Test USB-Stick starten oder evtl. die von dir beschriebene CD... - Neuaufsetzen des OS > viieeel Arbeit... Da ich heute Windows gar nicht mehr zum Desktop hochfahren konnte (1 Minute verstreicht mit der Anmeldung) tendiere ich jetzt zum Neuaufsetzen. Oder gibt es noch eine Möglichkeit? |
Themen zu Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute |
adobe, adobe flash player, fehler, festplatte, firewall, flash player, hochfahren, installation, klicke, löschen, neuinstallation, neustart, nicht mehr, pc hochfahren, plötzlich, scan, security, sirefef, speicher, startet, system, systemwiederherstellung, viren, virus, wichtig, win, win64/sirefef., win64/sirefef.ab, win64/sirefef.w, windows |