Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Plagegeister aller Art und deren Bekämpfung: Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 09.08.2012, 10:09   #1
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Hallo,

habe mir gestern den Virus "Sirefef" eingefangen.

Mein System:

-Win7 64bit Pro
-Microsoft Security Essentials
-keine anderen Sicherungsprogramme

Ablauf:

Während einer Internetrecherche erscheint plötzlich das Fenster "Benutzerkontensteuerung" zur Admin-Freigabe. Programmname, Hersteller etc. sind exakt die Angaben des Adobe Flash Player Updates. Ich bin verunsichert und klicke zunächst auf "Nein", das Fenster erscheint aber immer und immer wieder. Da die geöffnete Website wichtig war, klicke ich schließlich doch auf "Ja" um weiterarbeiten zu können. Unten rechts neben der Uhr könnte das Java-Symbol geleuchtet haben, obwohl ich keine Java-Inhalte abgerufen habe.

Sofort meldet MSE einen Virusbefall und versucht zu bereinigen. > MSE stürzt ab. Ich deinstalliere und installiere MSE erneut. Bei der Installation kann MSE die Firewall nicht mehr aktivieren.
Beim ersten Scan findet MSE dann die im Titel genannten Viren, sagt ein Neustart ist nötig, zeitgleich erscheint ein Dialogfenster von Windows:
"Kritischer Fehler erkannt. Neustart in 1 Minute. Speichern sie ihre Daten"

Bis hierhin war der PC mind. noch 10 Minuten mit dem Internet verbunden.

Fortan konnte ich nur noch den PC hochfahren und 1 Minute verwenden (Dialogfenster erscheint sofort nach Start). Systemwiederherstellung aus der Start-Konsole findet keine Wiederherstellungspunkte...
MSE startet beim Start nicht mehr/rechtzeitig. Analyse-Tools (OTL..) kann ich auch nicht rechtzeitig zum Laufen bringen.
>mind. 5-7 Versuche, leider immer mit Inet-Verbindung.

Lösungen?
-Komplettes Löschen der gesamten Festplatte (alle Partitionen,MBR)
-weitere? Hoffentlich

Ich hoffe ihr könnt mir helfen, sodass ich einer Neuinstallation vllt. entkommen kann, bzw. sicher meine Daten sichern kann, ohne Virusteile mit zu kopieren.

Danke im Vorraus!

Alt 09.08.2012, 11:26   #2
t'john
/// Helfer-Team
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute




Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:


Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________

__________________
Alt 09.08.2012, 12:37   #3
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Danke für die schnelle Antwort.

Also ich habe das Programm ausgeführt.

Nach "Do you wish to load the remote registry" wurde ich nicht gefragt.
Es wurde auch keine Extras.txt erstellt lediglich die OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/9/2012 2:07:48 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110.00 Gb Total Space | 8.50 Gb Free Space | 7.73% Space Free | Partition Type: NTFS
Drive D: | 123.08 Gb Total Space | 18.47 Gb Free Space | 15.00% Space Free | Partition Type: NTFS
Drive E: | 65.01 Gb Total Space | 38.28 Gb Free Space | 58.88% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/06/26 12:21:54 | 000,239,616 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 12:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 12:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/13 04:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/06 03:03:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/30 09:18:48 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/18 10:03:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 09:26:34 | 000,296,576 | ---- | M] (Steganos Software GmbH) [Auto] -- C:\Program Files (x86)\OkayFreedom\VPNService.exe -- (OkayFreedom VPN Starter Service)
SRV - [2012/06/27 06:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/05/30 02:53:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/25 13:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/26 09:08:56 | 003,665,752 | ---- | M] () [Auto] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/13 04:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/13 04:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/31 11:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
SRV - [2010/07/08 06:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/06/26 13:36:26 | 010,256,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/26 11:22:10 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/18 13:50:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/24 07:08:23 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2012/03/20 14:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/06/02 01:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 01:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 01:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/04/26 05:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/03 10:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System] -- C:\Windows\System32\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010/02/24 06:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/08/22 23:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011/07/07 09:46:56 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/17 08:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Kilian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C E9 69 1A 97 07 CD 01  [binary data]
IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_270.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{09F060FA-566D-42D7-BF79-97AB30863433}: C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012/04/09 05:20:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012/04/09 05:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 10:03:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 10:03:11 | 000,000,000 | ---D | M]
 
[2012/07/05 09:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Extensions
[2012/07/05 10:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Firefox\Profiles\slsie75b.default\extensions
[2012/07/26 07:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kilian\AppData\Roaming\Mozilla\Firefox\Profiles\v9113y5e.default\extensions
[2012/07/05 09:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.XPI
() (No name found) -- C:\USERS\KILIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V9113Y5E.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/07/18 10:03:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/14 18:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/14 18:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/14 18:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/14 18:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Kilian_ON_C..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\Kilian_ON_C..\Run: [RfxSrvTray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell - "" = AutoRun
O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/09 04:43:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.D2A32AB0FB2287A7
[2012/08/09 04:40:08 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8C2761D6686D7D15
[2012/08/09 04:34:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kilian\Desktop\OTL.exe
[2012/08/08 14:25:56 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.99DF3ABB394E84E5
[2012/08/08 13:31:54 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.410513AFAC00BF4E
[2012/08/08 13:27:07 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.13648EA584A08AC6
[2012/08/08 13:23:02 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.5906DD4C46EDAE31
[2012/08/08 13:18:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.46094B52FD5F3D59
[2012/08/08 12:59:19 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.95D64C207261B9EC
[2012/08/08 12:53:48 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8F7DAD3C40059AB2
[2012/08/08 12:48:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/08 12:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/08 12:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/08 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/08/08 12:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/08/08 12:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/08/08 12:34:40 | 012,633,984 | ---- | C] (Microsoft Corporation) -- C:\Users\Kilian\Desktop\mseinstall.exe
[2012/08/08 08:54:47 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012/08/08 08:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/08/08 05:14:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2D36DB6B-A4BD-4430-A9EC-54BBB2729266}
[2012/08/08 05:13:52 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{41F4B885-B215-4FE1-87C9-14EC0433D297}
[2012/08/08 04:37:26 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{15A39281-DA12-4F44-9595-B670AB33590C}
[2012/08/07 16:23:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{00265519-A56C-42C5-AB06-038895EB9F2C}
[2012/08/07 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{A39A6767-3836-4B55-94B7-8CFF58EA5F24}
[2012/08/07 03:29:40 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2B0A883C-13DD-4764-9A4F-AC56DBBB3040}
[2012/08/07 03:29:18 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{1B3FA0F3-E05A-4F55-9042-F38F37B16C8D}
[2012/08/07 03:12:12 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{665D92A6-2F78-4DDC-8926-B4AA45782597}
[2012/08/07 01:55:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6529E9C4-AEE1-4282-AEE1-A59437825E8B}
[2012/08/07 01:23:33 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{E9B3B1D2-D031-4537-BC7F-9FFCF4CA0180}
[2012/08/06 07:46:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{22B860A0-86D2-45D5-86AF-AFF839D82815}
[2012/08/06 07:46:35 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{8C2240A7-A3DB-437C-92F4-28C8F39FC9CE}
[2012/08/06 06:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{43E9CE71-98CC-4CDE-96C1-68AB919146BB}
[2012/08/06 05:44:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{FDAB17FA-74BB-4B16-BC32-60536A665B98}
[2012/08/06 03:04:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\Macromedia
[2012/08/06 03:04:43 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3CE68B40-8AF2-4B57-B7C5-7254C06C69E9}
[2012/08/06 03:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{945047BD-2DFE-49F5-A30E-180F6228DECB}
[2012/08/05 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{564D2BC1-685F-448B-9809-020200E4E023}
[2012/08/05 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{205BBBA9-DC90-47B9-A7EE-99C020819A80}
[2012/08/01 03:14:44 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{61EC093F-7CD7-46AA-B9B7-4EB4E58BA594}
[2012/08/01 03:14:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{754F6952-699A-4C25-866C-0418482927B0}
[2012/07/31 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DDD8717F-55D2-4446-B55E-E9E0C2836992}
[2012/07/31 15:09:05 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6AEA86D9-9462-4E9A-97A5-5DCD8C0C10C6}
[2012/07/31 14:35:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{39C6E035-17D1-4266-A305-4F8CA09303D2}
[2012/07/31 02:57:41 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\Stronghold 3
[2012/07/31 02:28:08 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{BC44443C-0FD6-4F51-B2A4-24DB4BEDD447}
[2012/07/31 02:27:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B397EFD3-8158-40DE-A51B-B3B49EFCE673}
[2012/07/30 09:22:19 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/30 09:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/30 09:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/30 09:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/30 08:55:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{46331FCD-CA44-4AA0-8954-FC8C0AFF07E4}
[2012/07/30 08:55:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{ED5F6487-4BB1-49BF-BB42-98ED2C62E37A}
[2012/07/29 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F6E06800-FA01-449E-BF8D-A1B263808962}
[2012/07/29 15:11:37 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{86BA98F7-3C00-4BCE-8DF9-672C0F7A1125}
[2012/07/29 02:50:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{54C12BC5-E3F2-488C-BA27-4F253AD25245}
[2012/07/29 02:50:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D3E34700-6068-4502-AF56-6598B11E8500}
[2012/07/28 03:39:44 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{5A01197B-87D9-4148-9FF2-B1729A1091AC}
[2012/07/28 03:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{21EF2726-5B99-4C80-9BDF-9BEA8D53BEC7}
[2012/07/27 20:54:00 | 000,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012/07/27 08:53:53 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3B3B3D61-D64B-465C-A986-FAD91F871D1A}
[2012/07/27 08:53:29 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6989D9AF-47FF-4883-A613-74732D65B6AB}
[2012/07/26 13:08:06 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/07/26 13:08:06 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/07/26 13:08:06 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/07/26 13:08:06 | 000,153,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl110.dll
[2012/07/26 13:08:06 | 000,115,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcomp110.dll
[2012/07/26 09:22:10 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2012/07/26 09:22:10 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2012/07/26 09:22:10 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2012/07/26 09:22:10 | 000,177,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll
[2012/07/26 09:22:10 | 000,124,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll
[2012/07/26 07:22:25 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DB956D4F-4BBB-4827-8F3E-11BB345F66A2}
[2012/07/26 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{20B9196D-ECC2-474D-AAEA-D50A91BB4D92}
[2012/07/25 14:27:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{837FC125-F251-41D3-9FE4-2FF46A0491A5}
[2012/07/25 14:27:34 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{52C78030-8992-436E-AE58-6B23E7E1979A}
[2012/07/25 01:40:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2A16B712-3957-4F96-A79D-87ED53EE930D}
[2012/07/25 01:39:49 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{DD6122B9-6FAC-4A10-8B35-56824D0EE730}
[2012/07/24 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\3DMark 11
[2012/07/24 05:35:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{36C53421-C515-4AF9-AB83-B97BFD17A8E3}
[2012/07/24 05:35:05 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{7D8AD1D0-AE71-46F0-BB30-C1E09818D9C3}
[2012/07/23 16:40:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{35F7E946-07E3-40C1-AEE6-1AFCC8F558C5}
[2012/07/23 14:15:24 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\Podcast Studio
[2012/07/23 14:14:48 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\SysWow64\advdaudio.ocx
[2012/07/23 14:14:47 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2012/07/23 14:14:47 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2012/07/23 14:14:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2012/07/23 14:14:46 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2012/07/23 14:14:46 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2012/07/23 14:14:46 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2012/07/23 14:14:46 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2012/07/23 14:14:45 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\SysWow64\flvsplitter.ax
[2012/07/23 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\concept design
[2012/07/23 14:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\concept design
[2012/07/23 11:26:40 | 000,000,000 | ---D | C] -- C:\Users\Kilian\Documents\NFSTR
[2012/07/23 11:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/07/23 10:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed(TM) The Run
[2012/07/23 10:40:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/07/23 04:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{ADB62121-EFF3-4D5A-83A1-86363248B416}
[2012/07/23 04:39:18 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{4C618B48-46D1-4C71-A731-9F39C7E662B1}
[2012/07/22 16:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\Tobit
[2012/07/22 16:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
[2012/07/22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tobit Radio.fx
[2012/07/22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit
[2012/07/22 16:25:43 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2012/07/22 16:25:43 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2012/07/22 11:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
[2012/07/22 11:55:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{3438DCFC-0FC1-4CDA-BBD5-7BDE9F85A5C9}
[2012/07/22 11:55:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B2DADBBA-7A13-4C71-B3B0-A55BD0C9C45A}
[2012/07/20 07:03:24 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{30DE8281-603B-4C48-A991-0B5662C2D4B1}
[2012/07/20 07:03:12 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{97C82C63-1FB5-4F18-B738-DBCA54F0AB87}
[2012/07/20 04:34:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6BC89ADB-B5CB-4273-B747-B1519DFBA8D2}
[2012/07/19 15:05:29 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{569564B6-5132-41FC-8FE8-353D0D7CC65D}
[2012/07/19 15:05:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{55C91429-A3EC-4121-899E-BAEFA96F55B8}
[2012/07/19 03:00:46 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{0944B6F2-EB49-433B-A5F3-94A81D269C52}
[2012/07/19 03:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{934FF342-3149-4016-B71B-E59F90BE67D1}
[2012/07/18 07:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/18 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/18 07:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/18 06:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/07/18 05:41:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CD00B4D5-78AB-4A65-9F69-8E2DFE1C9427}
[2012/07/18 05:40:42 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{330A37C2-1EB5-439C-8E4F-689B9E1B2863}
[2012/07/17 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\AudioXP
[2012/07/17 16:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioExpert
[2012/07/17 16:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioExpert
[2012/07/17 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\Geckofx
[2012/07/17 09:49:20 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CAC41E6B-14BA-41AF-9BA5-615304647569}
[2012/07/17 09:48:57 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{79BC0701-9BFF-4602-9D1C-01CDC5A2DE00}
[2012/07/16 13:56:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CD37F23A-AD08-4FB1-8450-FE81E4D53388}
[2012/07/16 13:56:04 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B3F3EC7B-12A4-444A-A38E-BE9B72880257}
[2012/07/16 01:13:56 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{14311B34-2569-49D7-BAE4-36A3F5EA9F53}
[2012/07/16 01:13:31 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D11DB065-D0C8-491E-AE44-99067FFE2EBC}
[2012/07/15 05:00:49 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{29539E34-0F3B-46C5-AAE8-E73803E94D78}
[2012/07/15 05:00:27 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{B6AF6B92-FD5F-4A17-9431-B6A2858D1970}
[2012/07/14 19:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D1AB1454-FFA0-449E-90C3-9210FE4C9B83}
[2012/07/14 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{6B93524C-355C-4F24-B70C-0A638531A871}
[2012/07/14 02:36:35 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D7E4CB9B-1241-4265-980B-EAD0D31D4AF2}
[2012/07/14 02:36:23 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{2CF42721-9A8C-4916-BB6A-17B76DEDEC79}
[2012/07/13 03:03:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{9B9CC927-537F-4A2D-9B42-AF3CFB235E00}
[2012/07/13 03:03:09 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F00E7599-2058-4B58-8863-899538E8D297}
[2012/07/12 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{F810049F-21A6-4363-AEF9-F9361EA219D7}
[2012/07/12 09:31:51 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{29D8FB58-B60F-4286-B086-348C98005177}
[2012/07/12 08:51:34 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{AED5362E-8024-4EC6-A67C-E6E17800AFC5}
[2012/07/11 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Roaming\MusicBee
[2012/07/11 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\LocalGoogle
[2012/07/11 14:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/07/11 05:34:14 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{A120A441-FDB8-4B43-9836-92989D949E04}
[2012/07/11 05:34:00 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D266341C-F003-4516-9BE2-472D849698E5}
[2012/07/11 02:28:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/07/11 02:28:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 02:28:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 02:28:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 02:28:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 02:28:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 02:28:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 02:28:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 02:28:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 02:28:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 02:28:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 02:28:01 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/07/11 02:28:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/07/11 02:28:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 02:26:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 02:26:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 02:26:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 02:26:49 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll
[2012/07/11 02:26:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 02:26:44 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/10 15:16:32 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{CCDBD618-3080-4D76-99A9-9DBB6A8D244E}
[2012/07/10 15:16:10 | 000,000,000 | ---D | C] -- C:\Users\Kilian\AppData\Local\{D6CEC54E-2C20-40FE-BD9C-9A2119D4C7A8}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/09 04:47:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 04:46:14 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2012/08/09 04:45:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 04:43:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.D2A32AB0FB2287A7
[2012/08/09 04:42:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 04:40:08 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8C2761D6686D7D15
[2012/08/09 04:34:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kilian\Desktop\OTL.exe
[2012/08/09 04:34:00 | 000,050,477 | ---- | M] () -- C:\Users\Kilian\Desktop\Defogger.exe
[2012/08/08 14:25:56 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.99DF3ABB394E84E5
[2012/08/08 13:31:54 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.410513AFAC00BF4E
[2012/08/08 13:27:07 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.13648EA584A08AC6
[2012/08/08 13:23:02 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.5906DD4C46EDAE31
[2012/08/08 13:18:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.46094B52FD5F3D59
[2012/08/08 12:59:19 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.95D64C207261B9EC
[2012/08/08 12:53:48 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.8F7DAD3C40059AB2
[2012/08/08 12:49:01 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 12:49:01 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 12:46:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/08 12:45:34 | 000,001,924 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/08 12:45:29 | 001,520,484 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/08 12:45:29 | 000,654,124 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/08/08 12:45:29 | 000,616,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/08 12:45:29 | 000,130,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/08/08 12:45:29 | 000,106,454 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/08 12:36:05 | 000,001,086 | ---- | M] () -- C:\Users\Kilian\Desktop\Kaspersky Security Scan.lnk
[2012/08/08 12:34:45 | 012,633,984 | ---- | M] (Microsoft Corporation) -- C:\Users\Kilian\Desktop\mseinstall.exe
[2012/08/08 12:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 08:54:33 | 000,001,314 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/08/08 08:54:21 | 000,001,383 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/08/08 08:53:51 | 000,001,467 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/08/06 12:58:15 | 000,147,242 | ---- | M] () -- C:\Users\Kilian\Desktop\BF.jpg
[2012/08/06 03:03:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/06 03:03:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/05 15:07:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/07/31 10:51:44 | 002,124,670 | ---- | M] () -- C:\Users\Kilian\Desktop\DSC_0023.JPG
[2012/07/30 09:22:19 | 000,000,221 | ---- | M] () -- C:\Users\Kilian\Desktop\Stronghold 3.url
[2012/07/30 09:18:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/27 20:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012/07/26 13:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2012/07/26 13:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2012/07/26 13:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2012/07/26 13:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\atl110.dll
[2012/07/26 13:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vcomp110.dll
[2012/07/26 09:22:10 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2012/07/26 09:22:10 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2012/07/26 09:22:10 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2012/07/26 09:22:10 | 000,177,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl110.dll
[2012/07/26 09:22:10 | 000,124,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vcomp110.dll
[2012/07/23 10:40:22 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed(TM) The Run.lnk
[2012/07/23 10:40:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed(TM) The Run
[2012/07/23 10:40:21 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/07/22 16:25:58 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Radio.fx.LNK
[2012/07/22 16:25:58 | 000,002,096 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Radio.fx.LNK
[2012/07/22 16:25:58 | 000,002,082 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\djukebox.LNK
[2012/07/22 16:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
[2012/07/22 11:56:32 | 000,001,110 | ---- | M] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OkayFreedom.lnk
[2012/07/22 11:56:32 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\OkayFreedom.lnk
[2012/07/22 11:56:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
[2012/07/18 07:22:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/17 16:29:21 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\AudioExpert.lnk
[2012/07/17 16:29:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioExpert
[2012/07/11 15:17:31 | 000,001,727 | ---- | M] () -- C:\Users\Kilian\Desktop\Google Drive.lnk
[2012/07/11 05:29:56 | 002,280,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/09 04:34:25 | 000,050,477 | ---- | C] () -- C:\Users\Kilian\Desktop\Defogger.exe
[2012/08/08 12:45:34 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/08 12:36:17 | 000,001,086 | ---- | C] () -- C:\Users\Kilian\Desktop\Kaspersky Security Scan.lnk
[2012/08/08 08:54:33 | 000,001,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/08/08 08:54:21 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/08/06 12:58:14 | 000,147,242 | ---- | C] () -- C:\Users\Kilian\Desktop\BF.jpg
[2012/07/31 10:51:43 | 002,124,670 | ---- | C] () -- C:\Users\Kilian\Desktop\DSC_0023.JPG
[2012/07/30 09:22:19 | 000,000,221 | ---- | C] () -- C:\Users\Kilian\Desktop\Stronghold 3.url
[2012/07/23 14:14:48 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2012/07/23 14:14:47 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2012/07/23 14:14:46 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/07/23 10:40:22 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed(TM) The Run.lnk
[2012/07/22 16:25:58 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Radio.fx.LNK
[2012/07/22 16:25:58 | 000,002,096 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Radio.fx.LNK
[2012/07/22 16:25:58 | 000,002,082 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\djukebox.LNK
[2012/07/22 16:25:43 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012/07/22 11:56:32 | 000,001,110 | ---- | C] () -- C:\Users\Kilian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OkayFreedom.lnk
[2012/07/22 11:56:32 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\OkayFreedom.lnk
[2012/07/17 16:29:21 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\AudioExpert.lnk
[2012/07/11 15:17:31 | 000,001,727 | ---- | C] () -- C:\Users\Kilian\Desktop\Google Drive.lnk
[2012/05/23 12:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/05 15:58:29 | 000,007,640 | ---- | C] () -- C:\Users\Kilian\AppData\Local\Resmon.ResmonCfg
[2012/04/16 10:48:57 | 000,006,656 | ---- | C] () -- C:\Users\Kilian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 07:20:16 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini
[2012/04/09 02:44:40 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/04/09 02:44:40 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/04/09 02:44:40 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/04/09 02:44:40 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/04/09 02:44:40 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/04/09 02:44:40 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/04/09 02:44:40 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/04/09 02:44:40 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/04/09 02:44:40 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/04/09 02:44:40 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/04/09 02:44:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/04/09 02:44:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/04/09 02:44:40 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/04/09 02:44:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/04/09 02:44:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/04/09 02:44:40 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/04/09 02:44:40 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/04/09 02:44:40 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/04/09 02:44:40 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/03/28 16:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 16:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 16:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 16:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/03/24 08:00:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/03/24 08:00:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/03/24 07:10:08 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/03/24 07:10:08 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/03/24 06:52:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/22 12:21:13 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2012/03/22 12:21:13 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2012/03/21 15:35:05 | 001,520,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/21 15:28:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/09 08:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 13:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012/04/09 08:16:25 | 000,000,000 | -HSD | M] -- C:\Users\Kilian\AppData\Roaming\.#
[2012/07/17 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\AllDup
[2012/07/01 14:25:46 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Android
[2012/06/25 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Audacity
[2012/07/18 10:48:40 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\AudioXP
[2012/07/23 14:22:04 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\concept design
[2012/06/04 03:42:42 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\CrystalIdea Software
[2012/06/16 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\D01 Software Manager
[2012/07/04 12:51:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\DAEMON Tools Lite
[2012/03/22 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Degener
[2012/06/22 03:36:00 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Downloaded Installations
[2012/07/14 08:10:05 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Dropbox
[2012/04/25 06:33:08 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\DVDVideoSoft
[2012/06/22 03:37:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FileOpen
[2012/07/08 04:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Folder2List
[2012/06/24 03:00:22 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FreeFLVConverter
[2012/03/29 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\FRITZ!
[2012/07/05 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\GHISLER
[2012/05/15 06:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\IrfanView
[2012/04/29 10:20:42 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Leadertech
[2012/06/24 07:19:34 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Mirillis
[2012/07/17 16:15:21 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Mp3tag
[2012/07/12 09:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\MusicBee
[2012/04/23 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\MusicBrainz
[2012/06/22 03:38:58 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Nitro PDF
[2012/07/02 12:40:09 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Notepad++
[2012/03/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Nvu
[2012/03/22 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Origin
[2012/05/25 05:39:29 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\ProtectDISC
[2012/07/07 03:27:13 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Samsung
[2012/06/10 05:07:32 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Steganos
[2012/07/08 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Steganos VPN
[2012/06/18 12:45:39 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\streamWriter
[2012/03/27 09:57:20 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\TeamViewer
[2012/06/13 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Temp
[2012/07/22 16:26:03 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Tobit
[2012/07/07 03:48:45 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\TuneUp Software
[2012/03/26 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Kilian\AppData\Roaming\Windows Live Writer
[2012/05/12 05:43:31 | 000,000,000 | ---D | M] -- C:\ProgramData\AllDup
[2012/05/06 03:00:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/03/23 13:44:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012/05/18 13:54:54 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2012/03/22 12:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/04/29 10:44:14 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/07/24 06:29:36 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2012/06/24 12:50:49 | 000,000,000 | ---D | M] -- C:\ProgramData\eBay
[2012/07/23 11:26:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/06/22 03:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\FileOpen
[2012/07/31 02:57:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2012/06/24 07:19:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Mirillis
[2012/06/22 03:36:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2012/07/23 11:26:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2012/04/09 03:03:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic
[2012/06/11 08:39:59 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2012/07/07 03:27:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/07/07 03:49:15 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/03/21 15:00:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/07/07 03:47:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/04/24 06:16:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/07/30 02:17:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---
__________________
Alt 09.08.2012, 13:07   #4
t'john
/// Helfer-Team
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Fixen mit OTLpe


  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.



  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.openintab: true 
FF - prefs.js..browser.search.suggest.enabled: false 
FF - prefs.js..browser.startup.homepage: "http://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476" 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found 
File not found (No name found) -- 
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell - "" = AutoRun 
O33 - MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\Shell\AutoRun\command - "" = G:\setup.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 


[2012/04/09 08:16:25 | 000,000,000 | -HSD | M] -- C:\Users\Kilian\AppData\Roaming\.# 
:Files
c:\ProgramData\*.exe
C:\Users\Kilian\AppData\Roaming\*.exe

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.08.2012, 13:35   #5
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


So, hier die Log-File:

Code:
ATTFilter
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from browser.search.openintab
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: "hxxp://www.wisedock.de/m.php?id=22339526c408566836ccc054b7ed0a063d476" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Kilian_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dff3f41-a111-11e1-91c4-00248c37c2d2}\ not found.
File G:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Windows\SysWow64\tmpB386.tmp deleted successfully.
C:\Windows\SysWow64\tmpB397.tmp deleted successfully.
C:\Users\Kilian\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
File\Folder c:\ProgramData\*.exe not found.
File\Folder C:\Users\Kilian\AppData\Roaming\*.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kilian
->Temp folder emptied: 54952054 bytes
->Temporary Internet Files folder emptied: 56841760 bytes
->Java cache emptied: 5178758 bytes
->FireFox cache emptied: 225790084 bytes
->Flash cache emptied: 4113 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024485305 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46212769 bytes
 
Total Files Cleaned = 1,348.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kilian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08092012_162420
Windows fährt hoch, allerdings erscheint wieder die Nachricht "Kritischer Fehler..", dafür ist MSE jetzt wieder aktiv und alle anderen Autostart-Programme starten auch wieder als Autostart. Nach 1 Minute kommt dann aber der übliche Neustart.

EDIT:

2.Neustart: Start geht an sich dtl. schneller als beim 1.Mal. "Kritischer Fehler..." erscheint wieder. MSE sagt jetzt nicht nur "Jetzt neustarten" sondern warnt vor einer Bedrohung und fordert zum bereinigen auf. Die Details lauten:

Hier die Details als Fotografie vom Bildschirm, Hoffentlich kann mans sehen:
Image-Link geht iwie nicht (IMG)
Zitat:
hxxp://s7.directupload.net/file/d/2977/fgwog7xs_jpg.htm
Wie soll ich weiter vorgehen? Entfernen o.ä. des Virus mit MSE habe ich nicht durchgeführt.

Geändert von jokifeki (09.08.2012 um 13:55 Uhr)

Alt 10.08.2012, 14:41   #6
t'john
/// Helfer-Team
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Kannst du ihn entfernen lassen?
__________________
--> Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute

Alt 12.08.2012, 18:06   #7
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


nein, nach "kritischer Fehler..." klick auf "Jetzt bereinigen" kommt "Jetzt neustarten (in MSE)". Nach dem "Neustart" erscheint wieder "Kritischer Fehler" und bei MSE gleich "Jetzt neustarten"....und eben immer so weiter.

Gibt es noch Hoffnung?

Danke!

Alt 12.08.2012, 18:12   #8
t'john
/// Helfer-Team
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 18:30   #9
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Problem könnte sein, dass ich ja weiterhin nur 1 Minute Zeit habe, da der PC ja nach dieser Nachricht "Kritscher Fehler - Neustart in 1 Minute", den Countdown startet.

Aber ich probiers mal.

Alt 12.08.2012, 19:46   #10
t'john
/// Helfer-Team
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Auch im abgesichertem Modus?
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 20:04   #11
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Ja, aber durch die kürzeren Ladezeiten konnte ich das 1.Programm installieren und 40000 Objekte scannen lassen - dann war wieder Schluss. Das 2.Programm konnte ich laufen lassen, hab da auch die Datei erhalten. Bringt die etwas? Ich habe davor Schritt 1 ja nicht ausführen können.

Alt 12.08.2012, 20:25   #12
t'john
/// Helfer-Team
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Ist das auch im abgesicherten Modus der Fall?
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 20:35   #13
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Ja genau, auch im abgesicherten Modus (egal ob mit oder ohne Netzwerktreiber). Ich komme momentan nicht weiter...

Alt 12.08.2012, 20:48   #14
t'john
/// Helfer-Team
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Das Problem ist: eine Systemdatei wurde infiziert. Das erkennt Windows und stoppt.



Versuche (im normalen Modus):

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 21:17   #15
jokifeki
 
Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Standard

Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


Geht leider nicht. Ich hab einfach zuwenig Zeit - 1 Minute kann so verdammt kurz sein...

Die Installation startet zwar, aber läuft nichtmal bis zur Hälfte durch. MSE deaktivieren ist erst recht nicht möglich. Dafür hat MSE aber beim 3. Versuch eine Bereinigung vorgeschlagen - nach dem Start der Bereinigung war dann MSE aber plötzlich nicht mehr aufzufinden....

Es gibt glaube ich nur noch 3 Möglichkeiten:

- Auto-Neustart deaktivieren > Bereinigen o.ä.
- Zugriff auf Festplatte von anderem OS > könnte evtl. per Win8-Test USB-Stick starten oder evtl. die von dir beschriebene CD...
- Neuaufsetzen des OS > viieeel Arbeit...

Da ich heute Windows gar nicht mehr zum Desktop hochfahren konnte (1 Minute verstreicht mit der Anmeldung) tendiere ich jetzt zum Neuaufsetzen.

Oder gibt es noch eine Möglichkeit?

Antwort
Seite 1 von 2 1 2

Themen zu Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
adobe, adobe flash player, fehler, festplatte, firewall, flash player, hochfahren, installation, klicke, löschen, neuinstallation, neustart, nicht mehr, pc hochfahren, plötzlich, scan, security, sirefef, speicher, startet, system, systemwiederherstellung, viren, virus, wichtig, win, win64/sirefef., win64/sirefef.ab, win64/sirefef.w, windows


« GVU Trojaner Windows 7 64-Bit | Ukahs Trojaner sperrt PC direkt nach log in »


Ähnliche Themen: Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute


  1. Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
    Log-Analyse und Auswertung - 15.02.2014 (86)
  2. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 02.08.2013 (14)
  3. Win64/Sirefef.AB, W, !cfg, AE
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (1)
  4. Win64:Sirefef-A [Trj]
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (38)
  5. Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (29)
  6. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  7. Win64/Sirefef.AE Trojaner Win64/Agent.BA TrojanerC:\Windows\Installer\{f041020c-58e9-a705-4143-4ddcc
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (7)
  8. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  9. Hartnäckige Trojaner Win32:Atraps-PF und Win64:Sirefef-A
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  10. Trojaner/Virus-Problem! erst Win64/sirefef nun TR/ATRAPS.Gen /Gen2
    Log-Analyse und Auswertung - 09.07.2012 (4)
  11. Win64:Sirefef-A (Trj) und Win32:Sirefef-AO (Rtk) eingefangen
    Log-Analyse und Auswertung - 10.06.2012 (14)
  12. Trojan:Win64/Sirefef.K + .../Sirefef.D + .../Sirefef.E
    Log-Analyse und Auswertung - 13.01.2012 (15)
  13. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  14. Win64/Sirefef.D / E / K
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (2)
  15. Trojaner-Befall durch Trojan:Win64/Sirefef.k .d .e
    Log-Analyse und Auswertung - 03.01.2012 (1)
  16. Trojan:Win64/Sirefef.K & Sirefef.D & Sirefef.E
    Log-Analyse und Auswertung - 02.01.2012 (6)
  17. Trojan:Win64/Sirefef.K + Trojan:Win64/Sirefef.D + Trojan:Win64/Sirefef.E
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute - Hallo, habe mir gestern den Virus "Sirefef" eingefangen. Mein System: -Win7 64bit Pro -Microsoft Security Essentials -keine anderen Sicherungsprogramme Ablauf: Während einer Internetrecherche erscheint plötzlich das Fenster "Benutzerkontensteuerung" zur Admin-Freigabe. - Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute...
Archiv
Du betrachtest: Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129