Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista - Infektion mit Sirefef, Sirefef.AB

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.10.2012, 09:45   #1
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Nachdem wir am anderen Ende der Welt angekommen sind, wollten wir nach 4 Wochen ohne Netzverbindung die nötigen updates ziehen, und meine Partnerin hat dabei wohl das "Flash-update" mit adminrechten versorgt. Alle Scanner haben sofort alarm geschlagen, da war es aber auch schon zu spät.

Auch wenn momentan noch nichts wirklich schlimm aussieht, hat es mich nun hier her getrieben. MSE läuft, das Sicherheitscenter incl. Firewall (dienst) ist aber aus und beide lassen sich nicht mehr starten (Der Sicherheitsdienst konnte nicht gestartet werden).

Backup ist leider etwas zu alt, so das ich gern das System wieder hin bekommen würde.

Bisher habe ich die Anleitung befolgt, OTL, Gmer und Malwarebytes logs sind im Anhang.

OTL bricht mit einem Fehler ab, die aber meiner Meinung nach nichts mit dem Befall zu tun hat (siehe Bild). Ich kann keine Datei mit diesem Datum finden, aber wenn ich OTL ohne Datumseinschränkung starte, läuft es durch.



Daher ist das OTL Log ziemlich Lang und seperat im Anhang :/

Stand jetzt: Malwarebytes hat beim ersten Scan (siehe Log) einiges gefunden. Dies wurde leider bereits "bereinigt". Sorry dafür - ein aktueller Scan findet nix mehr, aber Sicherheitscenter und FW bleiben defekt.
Miniaturansicht angehängter Grafiken
Windows Vista - Infektion mit Sirefef, Sirefef.AB-otlfehler.jpg  

Alt 02.10.2012, 19:01   #2
DerJazzer
/// Malwareteam
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 03.10.2012, 12:21   #3
DerJazzer
/// Malwareteam
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Hallo und
Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1

Ich habe gesehen, dass auf dem Rechner eine Doktorarbeit und Bewerbungsunterlagen lagern. Du solltest auf jeden Fall ein Backup dieser und weiterer sensibler Daten anlegen, bevor du fortfährst!


Schritt 2
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

starte den Rechner einfach neu. Dies sollte das Problem beheben.


Schritt 3

Wie läuft der Rechner? Startet das Sicherheitscenter usw. wieder?


Bitte poste in deiner nächsten Antwort
  • Combofix.txt
  • Antwort auf meine Frage
__________________
__________________

Alt 04.10.2012, 00:15   #4
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Ein Backup habe ich gemacht, dazu musste ich leider Acronis installieren. Dafür gibts jetzt eine volles BU.

Combofix ist durchgelaufen. Beim start hat es gemault, weil Avira Antivir noch aktiv ist. Allerdings ist AntiVir schon länger deinstalliert. Ich habe noch mal alles durchgeschaut:

- Programme und Funktionen = kein AV
- Prozesse aller User = Kein AV
- Dienste = Kein AV

Also war ich mutig und hab Combofix dennoch laufen lassen. Lief wie gesagt durch und hat auch das Log angelegt. Aber dann war ich wohl etwas zu eilig und wollte die Kiste neustarten, bevor der letzte Boot richtig durch war. Dabei ist der Rechner abgestürzt und hängt jetzt vor dem Login beim cursor on black fest.

Der Taskmanager lässt sich nicht öffnen und auch der abgesicherte Modus hilft nicht weiter. Wahrscheinlich stelle ich einfach das BU wieder her und probiere es nochmal, ohne am Ende in Hektik zu verfallen.

Das wird dann aber wieder einene Moment dauern, ich melde mich wenn es so weit ist.

Ok, schlechte Nachricht: Es ist der Einsatz von Combofix der das System in einen un-bootbaren zustand bringt. Ich habe:
  1. Die Systemplatte C: in den Zustand vor Combofix wiederhergestellt
  2. Combofix im abgesicherten Modus laufen lassen
  3. Nach dem Neustart fährt Windows nur noch zum schwarzen Bildschirm mit Cursor hoch, selbst im abgesicherten Modus

Ich kann das System jederzeit wieder auf den Anfangsstand zurücksetzten. Was ich jetzt in der Zwischenzeit machen werde, ist ein inplace upgrade von Vista starten, um mir die Zeit zu vertreiben. Wenn das auch nicht klappt, setzte ich zurück und warte auf neue Instruktionen.

Btw: Ich konnte mittels boot-usb stick die Combofix.txt retten. Bitteschön:

Code:
ATTFilter
ComboFix 12-10-03.03 - Nina 04.10.2012  16:14:52.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1625 [GMT 13:00]
ausgeführt von:: c:\users\Nina\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\system32\pthreadVC.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-04 bis 2012-10-04  ))))))))))))))))))))))))))))))
.
.
2012-10-04 03:21 . 2012-10-04 03:21	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2012-10-04 03:21 . 2012-10-04 03:21	--------	d-----w-	c:\users\Florian\AppData\Local\temp
2012-10-04 03:21 . 2012-10-04 03:22	--------	d-----w-	c:\users\Nina\AppData\Local\temp
2012-10-04 03:21 . 2012-10-04 03:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-02 22:10 . 2012-10-02 22:10	234752	----a-w-	c:\windows\system32\drivers\afcdp.sys
2012-10-02 22:10 . 2012-10-02 22:10	775232	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2012-10-02 22:10 . 2012-10-02 22:10	614592	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-10-02 22:09 . 2012-10-02 22:09	126880	----a-w-	c:\windows\system32\drivers\vididr.sys
2012-10-02 22:09 . 2012-10-02 22:09	86496	----a-w-	c:\windows\system32\drivers\vsflt67.sys
2012-10-02 22:09 . 2012-10-02 22:09	177600	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-10-02 22:09 . 2012-10-02 22:09	80416	----a-w-	c:\windows\system32\drivers\fltsrv.sys
2012-10-02 22:08 . 2012-10-02 22:08	--------	d-----w-	c:\program files\Acronis
2012-10-02 22:07 . 2012-10-02 22:10	--------	d-----w-	c:\program files\Common Files\Acronis
2012-10-02 21:33 . 2012-09-18 11:59	6980552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAAD08E7-3183-4182-BF59-A521D2D428E0}\mpengine.dll
2012-10-02 12:08 . 2012-10-02 21:24	--------	d-----w-	c:\programdata\NVIDIA
2012-10-02 11:33 . 2012-10-02 11:33	181064	----a-w-	c:\windows\PSEXESVC.EXE
2012-10-02 11:32 . 2010-04-26 22:04	381816	----a-w-	c:\windows\system32\PsExec.exe
2012-10-02 05:03 . 2012-10-02 12:00	--------	d-----w-	c:\users\Nina\AppData\Local\ElevatedDiagnostics
2012-10-01 20:25 . 2012-09-18 11:59	6980552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 09:04 . 2012-09-30 09:04	--------	d-----w-	c:\users\Nina\AppData\Roaming\Malwarebytes
2012-09-30 09:02 . 2012-09-30 09:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-30 09:02 . 2012-09-07 04:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-30 09:02 . 2012-09-30 09:02	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-30 07:11 . 2012-09-30 22:08	--------	d-----w-	c:\program files\Common Files\Steam
2012-09-30 07:11 . 2012-10-01 08:12	--------	d-----w-	c:\program files\Steam
2012-09-30 06:08 . 2012-02-09 01:17	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 06:08 . 2012-02-09 01:17	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0E24A38-5BFC-4101-A546-59D6C3DAD3BC}\gapaengine.dll
2012-09-30 05:58 . 2012-10-02 11:43	--------	d-----w-	c:\program files\Microsoft Security Client
2012-09-30 05:33 . 2012-09-30 22:03	--------	d-----w-	c:\users\Nina\AppData\Roaming\Haewevv
2012-09-30 05:33 . 2012-09-30 05:36	--------	d-----w-	c:\users\Nina\AppData\Roaming\Izu
2012-09-29 09:33 . 2012-09-18 22:59	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C86BF41-E1EC-4DD2-97A3-BA4B5585189C}\mpengine.dll
2012-09-27 03:36 . 2012-09-27 03:36	--------	d-----w-	c:\program files\Common Files\Skype
2012-09-27 02:03 . 2012-09-27 02:03	--------	d-----w-	c:\program files\Microsoft
2012-09-19 10:42 . 2012-09-19 10:42	--------	d-----w-	c:\users\Florian\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-01 05:55 . 2007-11-06 11:21	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-08-30 09:03 . 2012-08-30 09:03	193552	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 09:03 . 2012-03-20 07:44	99272	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-22 11:47 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2007-11-06 11:27	37232	----a-w-	c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2007-11-06 11:27	33136	----a-w-	c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2008-11-14 02:35	37656	----a-w-	c:\program files\Mindjet\MindManager 8\MmReminderService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2012-03-08 16:50	4280184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-06-26 18:10	778240	----a-w-	c:\program files\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 01:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 01:46	1458176	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-13 06:16	528384	----a-r-	c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-30 07:16	1353080	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 21:29]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: t-online.de\email
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-04 16:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(692)
c:\program files\Acronis\TrueImageHome\tishell.dll
c:\program files\Acronis\TrueImageHome\timounter.dll
c:\program files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
.
Zeit der Fertigstellung: 2012-10-04  16:24:47
ComboFix-quarantined-files.txt  2012-10-04 03:24
.
Vor Suchlauf: 8 Verzeichnis(se), 17.589.530.624 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 21.100.048.384 Bytes frei
.
- - End Of File - - 341A9CB73539DABB663E6D7559AE0AFC
         
Update 2: Keine deutsche Vista installations-DVD in Neuseeland aufzutreiben. Bleibt also nur noch eure hilfe oder neu aufsetzen

Alt 04.10.2012, 14:04   #5
DerJazzer
/// Malwareteam
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Hi

Ok, setzte bitte wieder auf den Zeitpunkt vor Combofix zurück.

Dann, mache Folgendes:

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an.

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 04.10.2012, 21:45   #6
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



War nicht so einfach. Da es wohl so eine schreckliche ASUS OEM Version ist, gibt es keine Reperaturoption im Bootmenu. Ich kann nur seperat von der Asus Partion booten und C: in den Ausgangszustand wiederherstellen.

Habe jetzt eine Vista Home Premium deutsch Installation gefunden, mit der kam ich auch in den Reperatur-"modus".

Code:
ATTFilter
OTL Extras logfile created on: 01.10.2012 12:46:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 52,84% Memory free
4,23 Gb Paging File | 2,87 Gb Available in Paging File | 67,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 22,37 Gb Free Space | 19,21% Space Free | Partition Type: NTFS
Drive D: | 109,60 Gb Total Space | 31,06 Gb Free Space | 28,34% Space Free | Partition Type: NTFS
Drive F: | 967,22 Mb Total Space | 954,89 Mb Free Space | 98,73% Space Free | Partition Type: FAT
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A203F249-2267-409A-A862-92D2965CBFCA}" = Brother HL-2035
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}" = Mindjet MindManager 8
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVerMedia A850 USB DMB-TH" = AVerMedia A850 USB DMB-TH 1.0.0.30
"Citavi" = Citavi 2.5
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome Frame" = Google Chrome Frame
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel(R) PROSet/Wireless Software
"ScummVM_is1" = ScummVM Git
"Simple PDF Merger_is1" = Simple PDF Merger 1.0
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 8930" = Sid Meier's Civilization V
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2012 03:08:53 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x1560, Anwendungsstartzeit
 01cd9eda7333fe4f.
 
Error - 30.09.2012 03:09:59 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x1440, Anwendungsstartzeit
 01cd9eda9a2ca5bf.
 
Error - 30.09.2012 03:11:04 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x494, Anwendungsstartzeit
 01cd9edac11bfe5f.
 
Error - 30.09.2012 03:11:09 | Computer Name = Nina-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall
 
Error - 30.09.2012 03:29:57 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LiveUpdt.exe, Version 2.0.0.0, Zeitstempel 0x464177a8,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fc56,  Prozess-ID 0x1630, Anwendungsstartzeit
 01cd9edc9b29d7c9.
 
Error - 30.09.2012 03:56:29 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LiveUpdt.exe, Version 2.0.0.0, Zeitstempel 0x464177a8,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fc56,  Prozess-ID 0x1684, Anwendungsstartzeit
 01cd9ee025dee0b2.
 
Error - 30.09.2012 06:44:54 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Application Launcher.exe, Version 2.2.12.63,
 Zeitstempel 0x466921ca, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x059cd200,  Prozess-ID 0x590, 
Anwendungsstartzeit 01cd9ee65566d1d1.
 
Error - 30.09.2012 06:59:34 | Computer Name = Nina-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 30.09.2012 18:21:47 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LiveUpdt.exe, Version 2.0.0.0, Zeitstempel 0x464177a8,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fc56,  Prozess-ID 0x15bc, Anwendungsstartzeit
 01cd9f5937690224.
 
Error - 30.09.2012 18:45:30 | Computer Name = Nina-PC | Source = Perflib | ID = 1010
Description = 
 
[ Media Center Events ]
Error - 26.06.2011 11:33:09 | Computer Name = Nina-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 26.06.2011 11:44:36 | Computer Name = Nina-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 26.06.2011 11:48:07 | Computer Name = Nina-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 26.06.2011 11:56:48 | Computer Name = Nina-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 26.06.2011 14:18:34 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 01.12.2011 15:29:11 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 01.12.2011 15:30:35 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 09.12.2011 15:15:48 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 12.04.2012 14:05:23 | Computer Name = Nina-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 13.06.2012 12:55:50 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description = 
 
[ OSession Events ]
Error - 15.08.2010 15:48:04 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14860
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2011 12:23:19 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 253
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 30.09.2012 07:00:58 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 30.09.2012 18:06:10 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 30.09.2012 18:06:10 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.09.2012 18:12:55 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 30.09.2012 18:17:03 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >
         

Alt 04.10.2012, 22:51   #7
DerJazzer
/// Malwareteam
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Was du da gepostet hast ist die Extras.txt von einem OTL-Scan. Ich brauche aber die FRST.txt von einem Scan mit FRST in den Reperaturoptionen.
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 04.10.2012, 23:17   #8
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



ups

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01
Ran by SYSTEM at 05-10-2012 09:38:42
Running from G:\
Windows Vista (TM) Home Premium  Service Pack 1 (X86) OS Language: German Standard 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13789728 2009-07-01] (NVIDIA Corporation)
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955088 2012-06-28] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [403144 2012-06-28] (Acronis)
HKU\Florian\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation)
HKU\Nina\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Nina\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [821048 2012-06-28] (Acronis)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-10-02] (Acronis)
4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
4 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-05-15] ()
4 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
4 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-29] ()
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5915352 2012-06-28] (Acronis)
4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [11632 2007-02-05] ()
3 AtcL001; C:\Windows\System32\DRIVERS\atl01v32.sys [48128 2007-03-15] (Attansic Technology corporation.)
3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [569728 2010-05-06] (AVerMedia TECHNOLOGIES, Inc.)
2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [15216 2006-11-16] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-10-31] (Duplex Secure Ltd.)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-10-02] (Acronis)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-10-02] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-10-02] (Acronis)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-05 09:38 - 2012-10-05 09:38 - 00000000 ____D C:\FRST
2012-10-04 09:52 - 2012-10-04 10:15 - 00001905 ____A C:\Windows\diagwrn.xml
2012-10-04 09:52 - 2012-10-04 10:15 - 00001905 ____A C:\Windows\diagerr.xml
2012-10-02 23:12 - 2012-10-02 23:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Acronis
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 23:08 - 2012-10-02 23:08 - 00000000 ____D C:\Program Files\Acronis
2012-10-02 23:07 - 2012-10-02 23:10 - 00000000 ____D C:\Program Files\Common Files\Acronis
2012-10-02 22:55 - 2012-08-25 23:30 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:32 - 2010-04-26 23:04 - 00381816 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsExec.exe
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-02 11:56 - 2012-10-02 11:56 - 00000000 ____D C:\Users\Nina\Desktop\Neuer Ordner
2012-10-01 09:11 - 2012-10-01 09:11 - 00000000 ____D C:\Users\Nina\AppData\Local\{ECDEF87C-64BF-4661-B9CC-BF20B5C042C5}
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:56 - 2012-10-01 06:56 - 00000000 ____D C:\Users\Nina\AppData\Local\{A083496B-F28A-454E-ACD6-AE190C1B0283}
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 23:07 - 2012-09-30 23:07 - 00000000 ____D C:\Users\Nina\AppData\Local\{3A09E88B-5581-46ED-9BC1-37B250087C21}
2012-09-30 21:44 - 2012-09-30 11:45 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 21:44 - 2012-09-30 11:45 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:04 - 2012-09-30 10:04 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-30 10:02 - 2012-09-30 10:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-30 10:02 - 2012-09-07 05:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-10-01 09:12 - 00000000 ____D C:\Program Files\Steam
2012-09-30 08:11 - 2012-09-30 23:08 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-30 07:01 - 2012-10-02 12:44 - 00001912 ____A C:\Windows\epplauncher.mif
2012-09-30 06:58 - 2012-10-02 12:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-30 06:33 - 2012-09-30 23:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Haewevv
2012-09-30 06:33 - 2012-09-30 06:36 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Izu
2012-09-30 06:19 - 2012-09-30 06:20 - 00000000 ____D C:\Users\Nina\AppData\Local\{E6D7D3C0-3687-457D-8D8D-AF6830A285E0}
2012-09-29 10:22 - 2012-09-29 10:22 - 00000000 ____D C:\Users\Nina\AppData\Local\{20666CC0-4259-43A3-A916-C011F1229BFD}
2012-09-27 19:57 - 2012-09-27 19:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{D21FCDC8-0591-4A39-A636-7040B1A90BC8}
2012-09-27 07:40 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-27 07:40 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-27 07:40 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-27 07:40 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-27 07:40 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-27 07:40 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-27 07:40 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-27 07:40 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-27 07:40 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-27 06:49 - 2012-09-27 06:49 - 00000000 ____D C:\Users\Nina\AppData\Local\{928279D6-6C89-49E1-8F47-762BC1025D61}
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 04:36 - 2012-09-27 04:36 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-27 02:57 - 2012-09-27 02:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{8771A15B-7446-4500-82BD-7D9955761C20}
2012-09-25 23:16 - 2012-09-25 23:16 - 00000000 ____D C:\Users\Nina\AppData\Local\{75BAB726-26B3-489B-AB66-6C843DD63D67}
2012-09-25 01:44 - 2012-09-25 01:44 - 00000000 ____D C:\Users\Nina\AppData\Local\{8E93B501-DBF1-44CF-8D06-26E71FF5752E}
2012-09-22 11:01 - 2012-09-22 11:01 - 00000000 ____D C:\Users\Nina\AppData\Local\{6396CA56-3F9E-4835-A99D-8072AA846B38}
2012-09-19 11:42 - 2012-09-19 11:42 - 00000000 ____D C:\Users\Florian\AppData\Roaming\dvdcss
10508-02-27 20:36 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\NINA - Queen of Awesomeness and Antarctica
10508-02-27 20:35 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\Uni und Schule
10508-02-27 20:34 - 2012-06-07 10:19 - 00000000 ____D C:\Users\Nina\Documents\pics from NZ friends

==================== 3 Months Modified Files ==================

2012-10-04 21:20 - 2009-12-15 22:29 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-04 21:20 - 2006-11-02 14:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-04 21:20 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-04 21:20 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:20 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:18 - 2007-04-18 09:33 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-10-04 16:20 - 2009-12-15 22:29 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-04 15:00 - 2007-11-06 10:54 - 01581341 ____A C:\Windows\WindowsUpdate.log
2012-10-04 10:15 - 2012-10-04 09:52 - 00001905 ____A C:\Windows\diagwrn.xml
2012-10-04 10:15 - 2012-10-04 09:52 - 00001905 ____A C:\Windows\diagerr.xml
2012-10-04 10:14 - 2006-11-02 13:52 - 00000000 ____A C:\Windows\setuperr.log
2012-10-04 10:14 - 2006-11-02 13:52 - 00000000 ____A C:\Windows\setupact.log
2012-10-04 09:54 - 2006-11-02 11:33 - 01458792 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-04 09:49 - 2007-11-06 12:19 - 00059546 ____A C:\Windows\PFRO.log
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 12:54 - 2007-12-26 18:52 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.001
2012-10-02 12:44 - 2012-09-30 07:01 - 00001912 ____A C:\Windows\epplauncher.mif
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:55 - 2007-11-06 12:21 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 11:45 - 2012-09-30 21:44 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 11:45 - 2012-09-30 21:44 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-30 09:34 - 2010-02-22 23:39 - 00035541 ____A C:\Users\Florian\AppData\Roaming\nvModes.001
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-27 07:36 - 2006-11-02 11:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 03:16 - 2007-12-25 16:47 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.dat
2012-09-25 01:52 - 2007-11-06 11:11 - 00002631 ____A C:\Users\Nina\Desktop\Microsoft Office Word 2007.lnk
2012-09-19 11:39 - 2010-02-14 13:41 - 00102376 ____A C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-07 05:04 - 2012-09-30 10:02 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-30 10:03 - 2012-08-30 10:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 10:03 - 2012-03-20 08:44 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-25 23:30 - 2012-10-02 22:55 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-08-24 08:27 - 2012-09-27 07:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 08:03 - 2012-09-27 07:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 07:59 - 2012-09-27 07:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 07:51 - 2012-09-27 07:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 07:49 - 2012-09-27 07:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 07:48 - 2012-09-27 07:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 07:45 - 2012-09-27 07:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 07:43 - 2012-09-27 07:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:40 - 2012-09-27 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-19 07:56 - 2006-11-02 13:47 - 00380544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-22 18:34 - 2007-12-23 21:51 - 00102376 ____A C:\Users\Nina\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 17:15 - 2006-11-02 11:23 - 00000219 ____A C:\Windows\win.ini


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-10-01 04:14:41
Restore point made on: 2012-10-02 07:16:58
Restore point made on: 2012-10-02 12:41:19
Restore point made on: 2012-10-02 13:03:07
Restore point made on: 2012-10-02 13:21:40
Restore point made on: 2012-10-02 23:09:45
Restore point made on: 2012-10-04 10:55:21

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 2046.48 MB
Available physical RAM: 1641.52 MB
Total Pagefile: 1854.95 MB
Available Pagefile: 1708.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.3 MB

==================== Partitions =============================

1 Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:14.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:109.6 GB) (Free:31.07 GB) NTFS
4 Drive f: () (Removable) (Total:3.85 GB) (Free:0.95 GB) FAT32
5 Drive g: () (Removable) (Total:0.94 GB) (Free:0.65 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Datentr ###  Status      Gr”įe    Frei     Dyn  GPT
  --------  ----------  -------  -------  ---  ---
       0    Online       233 GB      0 B         
       1    Online      3946 MB      0 B         
       2    Online       968 MB      0 B         



Last Boot: 2012-10-04 10:01

==================== End Of Log ============================
         

Alt 05.10.2012, 09:33   #9
DerJazzer
/// Malwareteam
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Hi

gehe bitte wie folgt vor:

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
2012-09-30 06:33 - 2012-09-30 23:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Haewevv
2012-09-30 06:33 - 2012-09-30 06:36 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Izu
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 05.10.2012, 13:42   #10
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



hmmm ... fixlog ist korrupt. Es ist 2 uhr morgens hier, ich probiere es Morgen noch mal.

Code:
ATTFilter
ŠĻą”±į                >  ž’	               n         r     ž’’’    g  h  i  j  k  l  m  ’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’’ģ„Į €	  ųæ             ”.  bjbj“V“V                  	 kü Ö< Ö< lŽ śG  -                       ’’         ’’         ’’                 ·     ¾      ¾  #  H  I*  ą  )/      )/      )/  $           ’’’’    M/      M/      M/  P   /  Ü  y5  \  M/      ?w    Õ6  ņ  Ē?
         

Alt 07.10.2012, 20:56   #11
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Ok ... restored und noch mal probiert. Das ist im Fixlog.txt:

Code:
ATTFilter
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess 
2012-09-30 06:33 - 2012-09-30 23:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Haewevv 
2012-09-30 06:33 - 2012-09-30 06:36 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Izu 
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e 
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e
         

Alt 07.10.2012, 22:06   #12
DerJazzer
/// Malwareteam
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Bist du sicher?

Das sieht nämlich aus wie die Fixlist.txt (siehe mein lezter Post).

Ich brauche aber die Fixlog.txt
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 07.10.2012, 22:25   #13
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



das dachte ich auch schon. Aber das ist 100% die fixlog.txt - beim ausführen wurde die fixlist.txt entfernt und die fixlog.txt angelegt ...

EDIT: nur um 150 % sicher zu sein, mache ich es gerade noch mal.

EDIT2: Jup, das ist genau was passiert. Die fixlist.txt wird zur fixlog.txt ... habe es gerade noch einmal ausgeführt ... halt, aber diesmal mit anderem Inhalt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2012 01
Ran by SYSTEM at 2012-10-08 10:37:33 Run:2
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\Users\Nina\AppData\Roaming\Haewevv  not found.
C:\Users\Nina\AppData\Roaming\Izu  not found.
Could not move C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e .
Could not move C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e.

==== End of Fixlog ====
         
Ich will eigene Schusseligkeit nicht ausschließen - es ist aber nicht das erste mal das ich scripte und dergleichen verwende.

Geändert von SatanasOz (07.10.2012 um 22:41 Uhr)

Alt 08.10.2012, 06:10   #14
DerJazzer
/// Malwareteam
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



Da ist irgendwas schiefgelaufen.

Bitte mache einen neuen Scan mit FRST.
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 08.10.2012, 08:02   #15
SatanasOz
 
Windows Vista - Infektion mit Sirefef, Sirefef.AB - Standard

Windows Vista - Infektion mit Sirefef, Sirefef.AB



ok, ohne zurücksetzten sind wir hier:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 08-10-2012 19:51:31
Running from G:\
Windows Vista (TM) Home Premium  Service Pack 1 (X86) OS Language: German Standard 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13789728 2009-07-01] (NVIDIA Corporation)
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955088 2012-06-28] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [403144 2012-06-28] (Acronis)
HKU\Florian\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation)
HKU\Nina\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Nina\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [821048 2012-06-28] (Acronis)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-10-02] (Acronis)
4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
4 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-05-15] ()
4 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
4 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-29] ()
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5915352 2012-06-28] (Acronis)
4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [11632 2007-02-05] ()
3 AtcL001; C:\Windows\System32\DRIVERS\atl01v32.sys [48128 2007-03-15] (Attansic Technology corporation.)
3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [569728 2010-05-06] (AVerMedia TECHNOLOGIES, Inc.)
2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [15216 2006-11-16] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-10-31] (Duplex Secure Ltd.)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-10-02] (Acronis)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-10-02] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-10-02] (Acronis)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-08 08:52 - 2012-10-08 08:52 - 00000000 ____D C:\FRST
2012-10-02 23:12 - 2012-10-02 23:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Acronis
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 23:08 - 2012-10-02 23:08 - 00000000 ____D C:\Program Files\Acronis
2012-10-02 23:07 - 2012-10-02 23:10 - 00000000 ____D C:\Program Files\Common Files\Acronis
2012-10-02 22:55 - 2012-08-25 23:30 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:32 - 2010-04-26 23:04 - 00381816 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsExec.exe
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-02 11:56 - 2012-10-02 11:56 - 00000000 ____D C:\Users\Nina\Desktop\Neuer Ordner
2012-10-01 09:11 - 2012-10-01 09:11 - 00000000 ____D C:\Users\Nina\AppData\Local\{ECDEF87C-64BF-4661-B9CC-BF20B5C042C5}
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:56 - 2012-10-01 06:56 - 00000000 ____D C:\Users\Nina\AppData\Local\{A083496B-F28A-454E-ACD6-AE190C1B0283}
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 23:07 - 2012-09-30 23:07 - 00000000 ____D C:\Users\Nina\AppData\Local\{3A09E88B-5581-46ED-9BC1-37B250087C21}
2012-09-30 21:44 - 2012-09-30 11:45 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 21:44 - 2012-09-30 11:45 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:04 - 2012-09-30 10:04 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-30 10:02 - 2012-09-30 10:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-30 10:02 - 2012-09-07 05:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-10-01 09:12 - 00000000 ____D C:\Program Files\Steam
2012-09-30 08:11 - 2012-09-30 23:08 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-30 07:01 - 2012-10-02 12:44 - 00001912 ____A C:\Windows\epplauncher.mif
2012-09-30 06:58 - 2012-10-02 12:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-30 06:19 - 2012-09-30 06:20 - 00000000 ____D C:\Users\Nina\AppData\Local\{E6D7D3C0-3687-457D-8D8D-AF6830A285E0}
2012-09-29 10:22 - 2012-09-29 10:22 - 00000000 ____D C:\Users\Nina\AppData\Local\{20666CC0-4259-43A3-A916-C011F1229BFD}
2012-09-27 19:57 - 2012-09-27 19:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{D21FCDC8-0591-4A39-A636-7040B1A90BC8}
2012-09-27 07:40 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-27 07:40 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-27 07:40 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-27 07:40 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-27 07:40 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-27 07:40 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-27 07:40 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-27 07:40 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-27 07:40 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-27 06:49 - 2012-09-27 06:49 - 00000000 ____D C:\Users\Nina\AppData\Local\{928279D6-6C89-49E1-8F47-762BC1025D61}
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 04:36 - 2012-09-27 04:36 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-27 02:57 - 2012-09-27 02:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{8771A15B-7446-4500-82BD-7D9955761C20}
2012-09-25 23:16 - 2012-09-25 23:16 - 00000000 ____D C:\Users\Nina\AppData\Local\{75BAB726-26B3-489B-AB66-6C843DD63D67}
2012-09-25 01:44 - 2012-09-25 01:44 - 00000000 ____D C:\Users\Nina\AppData\Local\{8E93B501-DBF1-44CF-8D06-26E71FF5752E}
2012-09-22 11:01 - 2012-09-22 11:01 - 00000000 ____D C:\Users\Nina\AppData\Local\{6396CA56-3F9E-4835-A99D-8072AA846B38}
2012-09-19 11:42 - 2012-09-19 11:42 - 00000000 ____D C:\Users\Florian\AppData\Roaming\dvdcss
10508-02-27 20:36 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\NINA - Queen of Awesomeness and Antarctica
10508-02-27 20:35 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\Uni und Schule
10508-02-27 20:34 - 2012-06-07 10:19 - 00000000 ____D C:\Users\Nina\Documents\pics from NZ friends

==================== 3 Months Modified Files ==================

2012-10-08 07:48 - 2007-04-18 09:33 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-10-08 07:48 - 2006-11-02 14:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-08 07:48 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-08 07:47 - 2009-12-15 22:29 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-08 07:47 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-08 07:47 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-08 07:20 - 2009-12-15 22:29 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-07 22:45 - 2006-11-02 11:33 - 01458792 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-07 22:44 - 2007-11-06 10:54 - 01580696 ____A C:\Windows\WindowsUpdate.log
2012-10-07 20:55 - 2007-11-06 12:19 - 00059542 ____A C:\Windows\PFRO.log
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 12:54 - 2007-12-26 18:52 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.001
2012-10-02 12:44 - 2012-09-30 07:01 - 00001912 ____A C:\Windows\epplauncher.mif
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:55 - 2007-11-06 12:21 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 11:45 - 2012-09-30 21:44 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 11:45 - 2012-09-30 21:44 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-09-30 09:34 - 2010-02-22 23:39 - 00035541 ____A C:\Users\Florian\AppData\Roaming\nvModes.001
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-27 07:36 - 2006-11-02 11:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 03:16 - 2007-12-25 16:47 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.dat
2012-09-27 02:54 - 2006-11-02 13:52 - 00086153 ____A C:\Windows\setupact.log
2012-09-25 01:52 - 2007-11-06 11:11 - 00002631 ____A C:\Users\Nina\Desktop\Microsoft Office Word 2007.lnk
2012-09-19 11:39 - 2010-02-14 13:41 - 00102376 ____A C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-07 05:04 - 2012-09-30 10:02 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-30 10:03 - 2012-08-30 10:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 10:03 - 2012-03-20 08:44 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-25 23:30 - 2012-10-02 22:55 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-08-24 08:27 - 2012-09-27 07:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 08:03 - 2012-09-27 07:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 07:59 - 2012-09-27 07:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 07:51 - 2012-09-27 07:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 07:49 - 2012-09-27 07:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 07:48 - 2012-09-27 07:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 07:45 - 2012-09-27 07:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 07:43 - 2012-09-27 07:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:40 - 2012-09-27 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-19 07:56 - 2006-11-02 13:47 - 00380544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-22 18:34 - 2007-12-23 21:51 - 00102376 ____A C:\Users\Nina\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 17:15 - 2006-11-02 11:23 - 00000219 ____A C:\Windows\win.ini


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-10-07 22:04:23

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 2046.48 MB
Available physical RAM: 1642.89 MB
Total Pagefile: 1854.95 MB
Available Pagefile: 1711.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.94 MB

==================== Partitions =============================

1 Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:23.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:109.6 GB) (Free:31.07 GB) NTFS
4 Drive f: () (Removable) (Total:3.85 GB) (Free:0.73 GB) FAT32
5 Drive g: () (Removable) (Total:0.94 GB) (Free:0.65 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Datentr ###  Status      Gr”įe    Frei     Dyn  GPT
  --------  ----------  -------  -------  ---  ---
       0    Online       233 GB      0 B         
       1    Online      3946 MB      0 B         
       2    Online       968 MB      0 B         



Last Boot: 2012-10-07 22:47

==================== End Of Log ============================
         

Antwort

Themen zu Windows Vista - Infektion mit Sirefef, Sirefef.AB
alarm, anleitung, befall, bild, datei, defekt, dienst, fehler, firewall, gmer, infektion, malwarebytes, nicht mehr, nichts, scan, scanner, sicherheitscenter, starten, system, tan, updates, vista, windows, windows vista, wirklich



Ähnliche Themen: Windows Vista - Infektion mit Sirefef, Sirefef.AB


  1. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  2. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  3. Sirefef-A und Sirefef.mc Virenfund - eigenständiges Öffnen von Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (9)
  4. Trojaner eingefangen - Sirefef-A/Sirefef-AHF/BitCoinMiner-U/Malware-gen
    Log-Analyse und Auswertung - 31.08.2012 (27)
  5. Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (29)
  6. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  7. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  8. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  9. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  10. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  11. Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (37)
  12. Win64:Sirefef-A (Trj) und Win32:Sirefef-AO (Rtk) eingefangen
    Log-Analyse und Auswertung - 10.06.2012 (14)
  13. Infektion mit abnow.com und Trj/Sirefef.D
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (7)
  14. Trojan:Win64/Sirefef.K + .../Sirefef.D + .../Sirefef.E
    Log-Analyse und Auswertung - 13.01.2012 (15)
  15. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  16. Trojan:Win64/Sirefef.K & Sirefef.D & Sirefef.E
    Log-Analyse und Auswertung - 02.01.2012 (6)
  17. sirefef.o auf windows vista
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (19)

Zum Thema Windows Vista - Infektion mit Sirefef, Sirefef.AB - Nachdem wir am anderen Ende der Welt angekommen sind, wollten wir nach 4 Wochen ohne Netzverbindung die nötigen updates ziehen, und meine Partnerin hat dabei wohl das "Flash-update" mit adminrechten - Windows Vista - Infektion mit Sirefef, Sirefef.AB...
Archiv
Du betrachtest: Windows Vista - Infektion mit Sirefef, Sirefef.AB auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.