Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem

Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem


Log-Analyse und Auswertung: Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.08.2012, 22:19   #1
Josh1972
 
Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem - Standard

Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem


Hallo zusammen,

wie im Titel aufgeführt, habe ich abwechselnd die Meldungen von ESET NOD Antivirus 4 über

Sirefef.AP
Sirefef.AD
Sirefef.FD
Sirefef.EZ
Conedex.B
Patched.B.Gen
Agent.BA

Das ganze auf Win 7 64bit.

Ich habe mir dazu http://www.trojaner-board.de/121625-...-1-minute.html durchgelesen und unter OTLPE gescannt. Hier der Inhalt von OTL.Txt:

OTL logfile created on: 8/14/2012 12:39:27 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 8.73 Gb Total Space | 3.37 Gb Free Space | 38.53% Space Free | Partition Type: NTFS
Drive D: | 229.70 Gb Total Space | 9.31 Gb Free Space | 4.05% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/21 12:48:14 | 000,283,648 | ---- | M] (IDT, Inc.) [Auto] -- D:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/21 12:48:10 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/01/12 10:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 10:41:42 | 000,810,144 | ---- | M] (ESET) [Auto] -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/12/02 14:30:26 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/10 11:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto] -- D:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/07/19 18:48:36 | 000,340,240 | ---- | M] () [On_Demand] -- D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/08 02:15:06 | 000,314,880 | ---- | M] (OptionNV) [Auto] -- D:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2012/08/02 14:21:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 07:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/17 08:36:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/29 19:04:34 | 000,224,096 | ---- | M] () [Auto] -- D:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/07 12:02:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/07 04:06:30 | 000,241,648 | ---- | M] (CyberLink) [Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 07:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/29 19:04:37 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2012/05/29 19:04:37 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/05/29 19:04:37 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/05/29 19:04:37 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/05/29 19:04:37 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- D:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2012/05/29 19:04:37 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/05/29 19:04:37 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2012/05/29 19:04:37 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/02/15 06:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/21 12:48:16 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/21 09:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto] -- D:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 09:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System] -- D:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 07:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto] -- D:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/12/02 16:05:22 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/02 13:55:00 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/02 11:09:50 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/11/30 09:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/30 09:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/16 20:43:32 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/16 20:43:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/04 11:36:24 | 012,178,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/24 12:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/07 09:41:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 05:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- D:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/08/10 09:16:28 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/26 16:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot] -- D:\Windows\System32\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/02/18 10:14:48 | 000,124,928 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2008/02/08 06:00:42 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007/03/30 06:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/06/26 16:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot] -- D:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Josh_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.de/alienware
IE - HKU\Josh_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Josh_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Josh_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_270.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: D:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/08/29 14:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/19 21:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/19 21:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 08:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/07 17:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/29 14:47:00 | 000,000,000 | ---D | M]

[2011/06/07 12:09:30 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2012/05/20 11:36:13 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions
[2012/05/20 11:36:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/12 13:23:46 | 000,000,000 | ---D | M] (Babylon) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions\ffxtlbr@babylon.com
[2011/08/12 14:21:32 | 000,000,000 | ---D | M] (TVU Web Player) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions\firefox@tvunetworks.com
[2011/07/12 19:08:26 | 000,002,354 | ---- | M] () -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\searchplugins\aol-web-search.xml
[2011/08/20 18:05:32 | 000,002,396 | ---- | M] () -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\searchplugins\askcom.xml
[2012/04/09 16:27:17 | 000,003,916 | ---- | M] () -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\searchplugins\sweetim.xml
[2012/04/26 09:26:51 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/06/17 08:36:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/25 17:36:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/19 21:43:17 | 000,129,144 | ---- | M] (RealPlayer) -- D:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/10 16:19:47 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/12 13:33:08 | 000,002,423 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/10 16:19:47 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/10 16:19:47 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/10 16:19:47 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/10 16:19:47 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/10 16:19:47 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011/08/12 14:16:39 | 000,000,000 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - D:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - D:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Josh_ON_D\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - D:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] D:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelWireless] D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] D:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Desktop Disc Tool] D:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] D:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] D:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] D:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Josh_ON_D..\Run: [Comrade.exe] D:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKU\Josh_ON_D..\Run: [MobileDocuments] D:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: D:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Josh_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Josh_ON_D\..Trusted Domains: comproof.net ([eu] https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{413ad02b-a9df-11e1-b14d-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{413ad02b-a9df-11e1-b14d-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{413ad040-a9df-11e1-b14d-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{413ad040-a9df-11e1-b14d-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{79544983-b727-11e1-b631-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{79544983-b727-11e1-b631-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{954c21e8-c39a-11e1-8c67-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{954c21e8-c39a-11e1-8c67-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{97708032-b066-11e0-8a81-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{97708032-b066-11e0-8a81-68a3c44951ad}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 17:01:04 | 000,000,000 | R--D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
[2012/08/13 12:28:24 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/08/13 11:57:35 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2B0E3F8C1277582A
[2012/08/13 11:56:24 | 000,000,000 | ---D | C] -- D:\Program Files\Enigma Software Group
[2012/08/13 11:55:57 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/13 11:50:49 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\SpeedyPC Software
[2012/08/13 11:50:49 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\DriverCure
[2012/08/13 11:50:46 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/13 11:50:42 | 000,000,000 | ---D | C] -- D:\ProgramData\SpeedyPC Software
[2012/08/13 11:47:40 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.F2D2D61D8D47EC66
[2012/08/13 11:38:52 | 000,138,120 | ---- | C] (ESET) -- D:\Users\Josh\Desktop\2_ESETSirefefRemover.exe
[2012/08/12 17:03:31 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.3BBFFB64C748F7F3
[2012/08/12 16:52:59 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.4A564558A9C088B3
[2012/08/12 16:42:23 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.20A9F0D949E6D114
[2012/08/12 16:31:56 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.1B3E7BE9573C7250
[2012/08/12 16:19:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.81CCB6D38927DF2F
[2012/08/12 16:13:19 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.37FACFA12625A752
[2012/08/12 16:10:20 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AF621FEF8B8BF302
[2012/08/12 16:06:49 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E752DBE5603390C5
[2012/08/12 16:00:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- D:\Users\Josh\Desktop\OTL.exe
[2012/08/12 16:00:06 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8A6A2E1F7F4507A1
[2012/08/12 15:56:36 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.02BE3810F7A4BCE8
[2012/08/12 15:54:44 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ESET
[2012/08/12 15:49:58 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.0A5F500305415740
[2012/08/12 15:46:36 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.97806A36A014C9B4
[2012/08/12 15:43:36 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AC01F679038001F1
[2012/08/12 15:40:15 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D6101166421DF9A
[2012/08/12 15:37:02 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2878E6FF69F62158
[2012/08/12 15:34:05 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.C43CD81544C76944
[2012/08/12 15:28:44 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Malwarebytes
[2012/08/12 15:28:41 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 15:28:37 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2012/08/12 15:28:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2012/08/12 15:28:36 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/12 15:23:43 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.B147AEC97FB3E394
[2012/08/12 15:16:45 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2C7F582261C1EEBC
[2012/08/12 15:13:37 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AA61A46E3D49701A
[2012/08/12 15:01:58 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E79EB188344D02A9
[2012/08/12 14:51:21 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.BF6C368E86FEC93C
[2012/08/12 14:45:28 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D7A4FA0595E2431
[2012/08/12 14:42:21 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.39C49BBA37BE1989
[2012/08/12 14:32:15 | 000,000,000 | ---D | C] -- D:\Users\Josh\Documents\Simply Super Software
[2012/08/12 14:32:06 | 000,000,000 | ---D | C] -- D:\ProgramData\Simply Super Software
[2012/08/12 14:30:08 | 057,442,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\MRT.exe
[2012/08/12 06:15:27 | 000,000,000 | -HSD | C] -- D:\Windows\SysWow64\%APPDATA%
[2012/08/02 14:30:29 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\IDT
[2012/08/01 18:25:48 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/29 12:54:52 | 000,000,000 | ---D | C] -- D:\Windows\pss
[2012/07/27 18:55:47 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Ytloun
[2012/07/27 18:55:47 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Uwrow
[2012/07/27 18:55:47 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Togoe
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 17:23:45 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/08/13 17:23:23 | 2106,449,919 | -HS- | M] () -- D:\hiberfil.sys
[2012/08/13 17:21:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 17:16:00 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 17:08:09 | 000,021,280 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 17:08:09 | 000,021,280 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 17:05:06 | 000,726,370 | ---- | M] () -- D:\Windows\System32\perfh019.dat
[2012/08/13 17:05:06 | 000,711,706 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/08/13 17:05:06 | 000,664,656 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/08/13 17:05:06 | 000,155,022 | ---- | M] () -- D:\Windows\System32\perfc019.dat
[2012/08/13 17:05:06 | 000,154,660 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/08/13 17:05:06 | 000,126,682 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/08/13 17:01:08 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/13 17:01:05 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
[2012/08/13 12:08:02 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
[2012/08/13 11:57:35 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2B0E3F8C1277582A
[2012/08/13 11:49:42 | 000,001,205 | ---- | M] () -- D:\Users\Josh\Desktop\N1_FixNCR.reg
[2012/08/13 11:47:40 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.F2D2D61D8D47EC66
[2012/08/13 11:38:55 | 004,009,167 | ---- | M] () -- D:\Users\Josh\Desktop\3_ServicesRepair.exe
[2012/08/13 11:38:52 | 000,138,120 | ---- | M] (ESET) -- D:\Users\Josh\Desktop\2_ESETSirefefRemover.exe
[2012/08/13 11:38:50 | 002,030,547 | ---- | M] () -- D:\Users\Josh\Desktop\1_EZ_Sirefix.exe
[2012/08/12 17:03:31 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.3BBFFB64C748F7F3
[2012/08/12 16:52:59 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.4A564558A9C088B3
[2012/08/12 16:42:23 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.20A9F0D949E6D114
[2012/08/12 16:31:56 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.1B3E7BE9573C7250
[2012/08/12 16:19:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.81CCB6D38927DF2F
[2012/08/12 16:13:19 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.37FACFA12625A752
[2012/08/12 16:10:20 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AF621FEF8B8BF302
[2012/08/12 16:06:49 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E752DBE5603390C5
[2012/08/12 16:00:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Users\Josh\Desktop\OTL.exe
[2012/08/12 16:00:06 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8A6A2E1F7F4507A1
[2012/08/12 15:56:36 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.02BE3810F7A4BCE8
[2012/08/12 15:49:58 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.0A5F500305415740
[2012/08/12 15:46:36 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.97806A36A014C9B4
[2012/08/12 15:43:36 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AC01F679038001F1
[2012/08/12 15:40:15 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D6101166421DF9A
[2012/08/12 15:37:02 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2878E6FF69F62158
[2012/08/12 15:34:05 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.C43CD81544C76944
[2012/08/12 15:28:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 15:23:43 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.B147AEC97FB3E394
[2012/08/12 15:16:45 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2C7F582261C1EEBC
[2012/08/12 15:13:37 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AA61A46E3D49701A
[2012/08/12 15:01:58 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E79EB188344D02A9
[2012/08/12 14:51:21 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.BF6C368E86FEC93C
[2012/08/12 14:45:28 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D7A4FA0595E2431
[2012/08/12 14:42:21 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.39C49BBA37BE1989
[2012/08/12 14:40:32 | 002,572,706 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/02 14:21:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 14:21:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/01 18:31:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/29 12:54:52 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 11:49:42 | 000,001,205 | ---- | C] () -- D:\Users\Josh\Desktop\N1_FixNCR.reg
[2012/08/13 11:38:54 | 004,009,167 | ---- | C] () -- D:\Users\Josh\Desktop\3_ServicesRepair.exe
[2012/08/13 11:38:49 | 002,030,547 | ---- | C] () -- D:\Users\Josh\Desktop\1_EZ_Sirefix.exe
[2012/08/12 14:40:38 | 000,001,945 | ---- | C] () -- D:\Windows\epplauncher.mif
[2011/10/17 17:46:44 | 000,167,080 | -H-- | C] () -- D:\Windows\SysWow64\mlfcache.dat
[2011/10/06 14:42:06 | 000,021,840 | ---- | C] () -- D:\Windows\SysWow64\SIntfNT.dll
[2011/10/06 14:42:06 | 000,017,212 | ---- | C] () -- D:\Windows\SysWow64\SIntf32.dll
[2011/10/06 14:42:06 | 000,012,067 | ---- | C] () -- D:\Windows\SysWow64\SIntf16.dll
[2011/09/21 03:17:24 | 000,000,288 | ---- | C] () -- D:\Users\Josh\AppData\Roaming\.backup.dm
[2011/08/12 14:17:04 | 000,000,380 | ---- | C] () -- D:\Windows\psnetwork.ini
[2011/07/10 18:30:41 | 000,000,092 | ---- | C] () -- D:\Users\Josh\AppData\Local\fusioncache.dat
[2011/06/09 18:38:40 | 000,000,997 | ---- | C] () -- D:\Windows\eReg.dat
[2011/05/29 06:20:48 | 000,960,812 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2011/05/29 06:20:48 | 000,206,952 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2011/05/29 06:20:46 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/05/29 06:20:43 | 000,002,888 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2011/05/29 04:52:52 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/05/29 04:41:28 | 000,002,888 | ---- | C] () -- D:\Windows\SysWow64\atipblup.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/02/11 14:06:36 | 002,572,706 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2010/11/10 11:50:38 | 000,098,232 | ---- | C] () -- D:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/09/09 19:18:28 | 000,577,536 | ---- | C] () -- D:\Windows\SysWow64\EMSC.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/07 07:51:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Alienware
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/05/14 14:30:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2012/05/29 19:05:53 | 000,000,000 | ---D | M] -- D:\ProgramData\DatacardService
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/08/29 14:47:00 | 000,000,000 | ---D | M] -- D:\ProgramData\ESET
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/05/29 19:05:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Internet Manager
[2011/05/29 04:58:20 | 000,000,000 | ---D | M] -- D:\ProgramData\PhotoShow Shared Assets
[2012/08/12 14:32:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Simply Super Software
[2011/06/19 08:56:30 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2012/08/13 12:20:02 | 000,000,000 | ---D | M] -- D:\ProgramData\SpeedyPC Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/04/09 16:27:10 | 000,000,000 | ---D | M] -- D:\ProgramData\SweetIM
[2012/08/13 17:10:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/05/29 04:58:40 | 000,000,000 | ---D | M] -- D:\ProgramData\Uninstall
[2011/05/29 04:46:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Vista32
[2011/05/29 04:46:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Vista64
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/05/29 04:52:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Win732
[2011/05/29 04:52:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Win764
[2011/05/29 04:46:48 | 000,000,000 | ---D | M] -- D:\ProgramData\XP32
[2011/06/09 13:44:55 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/26 14:13:53 | 000,000,000 | -H-D | M] -- D:\ProgramData\{D7941DA4-2EF5-4E70-8A3D-3CF7634A336B}
[2012/08/13 11:42:38 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> D:\ProgramData\Temp:CB0AACC9
< End of report >

Alt 14.08.2012, 06:10   #2
kira
/// Helfer-Team
 
Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem - Standard

Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem


Hallo und Herzlich Willkommen!

Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangen:
Zitat:
win32.ZAccess
Empfiehlt sich hier das System nur mehr neu zu installieren, da die Bekämpfung diese neue Art der Infektion ohne div. Nebenwirkungen und hinterlassenen Schaden, die immer wieder [auf verschiedene Weise] Probleme bereiten können, ist nicht möglich!
- einen Backdoor mit Rootkitfunktionalität

diese Malware verwendet Rootkit-Technologie und Backdoor-Routine
*was sind Backdoors und Rootkits*

Verhaltensweise:
"speicherresident"

Zitat:
Erklärung:
Speicherresident nennt man Programme oder Programmteile, deren Daten während des Rechnerbetriebs nicht routinemässig auf Datenträger wie die Festplatte geschrieben und bei Bedarf wieder in den Arbeitsspeicher eingelesen werden, sondern die ganze Zeit im Arbeitsspeicher verbleiben.
Dazu gehören im Allgemeinen die für den Rechnerbetrieb zentralen und häufig durchgeführten Teile des Betriebsystems oder beim Programmablauf eines Anwendungsprogrammes ständig wiederkehrende Programmroutinen.
Einerseits verkürzen speicherresidente Programme die Zugriffszeiten, weil die für das Einlesen der Daten vom Datenträger in den Arbeitsspeicher benötigte Zeit entfällt. Andererseits verringern sie die verfügbare Kapazität des Arbeitsspeichers.
Speicherresident sind auch viele Viren, die dafür sorgen, dass das Betriebssytem sie die ganze Zeit im Arbeitsspeicher hält, von wo aus sie andere Programme infizieren können.

Tipps & Rat:


Daten sichern mit Hilfe von OTLPE:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:
Zitat:
Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check
Die Online-Scanner sind alle reine On-Demand-Scanner. Sie durchsuchen einzelne Dateien oder Verzeichnisse, wahlweise die gesamte Festplatte, haben keinen Hintergrundwächter oder andere residente Prozesse. Dadurch verbrauchen sie ausser Festplattenspeicher keine Resourcen und man kann beliebig viele gleichzeitig installieren. Die Online-Scanner sind gut geeignet um sich eine zweite Meinung einzuholen.


-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7


Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

gruß
kira
__________________

__________________
Antwort

Themen zu Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem
adobe, adobe flash player, alienware, antivirus, bho, bonjour, defender, desktop, download, enigma, error, eset nod32, explorer, firefox, flash player, format, google earth, helper, igdpmd64.sys, installation, logfile, malwarebytes, microsoft, mozilla, object, plug-in, problem, realtek, registry, software, super, sweetim, sweetpacks, t-mobile, vista


« -Live Security Platinum- Logfiles anbei! | Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem »


Ähnliche Themen: Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem


  1. Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (5)
  2. Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
    Log-Analyse und Auswertung - 15.02.2014 (86)
  3. Sirefef/Conedex
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (3)
  4. W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (14)
  5. Win64/Patched.A und Luhe.Sirefef.A gefunden
    Log-Analyse und Auswertung - 21.01.2013 (5)
  6. W32/Patched.UB und TR/Sirefef.AZ.62Viren
    Log-Analyse und Auswertung - 13.10.2012 (2)
  7. TR/ATRAPS.Gen + Gen2, W32/Patched.UA, JS.Agent.Inf.6750
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (36)
  8. W32/Patched.UA roootkit zero access + TR/ATRAPS.Gen2 TR/Sirefef.
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (2)
  9. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  10. Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem
    Log-Analyse und Auswertung - 14.08.2012 (1)
  11. Trojan.Patched.Sirefef.B in C:\Windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (3)
  12. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  13. Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (37)
  14. Trojan:Win32/Win64/Sirefef; Trojan:Win32/Conedex und Trojandropper:Win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (11)
  15. Mehre Versionen der Trojaner Sirefef und Conedex gefunden. Löschbar oder Festplatte formatieren?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (9)
  16. Trojaner Sirefef und Conedex und Backdoor.Agent
    Log-Analyse und Auswertung - 02.03.2012 (29)
  17. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem - Hallo zusammen, wie im Titel aufgeführt, habe ich abwechselnd die Meldungen von ESET NOD Antivirus 4 über Sirefef.AP Sirefef.AD Sirefef.FD Sirefef.EZ Conedex.B Patched.B.Gen Agent.BA Das ganze auf Win 7 64bit. - Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem...
Archiv
Du betrachtest: Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA - Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130