| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: svhost Trojan.Sirefef.BRWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.05.2012, 22:48
| #1 |
  |  svhost Trojan.Sirefef.BR hallo bin neu hier also bitte nicht gleich schlagen^^. ich habe einen laptop hier mit Windows 7 Ultimate 64 Bit er wird vorwiegend für Facebook genutzt. sobald er komplett hochgefahren war kam sofort ein Bluescreen. da habe ich das gefixt mit dem Windows Boot Menu und "letzte bekannte konfiguration benutzen". da funktionierte er erstmal wieder aber Bitdefender 2010 meldete sich dann gleich mit nem Trojaner "Trojan.Sirefef.BR" in mehreren dateien. die im Verzeichnis System32 liegen als anwendung wurde mir svhost genannt. in der "Verwaltung" unter "Dienste" sind auch extrem viele dienste die ich nicht kenne, mit der beschreibung "New service would allow parents to control their children´s online activity." weis jetzt nicht was ich machen soll, lasse gerade noch Bitdefender Internet security 2011 nen Tiefen scan machen. die Trojaner die ich sonst immer hatte waren harmlos aber dieser hat es wohl in sich. er lässt auch keine internet verbindung zu, nur Lokal. im "abgesicherten modus mit netzwerktreibern" funktioniert es aber. mfg Patrick push...... |
|
21.05.2012, 08:16
| #2 |
| /// Malwareteam    | svhost Trojan.Sirefef.BR Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Wenn ZeroAccess wirklich am System aktiviert wurde, ist nach heutigem Kenntnisstand kein Programm in der Lage, diesen Mist automatisch zu entfernen! Gmer ist nur für 32bit-Systeme! Um eine genaue Analyse zu ermöglichen, mach einmal folgendes: Schritt 1: Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: DDS Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
Schritt 3: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 4: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
21.05.2012, 09:53
| #3 |
| | svhost Trojan.Sirefef.BR von Bitdefender gibt es auch einen entferner für den schädling, aber lieber nicht verwenden oder? Rootkit ZeroAccess entfernen: Bitdefender stellt kostenloses Removal-Tool bereit kann aber erst heut abend damit anfangen weil ich dann auf arbeit mache. spätschicht die ganze woche.
__________________und für jeden Log nen extra Beitrag? und nicht als Code schreiben? |
|
21.05.2012, 09:57
| #4 |
| /// Malwareteam | svhost Trojan.Sirefef.BR Hör mal, wir bieten dir gerne Hilfe an - dann tu aber bitte, was wir sagen und antworte nicht mit Tools von anderen Anbietern. Mal ehrlich: Denkst du nicht, wenn das Tool zuverlässig helfen würde, könnten wir uns die detaillierte Suche sparen? 
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.05.2012, 10:01
| #5 |
| | svhost Trojan.Sirefef.BR ok, war ja nur ne Frage. soll ich die tools im normalen windows laufen lassen oder im abgesicherten modus weil ich nur im abgesicherten modus internet zugriff habe. defogger_disable Log defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:48 on 21/05/2012 (Luisa) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
|
21.05.2012, 11:02
| #6 | |
| /// Malwareteam | svhost Trojan.Sirefef.BRZitat:
__________________ --> svhost Trojan.Sirefef.BR |
|
21.05.2012, 23:56
| #7 |
| | svhost Trojan.Sirefef.BR defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:48 on 21/05/2012 (Luisa) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ---------------------------------------------------------------------------- DDS Log: dds log .DDS Logfile: DDS Logfile  DS Logfile:DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Luisa at 1:20:21 on 2012-05-22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2038.1645 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:60465
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=explorer.exe,C:\Users\Luisa\AppData\Roaming\1293A\EEC0C.exe
uWindows: Load=C:\Users\Luisa\AppData\Roaming\3A05B\lvvm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll"
TB: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube to Mp3 Converter - C:\Users\Luisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A7E16D12-C45B-4254-AE79-75E767DFDB8E} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{A7E16D12-C45B-4254-AE79-75E767DFDB8E}\75C416E602543627C6F6B602 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BD855E47-484B-4608-8F1C-2F76A0AC6A73} : DhcpNameServer = 192.168.0.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C}
TB-X64: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Luisa\AppData\Roaming\Mozilla\Firefox\Profiles\161hpcsf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60465
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Users\Luisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Windows\system32\DRIVERS\BdfNdisf6.sys --> C:\Windows\system32\DRIVERS\BdfNdisf6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
S1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-1-4 89680]
S2 antivirscheduler;Mfebopk;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 antivirservice;Symsecureport;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgascln;Mhndrv;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgclean;S716obex;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgcoresvc;Hardlock;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgio;Cpqfcalm;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgntflt;L6POD;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avgtdi;Upperdev;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 avp;Artourservice;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-1-19 103944]
S2 clientservice;Symevent;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz132;Amdk7;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 CTMFLT;Hpn;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 DivisCTP;SE2Emgmt;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 DMUSBUSBDCam;Ccispwdsvc;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 fssfltr;Wg5n;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 fsssvc;PciBus;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 GV600_4;Transbaseservice;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
S2 ikhfile;Digitizer;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mbr;Mafwboot;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcafeeframework;Mail2ec;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcproxy;EMATCORE;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mcshield;MTDVC2_ENUM;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mctskshd.exe;A88xXBar;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mfehidk;Tmactmon;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mferkdk;PCDCODEC;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mfesmfk;Ati2mtaa;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mirrorv3;Vetefile;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mksvirmonsvc;Vsdatant;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ofcpfwsvc;LCcfltr;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ofcservice;Nvsmu;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pav_security;CnxTrLan;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pav_service;Zfdwm;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavfnsvr;Gtndis5;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 RAPIProtocol;CdaD10BA;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 SbieDrv;Z800bus;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 starwindservice;Intel_MIPMNMP;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 symantecantibotfilter;Cypresslink;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 symantecantibotshim;Xponaut_WBD;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]
S2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe [2011-8-12 241664]
S2 vet-rec;Fs_rec;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 vetmonnt;Symantecantibotagent;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-4-20 9216]
S2 webrootenterpriseupdateservice;CTERFXFX.DLL;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 WTGService;WTGService;C:\Program Files (x86)\XSManager\WTGService.exe [2012-3-7 329168]
S2 XS Stick Service;XS Stick Service;C:\Windows\service4g.exe [2010-4-30 145064]
S2 ZDCNDIS5;ACDaemon;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
S3 BDFM;BDFM;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\system32\DRIVERS\cmnsusbser.sys --> C:\Windows\system32\DRIVERS\cmnsusbser.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\DRIVERS\massfilter.sys --> C:\Windows\system32\DRIVERS\massfilter.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\system32\DRIVERS\zghsmdm.sys --> C:\Windows\system32\DRIVERS\zghsmdm.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\system32\DRIVERS\ZTEusbnet.sys --> C:\Windows\system32\DRIVERS\ZTEusbnet.sys [?]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\Windows\system32\DRIVERS\ZTEusbvoice.sys [?]
.
=============== Created Last 30 ================
.
2012-05-19 23:04:36 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-19 23:04:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-19 20:38:01 -------- d-----w- C:\ProgramData\dc0d0000-285f-421f-58ff-3e3acd773491
2012-05-19 20:31:01 -------- d-----w- C:\Users\Luisa\AppData\Roaming\QuickScan
2012-05-19 20:30:39 -------- d-----w- C:\ProgramData\BitDefender
2012-05-19 20:27:34 155455 ----a-w- C:\ProgramData\bdinstall.bin
.
==================== Find3M ====================
.
2012-05-21 23:14:07 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-03-10 12:09:24 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-03-07 19:30:25 63648 ----a-w- C:\Windows\System32\drivers\smsbda.sys
2012-03-07 19:30:25 133120 ----a-w- C:\Windows\System32\drivers\cm_netamd.sys
2012-03-07 19:30:25 118272 ----a-w- C:\Windows\System32\drivers\cm_seramd.sys
2012-03-07 19:30:25 117888 ----a-w- C:\Windows\System32\drivers\cmnsusbser.sys
2012-03-07 19:30:25 112640 ----a-w- C:\Windows\System32\drivers\cm_net32.sys
2012-03-07 19:30:25 103680 ----a-w- C:\Windows\System32\drivers\cm_ser32.sys
.
============= FINISH: 1:22:00,47 ===============
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Attach log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 01.11.2010 18:03:54 System Uptime: 22.05.2012 01:13:48 (0 hours ago) . Motherboard: Hewlett-Packard | | 30ED Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 1729/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 138 GiB total, 94,802 GiB free. D: is FIXED (NTFS) - 11 GiB total, 2,14 GiB free. E: is CDROM () F: is Removable G: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP145: 19.05.2012 20:31:40 - Windows-Sicherung . ==== Installed Programs ====================== . Adobe Flash Player 10 Plugin Adobe Reader 9.4.7 - Deutsch Advertising Center Conduit Engine Facebook Video Calling 1.2.0.159 Free Audio CD Burner version 1.4.7 Free Mp3 Wma Converter V 1.93 Free Video Converter V 3.0 Free YouTube to MP3 Converter version 3.10.15.1228 Image Resizer Powertoy Clone for Windows Microsoft Office Word Viewer 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 9.0.1 (x86 de) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart OEM neroxml OpenOffice.org 3.2 PhotoScape Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) T-Mobile Internet Manager 03 TuneUp Utilities TuneUp Utilities Language Pack (de-DE) Uninstall 1.0.0.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Vodafone Mobile Connect Lite VSO Image Resizer 4.0.2.5 WinRAR XSManager . ==== End Of File =========================== ------------------------------------------------------------------------- aswMBR Log aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-22 01:23:53 ----------------------------- 01:23:53.968 OS Version: Windows x64 6.1.7600 01:23:53.968 Number of processors: 2 586 0xF0D 01:23:53.968 ComputerName: LUISA-PC UserName: Luisa 01:23:56.323 Initialize success 01:24:51.516 AVAST engine defs: 12052101 01:25:42.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 01:25:42.294 Disk 0 Vendor: FUJITSU_MHY2160BH 890B Size: 152627MB BusType: 11 01:25:42.310 Disk 0 MBR read successfully 01:25:42.310 Disk 0 MBR scan 01:25:42.326 Disk 0 Windows 7 default MBR code 01:25:42.326 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 01:25:42.357 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 140867 MB offset 206848 01:25:42.388 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11656 MB offset 288704115 01:25:42.435 Disk 0 scanning C:\Windows\system32\drivers 01:25:53.511 Service scanning 01:25:54.790 Service 3compxe C:\Windows\system32\pmounter.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:54.852 Service a016bus C:\Windows\system32\SWNC8U51.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:54.962 Service acedrv07 C:\Windows\system32\Shockprf.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:55.211 Service adobeactivefilemonitor4.0 C:\Windows\system32\eloggersvc6.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:55.430 Service AEADIFilters C:\Windows\system32\idechndr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:55.757 Service ALABULK C:\Windows\system32\ifxspmgtsrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:56.553 Service ARCSOFTVIRTUALCAPTURE C:\Windows\system32\pacsptisvr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:56.818 Service ASMMAP C:\Windows\system32\NETw3x32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:57.224 Service atikmdag C:\Windows\system32\rimusb.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:57.302 Service atksgt C:\Windows\system32\rp_fws.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:58.066 Service bb-run C:\Windows\system32\prevxagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:58.160 Service BCMTPM C:\Windows\system32\U81xobex.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:59.548 Service btaudio C:\Windows\system32\dlcf_device.dll **INFECTED** Win64:Sirefef-E [Trj] 01:25:59.876 Service Cap7134 C:\Windows\system32\bt3cusb.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:00.266 Service cics.region1 C:\Windows\system32\SED133x.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:01.685 Service ctljystk C:\Windows\system32\cpqrcmc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:01.748 Service CTMFLT C:\Windows\system32\pcidrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:01.872 Service cvslock C:\Windows\system32\websensedcagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:02.309 Service defwatch C:\Windows\system32\MSICPL.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:02.356 Service delldmi C:\Windows\system32\ppa3.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:02.933 Service dnetc C:\Windows\system32\CX23880.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:03.542 Service EACSvrMngr C:\Windows\system32\EAWDMFD.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:04.431 Service emu10k1 C:\Windows\system32\acprfmgrsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:04.540 Service enodpl C:\Windows\system32\starwindservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:04.571 Service entech C:\Windows\system32\acprfmgrsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:04.821 Service es1371 C:\Windows\system32\nmap.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:05.164 Service evteng C:\Windows\system32\backupexecalertserver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:05.445 Service fa_scheduler C:\Windows\system32\Shockprf.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:05.710 Service filterservice C:\Windows\system32\pgpsdkservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:05.804 Service FireTDI C:\Windows\system32\changer.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:06.459 Service gameenum C:\Windows\system32\EAWDMFD.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:06.755 Service hamachi C:\Windows\system32\iomegaaccess.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:08.128 Service HSXHWBS2 C:\Windows\system32\egathdrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:08.877 Service igateway C:\Windows\system32\cpucoolserver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:09.657 Service IntelC53 C:\Windows\system32\websenseuserservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:09.844 Service ipassconnectengine C:\Windows\system32\VNUSB.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:10.140 Service irmon C:\Windows\system32\pcx1nd5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:10.499 Service k750mdm C:\Windows\system32\TuneUp.Defrag.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:11.030 Service Ktp C:\Windows\system32\napagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:11.248 Service lemsgt C:\Windows\system32\procmon10.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:12.044 Service lvmvdrv C:\Windows\system32\prevxdriver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:12.153 Service lwwlicenseservice C:\Windows\system32\webupdate.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:12.558 Service mcmispupdmgr C:\Windows\system32\appnnode.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:12.761 Service mcproxy C:\Windows\system32\sleepy.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:13.011 Service megamonitorsrv C:\Windows\system32\dcevt32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:13.713 Service mqdmbus C:\Windows\system32\NWSIPX32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:14.290 Service MSFWHLPR C:\Windows\system32\agentsrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:14.836 Service MtxDma0 C:\Windows\system32\DSDrv4.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:14.945 Service mysql C:\Windows\system32\mnmdd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:16.193 Service nic1394 C:\Windows\system32\agentsrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:16.271 Service NICSer_WPC54G C:\Windows\system32\ssidrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:16.380 Service ni_nic C:\Windows\system32\backupexecalertserver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:16.521 Service Nmea C:\Windows\system32\ndistapi.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:16.724 Service npkcmsvc C:\Windows\system32\ose.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:17.457 Service NWSAP C:\Windows\system32\pid_0928.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:17.566 Service obvious C:\Windows\system32\SfCtlCom.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:17.972 Service OVT511Plus C:\Windows\system32\vaiomediaplatform-mobile-gateway.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:18.050 Service p1110vid C:\Windows\system32\lxcr_device.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:18.252 Service paamsrv C:\Windows\system32\ALABULK.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:18.315 Service PAR1284 C:\Windows\system32\FINEPIX_PCC.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:19.032 Service pdreli C:\Windows\system32\ftsata2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:20.249 Service ProcObsrv C:\Windows\system32\icraplus.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:22.074 Service rkhdrv31 C:\Windows\system32\pgpsdkservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:22.168 Service RMSvc C:\Windows\system32\ami0nt.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:22.542 Service rt2500 C:\Windows\system32\fgdxbus.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:22.667 Service RTL8023xp C:\Windows\system32\se45nd5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:22.714 Service rtl8029 C:\Windows\system32\radclock.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:22.776 Service rtl8187Se C:\Windows\system32\n558.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:22.901 Service rupsmon C:\Windows\system32\p17.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:23.010 Service s217mgmt C:\Windows\system32\ozoneinstallerservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:23.151 Service s616bus C:\Windows\system32\wpshelper.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:23.478 Service sbpci C:\Windows\system32\SlNtHal.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:24.227 Service SE2Cmdfl C:\Windows\system32\aaksrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:24.305 Service SE2Cobex C:\Windows\system32\DLH5X.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:24.368 Service se44nd5 C:\Windows\system32\arhidfltr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:24.960 Service SGIR C:\Windows\system32\cavasm.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:25.928 Service sony_ssm.sys C:\Windows\system32\pdframe.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:26.520 Service SQLBrowser C:\Windows\system32\botcbs.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:27.300 Service st330service C:\Windows\system32\lightscribeservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:27.363 Service stac97 C:\Windows\system32\aaksrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:27.846 Service SWNC8U51 C:\Windows\system32\srtspx.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:28.112 Service symredrv C:\Windows\system32\ose.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:28.361 Service T6963C C:\Windows\system32\DLH5X.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:28.548 Service tapvpn C:\Windows\system32\dxdebug.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:29.516 Service tnbrlds C:\Windows\system32\HBtnKey.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:29.672 Service tosrfhid C:\Windows\system32\atfsd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:29.828 Service trlokom_rmhsvc C:\Windows\system32\s616mdfl.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:30.342 Service tunmp C:\Windows\system32\MSICPL.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:30.467 Service TUWinStylerThemeSvc C:\Windows\system32\itchfltr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:32.604 Service vmusb C:\Windows\system32\asyncmac.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:37.908 Modules scanning 01:26:37.924 Disk 0 trace - called modules: 01:26:37.971 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 01:26:37.971 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027593d0] 01:26:37.986 3 CLASSPNP.SYS[fffff880018c043f] -> nt!IofCallDriver -> [0xfffffa80022f6320] 01:26:38.002 5 ACPI.sys[fffff88000f3e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80022ac060] 01:26:38.517 AVAST engine scan C:\Windows 01:26:40.280 AVAST engine scan C:\Windows\system32 01:26:40.592 File: C:\Windows\system32\aaksrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:40.997 File: C:\Windows\system32\acpi.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:41.060 File: C:\Windows\system32\acprfmgrsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:41.138 File: C:\Windows\system32\acrsch2svc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:41.559 File: C:\Windows\system32\addfiltr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:41.606 File: C:\Windows\system32\AdfuUd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:41.637 File: C:\Windows\system32\adihdaudaddservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:41.668 File: C:\Windows\system32\adminserver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:41.949 File: C:\Windows\system32\ADSMService.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:42.495 File: C:\Windows\system32\AFGMp50.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:42.526 File: C:\Windows\system32\agentsrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:42.604 File: C:\Windows\system32\ALABULK.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:42.729 File: C:\Windows\system32\amdk8.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:42.776 File: C:\Windows\system32\ami0nt.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:42.854 File: C:\Windows\system32\aniwzcsdservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.102 File: C:\Windows\system32\appnnode.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.289 File: C:\Windows\system32\arhidfltr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.382 File: C:\Windows\system32\asc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.460 File: C:\Windows\system32\ASNDIS5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.538 File: C:\Windows\system32\asp.net.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.585 File: C:\Windows\system32\aswlsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.694 File: C:\Windows\system32\asyncmac.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.804 File: C:\Windows\system32\atfsd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.866 File: C:\Windows\system32\ati.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.913 File: C:\Windows\system32\AtiHdmiService.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:44.960 File: C:\Windows\system32\atinevxx.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:45.038 File: C:\Windows\system32\AtlsAud.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:45.194 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:45.272 File: C:\Windows\system32\ATWPKT2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:46.379 File: C:\Windows\system32\autostore.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:46.644 File: C:\Windows\system32\avgascln.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:46.691 File: C:\Windows\system32\avgcoresvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:46.816 File: C:\Windows\system32\avsinc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:47.144 File: C:\Windows\system32\backupclientsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:47.190 File: C:\Windows\system32\backupexecalertserver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:47.253 File: C:\Windows\system32\backupexecnamingservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:47.300 File: C:\Windows\system32\backupexecrpcservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:48.080 File: C:\Windows\system32\bdrsdrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:48.126 File: C:\Windows\system32\belmonitorservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:48.813 File: C:\Windows\system32\BLKWGU(Belkin).dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:48.860 File: C:\Windows\system32\bobo.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:49.203 File: C:\Windows\system32\botcbs.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:49.452 File: C:\Windows\system32\bt3cusb.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:49.780 File: C:\Windows\system32\btnetfilter.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:49.936 File: C:\Windows\system32\BVRPMPR5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:49.998 File: C:\Windows\system32\bvrp_pci.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:50.186 File: C:\Windows\system32\caili.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:50.607 File: C:\Windows\system32\cavasm.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:50.763 File: C:\Windows\system32\cdmservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:50.934 File: C:\Windows\system32\cdrom.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:51.995 File: C:\Windows\system32\changer.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:52.541 File: C:\Windows\system32\cicsclient.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:52.619 File: C:\Windows\system32\cimnotify.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:53.274 File: C:\Windows\system32\cmdmon.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:53.961 File: C:\Windows\system32\CoachAud.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:54.008 File: C:\Windows\system32\cobbmservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:55.427 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj] 01:26:55.677 File: C:\Windows\system32\cpqrcmc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:55.739 File: C:\Windows\system32\cpucoolserver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:55.770 File: C:\Windows\system32\cq_mem.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:56.831 File: C:\Windows\system32\CTAUDFX.DLL.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:56.940 File: C:\Windows\system32\cvspydr2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:56.987 File: C:\Windows\system32\cwafadmincontroller.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:57.034 File: C:\Windows\system32\CX23880.dll **INFECTED** Win64:Sirefef-E [Trj] 01:26:59.842 File: C:\Windows\system32\db2remotecmd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:00.404 File: C:\Windows\system32\dcevt32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:01.386 File: C:\Windows\system32\DeviceScanner.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:01.964 File: C:\Windows\system32\DFUBTUSB.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:03.243 File: C:\Windows\system32\dlaudf_m.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:03.290 File: C:\Windows\system32\dlcf_device.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:03.352 File: C:\Windows\system32\DLH5X.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:03.586 File: C:\Windows\system32\dmisrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:03.992 File: C:\Windows\system32\dnserver32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:05.224 File: C:\Windows\system32\DSDrv4.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:05.333 File: C:\Windows\system32\DSI_SiUSBXp_3_1.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:06.597 File: C:\Windows\system32\dxdebug.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:07.861 File: C:\Windows\system32\earthlinksafeconnectagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:07.907 File: C:\Windows\system32\EAWDMFD.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:08.095 File: C:\Windows\system32\egathdrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:08.282 File: C:\Windows\system32\EIO_XP.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:08.313 File: C:\Windows\system32\EKECioCtl.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:08.391 File: C:\Windows\system32\ELhid.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:08.438 File: C:\Windows\system32\eloggersvc6.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:08.843 File: C:\Windows\system32\epfw.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:09.265 File: C:\Windows\system32\ESMCR.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:09.343 File: C:\Windows\system32\ET5Drv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:09.436 File: C:\Windows\system32\euq_monitor.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:09.530 File: C:\Windows\system32\eventsystem.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:09.951 File: C:\Windows\system32\ezplay.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:10.450 File: C:\Windows\system32\fgdxbus.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:10.622 File: C:\Windows\system32\FINEPIX_PCC.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:10.700 File: C:\Windows\system32\FireHook.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:10.747 File: C:\Windows\system32\firesvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:11.059 File: C:\Windows\system32\flashcomadmin.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:11.152 File: C:\Windows\system32\fltmgr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:11.729 File: C:\Windows\system32\fsbwsys.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:11.792 File: C:\Windows\system32\fshttps.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:11.963 File: C:\Windows\system32\ftsata2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:13.633 File: C:\Windows\system32\GMSIPCI.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:13.679 File: C:\Windows\system32\govsrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:14.147 File: C:\Windows\system32\GT891x.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:14.210 File: C:\Windows\system32\ha10kx2k.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:14.288 File: C:\Windows\system32\HBtnKey.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:14.397 File: C:\Windows\system32\hcf_msft.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:15.115 File: C:\Windows\system32\hpci.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:15.161 File: C:\Windows\system32\hpconfig.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:16.503 File: C:\Windows\system32\icepack.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:16.675 File: C:\Windows\system32\icraplus.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:16.799 File: C:\Windows\system32\idechndr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:18.032 File: C:\Windows\system32\ifxspmgtsrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:20.590 File: C:\Windows\system32\ikhfile.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:21.245 File: C:\Windows\system32\imonitor.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:22.072 File: C:\Windows\system32\intelide.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:22.197 File: C:\Windows\system32\iomegaaccess.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:22.259 File: C:\Windows\system32\iPassP.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:22.291 File: C:\Windows\system32\iPassPeriodicUpdateService.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:22.400 File: C:\Windows\system32\ipcsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:23.211 File: C:\Windows\system32\itchfltr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:23.788 File: C:\Windows\system32\jsdaemon.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:26.347 File: C:\Windows\system32\keymaestro.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:26.503 File: C:\Windows\system32\KMW_SYS.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:26.596 File: C:\Windows\system32\KR10N.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:26.643 File: C:\Windows\system32\KR3NPXP.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:27.220 File: C:\Windows\system32\LEX_AS_NIC_SERVICE_YNOS.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:27.345 File: C:\Windows\system32\lightscribeservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:27.470 File: C:\Windows\system32\LKbdFlt2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:28.531 File: C:\Windows\system32\lsdiorw.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:28.687 File: C:\Windows\system32\ltxred.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:28.749 File: C:\Windows\system32\lvtuner.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:28.796 File: C:\Windows\system32\lxcr_device.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:28.843 File: C:\Windows\system32\lyncusbserv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:29.155 File: C:\Windows\system32\mbackmonitor.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:29.685 File: C:\Windows\system32\mcusrmgr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:30.746 File: C:\Windows\system32\mfeapfk.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:32.025 File: C:\Windows\system32\mmc_2K.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:32.212 File: C:\Windows\system32\mnmdd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:32.275 File: C:\Windows\system32\mnsframework.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:32.368 File: C:\Windows\system32\modem.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:32.524 File: C:\Windows\system32\motmodem.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:34.287 File: C:\Windows\system32\msdtc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:35.753 File: C:\Windows\system32\MSICPL.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:37.766 File: C:\Windows\system32\mssql$soshome22.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:38.140 File: C:\Windows\system32\MSTAPE.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:40.059 File: C:\Windows\system32\mvdcodec.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:40.106 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:40.262 File: C:\Windows\system32\n558.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:40.324 File: C:\Windows\system32\naimagent32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:40.355 File: C:\Windows\system32\napagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:40.886 File: C:\Windows\system32\navex15.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:41.307 File: C:\Windows\system32\ndis.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:41.432 File: C:\Windows\system32\ndistapi.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:42.851 File: C:\Windows\system32\nettcpportsharing.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:43.007 File: C:\Windows\system32\NETw3x32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:43.460 File: C:\Windows\system32\nicconfigsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:43.507 File: C:\Windows\system32\NICM.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:51.587 File: C:\Windows\system32\nmap.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:51.634 File: C:\Windows\system32\nod32krn.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:51.806 File: C:\Windows\system32\npkcsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:51.853 File: C:\Windows\system32\npkcusb.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:51.931 File: C:\Windows\system32\npptnt2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:52.742 File: C:\Windows\system32\nvata.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:52.789 File: C:\Windows\system32\nvnetbus.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:52.835 File: C:\Windows\system32\NVR0FLASHDev.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:52.867 File: C:\Windows\system32\NVXBAR.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:52.960 File: C:\Windows\system32\nwlnkipx.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:52.991 File: C:\Windows\system32\NWSIPX32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:53.615 File: C:\Windows\system32\ofcpfwsvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:54.380 File: C:\Windows\system32\om518p.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:54.442 File: C:\Windows\system32\omniusb.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:54.754 File: C:\Windows\system32\opcenum.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:55.097 File: C:\Windows\system32\oracle_load_balancer_60_server-forms6ip14.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:55.175 File: C:\Windows\system32\ose.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:55.347 File: C:\Windows\system32\ozoneinstallerservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:55.394 File: C:\Windows\system32\p17.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:55.737 File: C:\Windows\system32\pacsptisvr.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:55.831 File: C:\Windows\system32\pav_security.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:56.049 File: C:\Windows\system32\pcidrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:56.158 File: C:\Windows\system32\pcx1nd5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:56.267 File: C:\Windows\system32\pdframe.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:56.361 File: C:\Windows\system32\pdlnshay.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:56.423 File: C:\Windows\system32\pdlnsx25.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:56.767 File: C:\Windows\system32\pensup.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:57.281 File: C:\Windows\system32\pfc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:57.344 File: C:\Windows\system32\pgpsdkservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:57.687 File: C:\Windows\system32\pid_0928.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:57.765 File: C:\Windows\system32\pinnacleupdatesvc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:58.202 File: C:\Windows\system32\pmounter.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:58.436 File: C:\Windows\system32\Pnp680r.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:59.356 File: C:\Windows\system32\ppa3.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:59.746 File: C:\Windows\system32\prevxagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:27:59.809 File: C:\Windows\system32\prevxdriver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:00.386 File: C:\Windows\system32\procdd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:00.464 File: C:\Windows\system32\procmon10.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:00.994 File: C:\Windows\system32\PSI_SVC_2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:01.135 File: C:\Windows\system32\PSSdk23.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:01.540 File: C:\Windows\system32\qbfcservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:02.835 File: C:\Windows\system32\radclock.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:04.941 File: C:\Windows\system32\remoteregistry.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:05.347 File: C:\Windows\system32\rimusb.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:05.752 File: C:\Windows\system32\roxliveshare9.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:06.127 File: C:\Windows\system32\rpcsvr4x.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:06.189 File: C:\Windows\system32\rp_fws.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:06.251 File: C:\Windows\system32\RR2Vbi.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:06.345 File: C:\Windows\system32\rrrspy.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:06.766 File: C:\Windows\system32\s117nd5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:06.829 File: C:\Windows\system32\s616mdfl.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:07.219 File: C:\Windows\system32\sbservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:07.655 File: C:\Windows\system32\scarddrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:08.092 File: C:\Windows\system32\schscnt.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:08.763 File: C:\Windows\system32\sdhelper.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:09.075 File: C:\Windows\system32\SE2Emgmt.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:09.122 File: C:\Windows\system32\se2Eunic.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:09.169 File: C:\Windows\system32\se45mdm.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:09.231 File: C:\Windows\system32\se45nd5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:09.278 File: C:\Windows\system32\se45obex.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:09.356 File: C:\Windows\system32\se59mdfl.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:10.027 File: C:\Windows\system32\SED133x.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:11.087 File: C:\Windows\system32\SfCtlCom.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:11.197 File: C:\Windows\system32\sfman.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:11.243 File: C:\Windows\system32\sfrem01.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:11.321 File: C:\Windows\system32\sgectl.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:11.368 File: C:\Windows\system32\SGHIDI.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:11.618 File: C:\Windows\system32\shellhwdetection.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:11.867 File: C:\Windows\system32\Shockprf.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:12.273 File: C:\Windows\system32\sleepy.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:12.460 File: C:\Windows\system32\SlNtHal.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:12.944 File: C:\Windows\system32\SMNDIS5.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:13.552 File: C:\Windows\system32\spooler.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:14.660 File: C:\Windows\system32\sprtsvc_smartagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:14.894 File: C:\Windows\system32\SQLAgent$MICROSOFTSMLBIZ.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:15.611 File: C:\Windows\system32\srtspx.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:15.783 File: C:\Windows\system32\sr_watchdog.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:15.939 File: C:\Windows\system32\ssidrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.017 File: C:\Windows\system32\ssm_mdm.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.079 File: C:\Windows\system32\ssoftservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.329 File: C:\Windows\system32\ss_bus.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.423 File: C:\Windows\system32\ss_mdm.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.485 File: C:\Windows\system32\stac97.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.547 File: C:\Windows\system32\starwindservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.610 File: C:\Windows\system32\starwindserviceae.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:16.859 File: C:\Windows\system32\StMp3Rec.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:17.125 File: C:\Windows\system32\STV672.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:17.234 File: C:\Windows\system32\Subsonic.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:17.390 File: C:\Windows\system32\SWNC8U51.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:17.686 File: C:\Windows\system32\symidsco.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:17.764 File: C:\Windows\system32\symtdi.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:19.246 File: C:\Windows\system32\tangoservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:20.260 File: C:\Windows\system32\tcsd_win32.exe.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:21.305 File: C:\Windows\system32\TMBUS.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:21.399 File: C:\Windows\system32\tones.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:21.461 File: C:\Windows\system32\tosporte.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:22.070 File: C:\Windows\system32\tsdhd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:22.241 File: C:\Windows\system32\tsmservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:22.553 File: C:\Windows\system32\TuneUp.Defrag.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:22.865 File: C:\Windows\system32\U2SP.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:22.928 File: C:\Windows\system32\U81xobex.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:24.176 File: C:\Windows\system32\ulcdrhlp.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:25.190 File: C:\Windows\system32\USB_NDIS_51.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:25.970 File: C:\Windows\system32\vaiomediaplatform-integratedserver-appserver.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:26.048 File: C:\Windows\system32\vaiomediaplatform-mobile-gateway.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:26.563 File: C:\Windows\system32\vcdsecs.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:27.062 File: C:\Windows\system32\viaudio.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:27.358 File: C:\Windows\system32\vmkbd.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:27.436 File: C:\Windows\system32\vmount2.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:27.530 File: C:\Windows\system32\vmusb.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:27.592 File: C:\Windows\system32\VNUSB.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:27.733 File: C:\Windows\system32\VRADFIL.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:27.779 File: C:\Windows\system32\VRFIL.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:28.232 File: C:\Windows\system32\W2acehid.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:28.310 File: C:\Windows\system32\w300bus.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:28.481 File: C:\Windows\system32\w810mgmt.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:28.559 File: C:\Windows\system32\wacomvhid.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:28.981 File: C:\Windows\system32\Wbutton.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:29.027 File: C:\Windows\system32\WcesComm.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:30.010 File: C:\Windows\system32\websensedcagent.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:30.057 File: C:\Windows\system32\websenseuserservice.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:30.229 File: C:\Windows\system32\webupdate.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:31.336 File: C:\Windows\system32\wg6n.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:32.647 File: C:\Windows\system32\WinFl32.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:35.486 File: C:\Windows\system32\wltwo51b.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:35.954 File: C:\Windows\system32\wmccds.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:36.313 File: C:\Windows\system32\wmiapsrv.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:36.656 File: C:\Windows\system32\wmp54gv4svc.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:39.105 File: C:\Windows\system32\wpshelper.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:43.021 File: C:\Windows\system32\ZSMC211.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:43.192 File: C:\Windows\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll **INFECTED** Win64:Sirefef-E [Trj] 01:28:44.019 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 01:28:46.094 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 01:30:27.884 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS** 01:30:27.946 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS** 01:30:27.978 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS** 01:30:28.056 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS** 01:30:28.102 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS** 01:30:28.149 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS** 01:30:28.212 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS** 01:30:28.258 File: C:\Windows\assembly\tmp\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk] 01:30:28.305 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS** 01:30:28.336 File: C:\Windows\assembly\tmp\U\800000cb.@ **INFECTED** Win32:Malware-gen 01:30:28.368 File: C:\Windows\assembly\tmp\U\800000cf.$ **SUSPICIOUS** 01:30:28.414 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS** 01:30:28.695 AVAST engine scan C:\Windows\system32\drivers 01:30:41.004 AVAST engine scan C:\Users\Luisa 01:34:19.856 AVAST engine scan C:\ProgramData 01:34:34.895 Scan finished successfully 01:37:31.128 Disk 0 MBR has been saved successfully to "F:\MBR.dat" 01:37:31.144 The log file has been saved successfully to "F:\aswMBR.txt" den letzten log kann ich nicht schreiben. es sagt zuviele Zeichen. Geändert von PAUI (22.05.2012 um 00:02 Uhr) |
|
22.05.2012, 07:21
| #8 |
| /// Malwareteam | svhost Trojan.Sirefef.BR Zippe das Log und hänge es hier an deinen Beitrag an!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.05.2012, 11:19
| #9 |
| | svhost Trojan.Sirefef.BR ich habe alle logs in dem rar da ist es übersichtlicher. |
|
22.05.2012, 12:01
| #10 | |
| /// Malwareteam | svhost Trojan.Sirefef.BR Schritt 1: Fix mit TDSS-Killer Dowloade Dir bitte TDSSKiller.exe und speichere die Datei am Desktop.
Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3: FSS Downloade dir bitte Farbar's Service Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.05.2012, 17:13
| #11 |
| | svhost Trojan.Sirefef.BR im abgesicherten Modus? un noch nennen Update machen? wegen tdsskiller? als Auswahl bei tdsskiller gab es kein "curve" es heißt delete und die funde stehen nicht in "scan results" sondern in "Threads detected". so tdsskiller abgeschlossen. aber ich komme beim combo fix nicht weiter. es installiert sich nur kurz und dann passiert nix mehr. |
|
22.05.2012, 23:09
| #12 |
| /// Malwareteam | svhost Trojan.Sirefef.BR Das habe ich befürchtet!  Poste mir bitte zunächst das TDSS-Killer-Log!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.05.2012, 23:24
| #13 |
| | svhost Trojan.Sirefef.BR tdsskiller log |
|
22.05.2012, 23:24
| #14 |
| | svhost Trojan.Sirefef.BR naja es lässt sich schon ausführen erstellt aber nur nen ordner in c: was muss da für ne datei ausgeführt werden von combo fix? Geändert von PAUI (22.05.2012 um 23:39 Uhr) |
|
23.05.2012, 06:43
| #15 |
| /// Malwareteam | svhost Trojan.Sirefef.BR Hast du sicher deinen Virenscanner deaktiviert?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu svhost Trojan.Sirefef.BR |
| abgesicherten, anwendung, bitdefender, boot, boot menu, control, defender, dienste, internet, komplett, konfiguration, laptop, melde, modus, netzwerk, neu, online, scan, security, service, system, system32, trojan dropper win32 sirefef.b, trojaner, verbindung, windows, windows 7 |
Linear-Darstellung
