| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Probleme mit Sirefef.PWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.01.2012, 18:18
| #14 |
 |  Probleme mit Sirefef.P Hallo, hier das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-01-02.01 - XXX 02.01.2012 16:41:41.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.1013.248 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\XXX\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\rdvgkmd.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VGPU
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-02 bis 2012-01-02 ))))))))))))))))))))))))))))))
.
.
2012-01-02 15:59 . 2012-01-02 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 15:30 . 2012-01-02 15:30 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys
2012-01-02 15:30 . 2012-01-02 16:01 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\offreg.dll
2012-01-02 15:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\mpengine.dll
2012-01-02 14:44 . 2012-01-02 16:01 -------- d-----w- c:\users\XXX\AppData\Local\temp
2012-01-02 14:22 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-02 13:01 . 2012-01-02 13:01 -------- d-----w- C:\_OTL
2011-12-31 06:18 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 19:54 . 2011-12-30 19:54 -------- d-----w- c:\users\XXX\AppData\Local\Amazon
2011-12-30 19:54 . 2011-12-30 19:54 -------- d-----w- c:\program files\Amazon
2011-12-30 14:08 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-30 14:08 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-30 14:07 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-30 14:07 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-30 14:06 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-30 14:06 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-30 04:56 . 2011-12-30 04:56 -------- d-----w- c:\program files\ESET
2011-12-29 17:18 . 2011-12-29 17:18 -------- d-----w- c:\users\XXX\AppData\Roaming\Malwarebytes
2011-12-29 17:17 . 2011-12-29 17:17 -------- d-----w- c:\programdata\Malwarebytes
2011-12-29 17:17 . 2011-12-31 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-26 18:04 . 2011-12-30 13:37 -------- d-----w- C:\Closeall
2011-12-14 11:22 . 2011-12-14 11:22 -------- d-----w- c:\users\XXX\AppData\Roaming\Rovio
2011-12-14 11:20 . 2011-12-30 13:37 -------- d-----w- c:\program files\AngryBirds
2011-12-14 09:18 . 2011-12-30 13:37 -------- d-----w- c:\program files\Finale 2009 Demo
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 08:46 . 2011-11-27 08:46 1409 ----a-w- c:\windows\QTFont.for
2011-11-21 10:47 . 2011-08-01 19:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 13:32 . 2011-11-18 13:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-18 13:32 . 2011-11-18 13:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-11 18:36 . 2011-06-05 14:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 07:30 . 2011-10-11 07:31 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91F289DD-5888-4D1D-A290-EC24EF7F5FB1}\gapaengine.dll
2010-03-31 09:09 . 2010-03-31 09:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-10 05:35 . 2011-06-05 14:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-18 296056]
"Uniboard virtual printer agent"="c:\program files\Uniboard 4\ubrdagent.exe" [2009-08-27 94208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-06-11 12:28 715296 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]
2010-01-08 09:47 508280 ----a-w- c:\program files\Acer\Android Manager\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Netzwerk)]
2011-07-19 06:02 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-20 17:47 136176 ----atw- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]
2010-11-30 02:13 489848 ----a-w- c:\program files\Acer\Updater\iUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]
2010-01-08 09:53 407416 ----a-w- c:\program files\Acer\Android Manager\iSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-06-22 06:34 968272 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-04-20 16:20 2327552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl03a4c6da;MpKsl03a4c6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl03a4c6da.sys [x]
R1 MpKsl0415a17a;MpKsl0415a17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CAFB7B-B1A4-4BC6-965D-53A2EBFF0EC6}\MpKsl0415a17a.sys [x]
R1 MpKsl0ce4fbda;MpKsl0ce4fbda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{226C1614-04E9-4FA7-8A85-43351DF1452E}\MpKsl0ce4fbda.sys [x]
R1 MpKsl0fec7b90;MpKsl0fec7b90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5363F6DE-C0E9-42E1-9D19-A6A03AF97927}\MpKsl0fec7b90.sys [x]
R1 MpKsl196bd21b;MpKsl196bd21b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583F41C-7C3C-428A-9F94-0241211680EA}\MpKsl196bd21b.sys [x]
R1 MpKsl2607df49;MpKsl2607df49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC8F7EFF-663D-47CA-8E8D-A2F08CB20CA1}\MpKsl2607df49.sys [x]
R1 MpKsl264939d0;MpKsl264939d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl264939d0.sys [x]
R1 MpKsl29daf26c;MpKsl29daf26c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl29daf26c.sys [x]
R1 MpKsl2ff64951;MpKsl2ff64951;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl2ff64951.sys [x]
R1 MpKsl3157fefe;MpKsl3157fefe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl3157fefe.sys [x]
R1 MpKsl32784dd6;MpKsl32784dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl32784dd6.sys [x]
R1 MpKsl39de850c;MpKsl39de850c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl39de850c.sys [x]
R1 MpKsl3b15d3df;MpKsl3b15d3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CD785C-CEC5-4269-A8C0-02BE77C7276A}\MpKsl3b15d3df.sys [x]
R1 MpKsl3b20d1df;MpKsl3b20d1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9247875B-6B15-4054-94B1-36A342ACCA51}\MpKsl3b20d1df.sys [x]
R1 MpKsl42ad931c;MpKsl42ad931c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4314C7D-B49C-4236-8AF5-4AF0A1CB514C}\MpKsl42ad931c.sys [x]
R1 MpKsl4b58eb93;MpKsl4b58eb93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl4b58eb93.sys [x]
R1 MpKsl530ba384;MpKsl530ba384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B655E456-CA33-44A9-876F-2566EF045783}\MpKsl530ba384.sys [x]
R1 MpKsl56cbc87c;MpKsl56cbc87c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BAF7D75-2455-4C12-B3DB-2627F7E0C222}\MpKsl56cbc87c.sys [x]
R1 MpKsl591c3512;MpKsl591c3512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2309F098-9DF0-4428-A04B-4E4C3A860FA9}\MpKsl591c3512.sys [x]
R1 MpKsl5dd51386;MpKsl5dd51386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl5dd51386.sys [x]
R1 MpKsl60a39861;MpKsl60a39861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A559CAC5-CCC0-44CA-BD53-7D16E39A2950}\MpKsl60a39861.sys [x]
R1 MpKsl66ddca17;MpKsl66ddca17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDFA5914-EF9B-4DCD-AF44-8A45F460628E}\MpKsl66ddca17.sys [x]
R1 MpKsl73a19290;MpKsl73a19290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31463DE6-8107-4DCB-A1B2-7E1C67449C78}\MpKsl73a19290.sys [x]
R1 MpKsl8250f1ca;MpKsl8250f1ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE7DB756-E1A3-4734-971D-0224EF1824FB}\MpKsl8250f1ca.sys [x]
R1 MpKsl87dd9996;MpKsl87dd9996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl87dd9996.sys [x]
R1 MpKsl8c8877d0;MpKsl8c8877d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10975C14-CC0D-4EC9-BB16-8B882079BDBB}\MpKsl8c8877d0.sys [x]
R1 MpKsl9adc85e3;MpKsl9adc85e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB37EA3-803A-4B4F-B500-D2E904DEB5FF}\MpKsl9adc85e3.sys [x]
R1 MpKslabc6275f;MpKslabc6275f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E30EB4AE-B0CC-4648-9C99-937033DE171F}\MpKslabc6275f.sys [x]
R1 MpKslacd9d4c8;MpKslacd9d4c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKslacd9d4c8.sys [x]
R1 MpKslad072f99;MpKslad072f99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71A4E9C-600F-4777-A00A-86BDF0B458C1}\MpKslad072f99.sys [x]
R1 MpKslafa01a84;MpKslafa01a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5074FC6-C8A1-4C9E-84FC-A1F015AF4F85}\MpKslafa01a84.sys [x]
R1 MpKslbed8239e;MpKslbed8239e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4968A468-FEC9-432D-8334-ED6D41CAB976}\MpKslbed8239e.sys [x]
R1 MpKslcf848c6c;MpKslcf848c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4984F29D-9D0F-41B0-84A8-9C1A7995DC08}\MpKslcf848c6c.sys [x]
R1 MpKsld0bc60c8;MpKsld0bc60c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsld0bc60c8.sys [x]
R1 MpKsld47cdf20;MpKsld47cdf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFBD7F7-F09B-45DA-9E1D-1CBD3B15AB2B}\MpKsld47cdf20.sys [x]
R1 MpKsld6316ddf;MpKsld6316ddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C2A1ED-AD6E-4C44-8B4C-A63EBFF9C180}\MpKsld6316ddf.sys [x]
R1 MpKsld7678723;MpKsld7678723;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F4C0B7-3720-46E0-BEC8-D25CE2AD277B}\MpKsld7678723.sys [x]
R1 MpKslf78ff9e9;MpKslf78ff9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{257C8F7F-1361-4019-9037-D54251CEAC24}\MpKslf78ff9e9.sys [x]
R1 MpKslf96a787e;MpKslf96a787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C3E59AE-123D-4005-A46C-B327BFC4A587}\MpKslf96a787e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 484352]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 MpKsl9bb1ceb2;MpKsl9bb1ceb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys [2012-01-02 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\LocationNotifications.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-02 17:07:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-02 16:07
ComboFix2.txt 2012-01-02 14:53
.
Vor Suchlauf: 18 Verzeichnis(se), 166.298.136.576 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 166.261.014.528 Bytes frei
.
- - End Of File - - E7AA46074EE18DE81C3215D70E28B926
Leider habe ich die Windows-Firewall nicht deaktivieren können... hoffe die Aktion hat trotzdem Aussicht auf Erfolg. |
| Themen zu Probleme mit Sirefef.P |
| aktion, angesagt, einstellungen, entfernen, forum, frage, fragen, gmer, manuell, meldung, neuinstallation, neustart, probleme, problemlos, prozess, retten, schnell, system, task-manager, trojaner, verschwunden, versucht, warnmeldung, win, win32 |
Baum-Darstellung