| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sirefef.bv.2 in System32 - verschiedene DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.03.2012, 07:59
| #1 |
| |  Sirefef.bv.2 in System32 - verschiedene Dateien Liebe Helfer, seit ein paar Tagen kommt immer wieder die Meldung meines Virenscanners, dass verschiedene Dateien im System32-Ordner mit dem Sirefef.bv.2 infiziert seien. Das Entfernen dieser Dateien führt nicht weiter weil neue auftauchen. Hier die Infos gem. der Anleitung: 1. defogger friert nach dem disable ein. Hier die gebildete defogger_disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:19 on 26/03/2012 (Hans Mustermann) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... 2. DDS und attach: DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by *** at 15:41:30 on 2012-03-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.1967 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\taskeng.exe C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\TEMP\qyecsj\setup.exe C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files\Browny02\Brother\BrStMonW.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\ControlCenter4\BrCtrlCntr.exe C:\Program Files\ControlCenter4\BrCcUxSys.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hamachi\hamachi-2.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Windows\system32\rpcnet.exe C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TightVNC\tvnserver.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Browny02\BrYNSvc.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Windows\system32\svchost.exe -k SDRSVC \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.hotspotshield.com/g/?c=h mStart Page = about: BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File uRun: [Google Update] "c:\users\***\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Ocs_SM] c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizer.exe mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden" mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [LogMeIn Hamachi Ui] "c:\program files\hamachi\hamachi-2-ui.exe" --auto-start mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini" mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START dRun: [ImperioServer] c:\program files\imperio\imperio server\ImperioServer.exe MIN dRun: [NTsrv] c:\windows\temp\tqcsbb\setup.exe StartupFolder: c:\users\bertra~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\***\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe uPolicies-explorer: NoRealMode = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Alles mit FDM herunterladen - file://c:\program files\free download manager\dlall.htm IE: Auswahl mit FDM herunterladen - file://c:\program files\free download manager\dlselected.htm IE: Datei mit FDM herunterladen - file://c:\program files\free download manager\dllink.htm IE: Free YouTube Download - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: Videos mit FDM herunterladen - file://c:\program files\free download manager\dlfvideo.htm IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL LSP: mswsock.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{59D881D9-BB50-4E09-8623-7F4B65C90596} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\0553 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\142736F627D2537344245373 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\16C6963656E27776 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\4435C475C414E4D4F64656D6230303 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\64259445A51224F6870264F6E60275C414E40273137303 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\830323E21387 : DhcpNameServer = 134.2.200.2 134.2.3.191 TCP: Interfaces\{BC893878-2B76-4518-86C8-D7680A8E757C} : DhcpNameServer = 10.93.8.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\q30dsgm9.default\ FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\tvuplayer\npTVUAx.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\***\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\np-mswmp.dll FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll . ============= SERVICES / DRIVERS =============== . R?2 AMService;AMService;c:\windows\temp\qyecsj\setup.exe run --> c:\windows\temp\qyecsj\setup.exe run [?] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2012-3-7 40560] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-14 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-14 12464] R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-2-21 13440] R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\drivers\OCDE.sys [2007-8-25 30480] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-17 36000] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-16 242240] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-8 566560] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-17 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-17 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-17 74640] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2012-2-28 1373576] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672] R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizerHelper.exe [2011-3-29 40960] R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224] R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-3-11 245760] R3 NETwLv32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-11-18 6639616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176] S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2010-12-12 10240] S2 nod32krn;Whoisd32;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-2-25 30312] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-7-14 13184] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176] S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-3-7 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-3-7 11104] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-25 121192] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-2-25 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-2-25 136680] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-2-25 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-2-25 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-2-25 123648] S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2011-2-25 100352] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-19 1343400] S3 wxpSvc;webcamXP Service;c:\program files\webcamxp 5\wService.exe [2011-7-27 5023744] . =============== Created Last 30 ================ . 2012-03-24 10:25:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-03-19 17:03:08 -------- d-----w- c:\program files\Origin Games 2012-03-19 17:02:47 -------- d-----w- c:\users\***\appdata\local\Origin 2012-03-19 17:02:46 -------- d-----w- c:\programdata\Origin 2012-03-19 17:00:21 -------- d-----w- c:\users\***\appdata\roaming\Origin 2012-03-19 17:00:20 -------- d-----w- c:\programdata\Electronic Arts 2012-03-19 17:00:08 -------- d-----w- c:\program files\Origin 2012-03-14 20:55:44 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 20:55:43 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 17:00:13 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 17:00:12 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 13:54:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 13:54:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 13:54:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 13:54:38 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 13:54:38 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 13:54:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-11 19:38:24 -------- d-----w- c:\users\***\appdata\roaming\Zeon 2012-03-11 19:33:57 -------- d-----w- c:\users\***\appdata\roaming\FLEXnet 2012-03-11 19:33:47 -------- d-----w- c:\users\***\appdata\roaming\ControlCenter4 2012-03-11 19:25:33 -------- d-----w- C:\Brother 2012-03-11 19:25:28 -------- d-----w- c:\programdata\ControlCenter4 2012-03-11 19:25:28 -------- d-----w- c:\program files\Browny02 2012-03-11 19:25:21 -------- d-----w- c:\program files\ControlCenter4 2012-03-11 19:16:55 217088 ----a-w- c:\windows\system32\BrJDec.dll 2012-03-11 19:16:55 1475072 ----a-w- c:\windows\system32\BrWi209d.dll 2012-03-11 19:16:52 55808 ----a-w- c:\windows\system32\BrUsi09d.dll 2012-03-11 19:16:51 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL 2012-03-11 19:16:48 103736 ----a-w- c:\windows\system32\BRRBTOOL.EXE 2012-03-11 19:16:46 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL 2012-03-11 19:16:46 25299 ----a-w- c:\windows\system32\BRLM03A.DLL 2012-03-11 19:14:02 -------- d-----w- c:\programdata\zeon 2012-03-11 19:13:00 -------- d-----w- c:\users\***\appdata\roaming\Nuance 2012-03-11 19:12:04 -------- d-----w- c:\program files\common files\ScanSoft Shared 2012-03-11 19:12:00 -------- d-----w- c:\programdata\Nuance 2012-03-11 19:12:00 -------- d-----w- c:\program files\Nuance 2012-03-07 17:21:36 -------- d-----w- c:\users\***\appdata\local\DDMSettings 2012-03-07 08:16:18 -------- d-----w- c:\programdata\createonepart 2012-03-07 08:16:12 -------- d-----w- c:\programdata\explauncher 2012-03-07 08:16:11 -------- d-----w- c:\programdata\launcher 2012-03-07 08:15:44 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2012-03-07 08:15:32 -------- d-----w- c:\program files\Paragon Software 2012-03-07 08:01:47 922184 ----a-w- c:\windows\system32\pwNative.exe 2012-03-07 08:01:46 16472 ------w- c:\windows\system32\pwdrvio.sys 2012-03-07 08:01:45 11104 ------w- c:\windows\system32\pwdspio.sys 2012-03-07 08:01:40 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.1 2012-03-01 12:06:36 -------- d-----w- c:\program files\Hamachi . ==================== Find3M ==================== . 2012-03-26 13:35:10 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2012-03-26 13:35:07 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-03-24 10:26:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-16 21:37:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-02-16 21:29:17 473656 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-01-22 13:31:01 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys 2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.1.7601 Disk: ST9120822AS rev.3.CLF -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x83408000]<< >>UNKNOWN [0x8CF99000]<< >>UNKNOWN [0x8CF88000]<< >>UNKNOWN [0x86FD3FD0]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 nt!IofCallDriver[0x83436FAE] -> \Device\Harddisk0\DR0[0x86CE9A10] \Driver\Disk[0x86CE8B38] -> IRP_MJ_CREATE -> 0x8CF9D39F 3 [0x8CF9D59E] -> nt!IofCallDriver[0x83436FAE] -> [0x87012EF8] \Driver\00001221[0x86DFD180] -> IRP_MJ_CREATE -> 0x86FD3FD0 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 15:45:48,29 =============== attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 18.05.2010 23:41:46 System Uptime: 26.03.2012 15:32:51 (0 hours ago) . Motherboard: LENOVO | | IEL10 Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 1467/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 106 GiB total, 1,135 GiB free. D: is CDROM () E: is FIXED (NTFS) - 5 GiB total, 5,045 GiB free. G: is CDROM () I: is CDROM () J: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . "Nero SoundTrax Help ABBYY FineReader 9.0 Professional Edition Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) - Deutsch Advertising Center Alnera FeedBuster AmoK Playlist Copy 2.06 ANNO 1602 Königs-Edition Anti-Twin (Installation 06.09.2011) AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Audible Download Manager AudibleManager Audiograbber 1.83 SE Audiograbber MP3-Plugin Auto Gordian Knot 2.55 Avira Free Antivirus AviSynth 2.5 BGHSt CD-ROM - Grundwerk Band 1-46 BGHZ CD-ROM - Grundwerk Band 1-146 Bluetooth Stack for Windows by Toshiba Brother MFL-Pro Suite DCP-7010 Brother MFL-Pro Suite DCP-7055 Camtasia Studio 7 capella 7 CCleaner CDBurnerXP Cisco Systems VPN Client 5.0.07.0290 CloneDVD2 Compatibility Pack für 2007 Office System Convert AVI to MP4 1.3 D-Fend Reloaded 1.0.3 (deinstallieren) D3DX10 DAEMON Tools Lite Desktop Icon für Amazon Digital Video Repair 2.2.0.1 DivX-Setup DolbyFiles Dropbox Efficient Elements for presentations 1.3.0.78 eSupport UndeletePlus 3.0.2.1214 FIFA 10 Fifa 12 (c) Electronic Arts version 1 FIFA 2001 Firebird SQL Server - MAGIX Edition FormatFactory 2.70 Free Download Manager 3.0 Free M4a to MP3 Converter 6.2 Free Studio version 4.6 Gigaflat GoldWave v5.58 GOM Player Google Chrome Google Earth Plug-in Google Gears Google Talk Plugin Google Update Helper Hama Webcam Suite High-Definition Video Playback Hotspot Shield 2.24 ICQ 7.6 Build #5618 Banner Remover 1.0 ICQ Status Checker 1.8 ICQ7.6 ImagXpress IrfanView (remove only) iRotate iTunes Java Auto Updater Java(TM) 6 Update 26 JDownloader Kuffs Password Safe Last.fm 1.5.4.27091 Logitech iTouch Software LogMeIn Hamachi LucasArts Star Wars: Episode I Racer Lyrics Plugin for Winamp Magic ISO Maker v5.5 (build 0281) MediaCoder PMP Edition Menu Templates - Starter Kit Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Virtual PC 2007 SP1 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MiniTool Partition Wizard Home Edition 7.1 Movie Templates - Starter Kit Mozilla Firefox 8.0.1 (x86 de) Mozilla Thunderbird 11.0 (x86 de) MSVC80_x86 MSVC80_x86_v2 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) mufin player 2.5 MusicBrainz Tagger 0.10.5 MyFreeCodec MyPhoneExplorer Nat Geo Quiz! Wild Life NAVIGON Fresh 3.2.0 Nero 11 Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes Basic Nero 11 PiP Effects Basic Nero Audio Pack 1 Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero BurningROM Nero BurnRights Nero ControlCenter Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero Express 11 Nero Express 11 Help (CHM) Nero InfoTool Nero Installer Nero Kwik Media Nero Kwik Media Help (CHM) Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode 11 Nero Recode 11 Help (CHM) Nero Recode Help Nero Rescue Agent Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero RescueAgent Help Nero ShowTime Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero StartSmart Nero StartSmart Help Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero Vision Nero WaveEditor Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) Nero WaveEditor Help nero.prerequisites.msi NeroBurningROM NeroExpress neroxml NetBalancer No23 Recorder Nokia Connectivity Cable Driver NoteBurner 2.31 Nuance PaperPort 12 Nuance PDF Viewer Plus NVIDIA Drivers NVIDIA PhysX OpenOffice.org 3.2 Opera 11.50 Oracle VM VirtualBox 4.1.8 Origin Original CD Emulator Personal Edition PaperPort Image Printer Paragon Partition Manager™ 11 Free Edition PC Connectivity Solution PDF Combine PDFCreator PL-2303 USB-to-Serial Prince of Persia T2T Privoxy (remove only) ProtectDisc Driver, Version 11 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva Rosetta Stone Version 3 Samsung Kies SAMSUNG USB Driver for Mobile Phones Scansoft PDF Professional Schlag den Raab SearchAnonymizer Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SHOUTcast Source DSP 1.9.1 (remove only) Shutdown Buddy 1.0.0 simfy Skype Click to Call Skype™ 5.8 SopCast 3.2.9 SoundTrax SRWare Iron 14.0.850.0 Streamripper (Remove only) StreamTorrent 1.0 StreamTransport version: 1.0.2.2171 Subtitle Workshop 2.51 SubViewer Synaptics Pointing Device Driver System Requirements Lab TightVNC 2.0.2 TmUnitedForever TVUPlayer 2.5.3.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.6195 Veetle TV 0.9.18 VLC media player 1.0.5 vShare.tv plugin 1.3 webcamXP 5 welcome Win7codecs Winamp Winamp Anwendungserkennung Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR WISO Steuer-Sparbuch 2011 XviD MPEG4 Video Codec (remove only) YOU DON'T KNOW JACK® Zattoo4 4.0.5 Zip Motion Block Video codec (Remove Only) ZoneAlarm Firewall ZoneAlarm Free ZoneAlarm Security ZoneAlarm Toolbar . ==== End Of File =========================== 3. Gmer: Ich habe das scannen nach etwa 24 Stunden gestoppt weil es nicht mehr weiterging. Das Log bis dahin trotzdem im Anhang. Ich hoffe ihr könnt mir weiterhelfen. |
| Themen zu Sirefef.bv.2 in System32 - verschiedene Dateien |
| 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, acrobat update, antivir, avira, cdburnerxp, converter, cpu, desktop, device driver, entfernen, error, excel, firefox, flash player, free download, google, google earth, home, hotspot, hotspot shield, installation, kommt immer wieder, lenovo, mozilla, plug-in, realtek, registry, rootkit, rundll, scan, security, svchost.exe, system, usb, virtualbox, vista, vista 32 bit, windows |
Baum-Darstellung