Sirefef.bv.2 in System32 - verschiedene Dateien

c0re1

Liebe Helfer,

seit ein paar Tagen kommt immer wieder die Meldung meines Virenscanners, dass verschiedene Dateien im System32-Ordner mit dem Sirefef.bv.2 infiziert seien.
Das Entfernen dieser Dateien führt nicht weiter weil neue auftauchen.

Hier die Infos gem. der Anleitung:

1. defogger friert nach dem disable ein. Hier die gebildete defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:19 on 26/03/2012 (Hans Mustermann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


2. DDS und attach:

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by *** at 15:41:30 on 2012-03-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.1967 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\TEMP\qyecsj\setup.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\rpcnet.exe
C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
mStart Page = about:
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [Google Update] "c:\users\***\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Ocs_SM] c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizer.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogMeIn Hamachi Ui] "c:\program files\hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
dRun: [ImperioServer] c:\program files\imperio\imperio server\ImperioServer.exe MIN
dRun: [NTsrv] c:\windows\temp\tqcsbb\setup.exe
StartupFolder: c:\users\bertra~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\***\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
uPolicies-explorer: NoRealMode = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Alles mit FDM herunterladen - file://c:\program files\free download manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\free download manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\free download manager\dllink.htm
IE: Free YouTube Download - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\free download manager\dlfvideo.htm
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{59D881D9-BB50-4E09-8623-7F4B65C90596} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\0553 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\142736F627D2537344245373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\16C6963656E27776 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\4435C475C414E4D4F64656D6230303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\64259445A51224F6870264F6E60275C414E40273137303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{917C377A-7D0D-49F3-948F-1DA9BD80CFA5}\830323E21387 : DhcpNameServer = 134.2.200.2 134.2.3.191
TCP: Interfaces\{BC893878-2B76-4518-86C8-D7680A8E757C} : DhcpNameServer = 10.93.8.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\q30dsgm9.default\
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\***\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 AMService;AMService;c:\windows\temp\qyecsj\setup.exe run --> c:\windows\temp\qyecsj\setup.exe run [?]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2012-3-7 40560]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-14 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-14 12464]
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-2-21 13440]
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\drivers\OCDE.sys [2007-8-25 30480]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-17 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-16 242240]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-8 566560]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-17 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-17 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-17 74640]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\appdata\roaming\ocs\sm\SearchAnonymizerHelper.exe [2011-3-29 40960]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-3-11 245760]
R3 NETwLv32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-11-18 6639616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2010-12-12 10240]
S2 nod32krn;Whoisd32;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-2-25 30312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-7-14 13184]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-28 136176]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-3-7 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-3-7 11104]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-25 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-2-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-2-25 136680]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-2-25 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-2-25 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-2-25 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2011-2-25 100352]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-19 1343400]
S3 wxpSvc;webcamXP Service;c:\program files\webcamxp 5\wService.exe [2011-7-27 5023744]
.
=============== Created Last 30 ================
.
2012-03-24 10:25:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-19 17:03:08 -------- d-----w- c:\program files\Origin Games
2012-03-19 17:02:47 -------- d-----w- c:\users\***\appdata\local\Origin
2012-03-19 17:02:46 -------- d-----w- c:\programdata\Origin
2012-03-19 17:00:21 -------- d-----w- c:\users\***\appdata\roaming\Origin
2012-03-19 17:00:20 -------- d-----w- c:\programdata\Electronic Arts
2012-03-19 17:00:08 -------- d-----w- c:\program files\Origin
2012-03-14 20:55:44 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 20:55:43 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 17:00:13 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:00:12 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:54:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:54:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:54:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:54:38 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:54:38 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:54:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 19:38:24 -------- d-----w- c:\users\***\appdata\roaming\Zeon
2012-03-11 19:33:57 -------- d-----w- c:\users\***\appdata\roaming\FLEXnet
2012-03-11 19:33:47 -------- d-----w- c:\users\***\appdata\roaming\ControlCenter4
2012-03-11 19:25:33 -------- d-----w- C:\Brother
2012-03-11 19:25:28 -------- d-----w- c:\programdata\ControlCenter4
2012-03-11 19:25:28 -------- d-----w- c:\program files\Browny02
2012-03-11 19:25:21 -------- d-----w- c:\program files\ControlCenter4
2012-03-11 19:16:55 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-03-11 19:16:55 1475072 ----a-w- c:\windows\system32\BrWi209d.dll
2012-03-11 19:16:52 55808 ----a-w- c:\windows\system32\BrUsi09d.dll
2012-03-11 19:16:51 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-03-11 19:16:48 103736 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2012-03-11 19:16:46 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2012-03-11 19:16:46 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
2012-03-11 19:14:02 -------- d-----w- c:\programdata\zeon
2012-03-11 19:13:00 -------- d-----w- c:\users\***\appdata\roaming\Nuance
2012-03-11 19:12:04 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-03-11 19:12:00 -------- d-----w- c:\programdata\Nuance
2012-03-11 19:12:00 -------- d-----w- c:\program files\Nuance
2012-03-07 17:21:36 -------- d-----w- c:\users\***\appdata\local\DDMSettings
2012-03-07 08:16:18 -------- d-----w- c:\programdata\createonepart
2012-03-07 08:16:12 -------- d-----w- c:\programdata\explauncher
2012-03-07 08:16:11 -------- d-----w- c:\programdata\launcher
2012-03-07 08:15:44 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2012-03-07 08:15:32 -------- d-----w- c:\program files\Paragon Software
2012-03-07 08:01:47 922184 ----a-w- c:\windows\system32\pwNative.exe
2012-03-07 08:01:46 16472 ------w- c:\windows\system32\pwdrvio.sys
2012-03-07 08:01:45 11104 ------w- c:\windows\system32\pwdspio.sys
2012-03-07 08:01:40 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.1
2012-03-01 12:06:36 -------- d-----w- c:\program files\Hamachi
.
==================== Find3M ====================
.
2012-03-26 13:35:10 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-26 13:35:07 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-03-24 10:26:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 21:37:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-16 21:29:17 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-22 13:31:01 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST9120822AS rev.3.CLF -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83408000]<< >>UNKNOWN [0x8CF99000]<< >>UNKNOWN [0x8CF88000]<< >>UNKNOWN [0x86FD3FD0]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x83436FAE] -> \Device\Harddisk0\DR0[0x86CE9A10]
\Driver\Disk[0x86CE8B38] -> IRP_MJ_CREATE -> 0x8CF9D39F
3 [0x8CF9D59E] -> nt!IofCallDriver[0x83436FAE] -> [0x87012EF8]
\Driver\00001221[0x86DFD180] -> IRP_MJ_CREATE -> 0x86FD3FD0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:45:48,29 ===============


attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 18.05.2010 23:41:46
System Uptime: 26.03.2012 15:32:51 (0 hours ago)
.
Motherboard: LENOVO | | IEL10
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 1467/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 106 GiB total, 1,135 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 5 GiB total, 5,045 GiB free.
G: is CDROM ()
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
ABBYY FineReader 9.0 Professional Edition
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Deutsch
Advertising Center
Alnera FeedBuster
AmoK Playlist Copy 2.06
ANNO 1602 Königs-Edition
Anti-Twin (Installation 06.09.2011)
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Audible Download Manager
AudibleManager
Audiograbber 1.83 SE
Audiograbber MP3-Plugin
Auto Gordian Knot 2.55
Avira Free Antivirus
AviSynth 2.5
BGHSt CD-ROM - Grundwerk Band 1-46
BGHZ CD-ROM - Grundwerk Band 1-146
Bluetooth Stack for Windows by Toshiba
Brother MFL-Pro Suite DCP-7010
Brother MFL-Pro Suite DCP-7055
Camtasia Studio 7
capella 7
CCleaner
CDBurnerXP
Cisco Systems VPN Client 5.0.07.0290
CloneDVD2
Compatibility Pack für 2007 Office System
Convert AVI to MP4 1.3
D-Fend Reloaded 1.0.3 (deinstallieren)
D3DX10
DAEMON Tools Lite
Desktop Icon für Amazon
Digital Video Repair 2.2.0.1
DivX-Setup
DolbyFiles
Dropbox
Efficient Elements for presentations 1.3.0.78
eSupport UndeletePlus 3.0.2.1214
FIFA 10
Fifa 12 (c) Electronic Arts version 1
FIFA 2001
Firebird SQL Server - MAGIX Edition
FormatFactory 2.70
Free Download Manager 3.0
Free M4a to MP3 Converter 6.2
Free Studio version 4.6
Gigaflat
GoldWave v5.58
GOM Player
Google Chrome
Google Earth Plug-in
Google Gears
Google Talk Plugin
Google Update Helper
Hama Webcam Suite
High-Definition Video Playback
Hotspot Shield 2.24
ICQ 7.6 Build #5618 Banner Remover 1.0
ICQ Status Checker 1.8
ICQ7.6
ImagXpress
IrfanView (remove only)
iRotate
iTunes
Java Auto Updater
Java(TM) 6 Update 26
JDownloader
Kuffs Password Safe
Last.fm 1.5.4.27091
Logitech iTouch Software
LogMeIn Hamachi
LucasArts Star Wars: Episode I Racer
Lyrics Plugin for Winamp
Magic ISO Maker v5.5 (build 0281)
MediaCoder PMP Edition
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 7.1
Movie Templates - Starter Kit
Mozilla Firefox 8.0.1 (x86 de)
Mozilla Thunderbird 11.0 (x86 de)
MSVC80_x86
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
mufin player 2.5
MusicBrainz Tagger 0.10.5
MyFreeCodec
MyPhoneExplorer
Nat Geo Quiz! Wild Life
NAVIGON Fresh 3.2.0
Nero 11
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects Basic
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero Express 11
Nero Express 11 Help (CHM)
Nero InfoTool
Nero Installer
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero RescueAgent Help
Nero ShowTime
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero StartSmart
Nero StartSmart Help
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero Vision
Nero WaveEditor
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
Nero WaveEditor Help
nero.prerequisites.msi
NeroBurningROM
NeroExpress
neroxml
NetBalancer
No23 Recorder
Nokia Connectivity Cable Driver
NoteBurner 2.31
Nuance PaperPort 12
Nuance PDF Viewer Plus
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.2
Opera 11.50
Oracle VM VirtualBox 4.1.8
Origin
Original CD Emulator Personal Edition
PaperPort Image Printer
Paragon Partition Manager™ 11 Free Edition
PC Connectivity Solution
PDF Combine
PDFCreator
PL-2303 USB-to-Serial
Prince of Persia T2T
Privoxy (remove only)
ProtectDisc Driver, Version 11
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Rosetta Stone Version 3
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scansoft PDF Professional
Schlag den Raab
SearchAnonymizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SHOUTcast Source DSP 1.9.1 (remove only)
Shutdown Buddy 1.0.0
simfy
Skype Click to Call
Skype™ 5.8
SopCast 3.2.9
SoundTrax
SRWare Iron 14.0.850.0
Streamripper (Remove only)
StreamTorrent 1.0
StreamTransport version: 1.0.2.2171
Subtitle Workshop 2.51
SubViewer
Synaptics Pointing Device Driver
System Requirements Lab
TightVNC 2.0.2
TmUnitedForever
TVUPlayer 2.5.3.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
VLC media player 1.0.5
vShare.tv plugin 1.3
webcamXP 5
welcome
Win7codecs
Winamp
Winamp Anwendungserkennung
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR
WISO Steuer-Sparbuch 2011
XviD MPEG4 Video Codec (remove only)
YOU DON'T KNOW JACK®
Zattoo4 4.0.5
Zip Motion Block Video codec (Remove Only)
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== End Of File ===========================


3. Gmer:

Ich habe das scannen nach etwa 24 Stunden gestoppt weil es nicht mehr weiterging. Das Log bis dahin trotzdem im Anhang.

Ich hoffe ihr könnt mir weiterhelfen.