![]() |
|
Log-Analyse und Auswertung: Trojan:Win32/Sirefef.ah kann nicht enfernt werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Trojan:Win32/Sirefef.ah kann nicht enfernt werden hallo, seit mittag zeigt mir microsoft security essentials eine fehlermeldung an, das potenzielle bedrohungen gefunden wurden. meistens werden 3 oder 4 angezeigt mit den namen sirefef ah, sirefef ag, sirefef al, und nur sirefef. wenn ich auf bereinigen drücke klappt es, aber es kommt nach kurzer zeit eine weitere fehlermeldung diesmal hat er aber nur eine bedrohung gefunden und zwar sirefef ah, diese lässt sich auch nicht mehr bereinigen. ich weiß nicht mehr weiter, kann mir einer helfen. hoffentlich genügt der logfile , denn der pc startet automatisch 5-10 min nach dem er heraufgefahren wurde einen neustart, mit der fehlermeldung ein kritischer fehler wurde entdeckt, der pc muss neugestartet werden. der scan kann also leider nicht beendet werden. mfg log.. ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 368 82080DEC 4 Bytes [B4, 89, 1B, 8E] .text ntkrnlpa.exe!ZwCallbackReturn + 3D4 82080E58 4 Bytes [BE, 89, 1B, 8E] .text ntkrnlpa.exe!ZwCallbackReturn + 4AC 82080F30 4 Bytes [AF, 89, 1B, 8E] .text ntkrnlpa.exe!ZwCallbackReturn + 5B0 82081034 4 Bytes [50, 89, 1B, 8E] .text ntkrnlpa.exe!ZwCallbackReturn + 5CC 82081050 4 Bytes [55, 89, 1B, 8E] .text ... .text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + CE1 8208D179 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 46E 820918AE 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...] .text ntkrnlpa.exe!KiDispatchInterrupt + 486 820918C6 1 Byte [00] .text ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal 820920D8 1 Byte [90] ---- User code sections - GMER 1.0.15 ---- ? C:\Windows\system32\services.exe[556] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll UPX1 C:\Windows\system32\Dwm.exe[784] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x012C0980] UPX1 C:\Windows\system32\Dwm.exe[784] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x015A2250] UPX1 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1196] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x018D0980] UPX1 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1196] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x01962250] UPX1 C:\Program Files\Windows Sidebar\sidebar.exe[1224] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00CC0980] UPX1 C:\Program Files\Windows Sidebar\sidebar.exe[1224] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x00D52250] ? C:\Windows\Explorer.EXE[1312] c:\windows\system32\n Das System kann die angegebene Datei nicht finden. UPX1 C:\Windows\Explorer.EXE[1312] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x020B0980] UPX1 C:\Windows\Explorer.EXE[1312] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x02562250] UPX1 C:\Windows\system32\taskeng.exe[1352] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x01070980] UPX1 C:\Windows\system32\taskeng.exe[1352] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x01092250] UPX1 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1468] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe entry point in "UPX1" section [0x0047AC10] UPX1 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1468] C:\Windows\system32\ADMIN_CLASS_LIB.dll entry point in "UPX1" section [0x10041EC0] UPX1 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1468] C:\Windows\system32\PSDUtil.dll entry point in "UPX1" section [0x003B6F70] UPX1 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1468] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00C10980] UPX1 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1468] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x013B2250] UPX1 C:\Acer\Empowering Technology\SysMonitor.exe[1732] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x011C0980] UPX1 C:\Acer\Empowering Technology\SysMonitor.exe[1732] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x03542250] .text C:\Windows\System32\spoolsv.exe[1804] msonpmon.dll!InitializePrintMonitor2 71981418 4 Bytes [4A, C2, 28, 3B] {DEC EDX; RET 0x3b28} .text C:\Windows\System32\spoolsv.exe[1804] msonpppr.dll!EnumPrintProcessorDatatypesW 718D12FC 4 Bytes [FF, 77, DC, 07] {PUSH DWORD [EDI-0x24]; POP ES} UPX1 C:\Program Files\Microsoft Security Client\msseces.exe[1920] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x01460980] UPX1 C:\Program Files\Microsoft Security Client\msseces.exe[1920] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x01332250] UPX1 C:\Windows\ehome\ehtray.exe[2056] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00360980] UPX1 C:\Windows\ehome\ehtray.exe[2056] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x00F92250] UPX1 C:\Windows\ehome\ehmsas.exe[2320] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x001F0980] UPX1 C:\Windows\ehome\ehmsas.exe[2320] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x007C2250] UPX1 C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[2380] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00C30980] UPX1 C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[2380] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x010C2250] UPX1 C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2420] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00210980] UPX1 C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2420] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x003F2250] UPX1 C:\Program Files\Opera\opera.exe[2456] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00900980] UPX1 C:\Program Files\Opera\opera.exe[2456] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x01102250] UPX1 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2484] C:\Windows\system32\PSDUtil.dll entry point in "UPX1" section [0x10036F70] UPX1 C:\Windows\System32\mobsync.exe[3152] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00100980] UPX1 C:\Windows\System32\mobsync.exe[3152] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x00B52250] UPX1 C:\Windows\system32\wbem\unsecapp.exe[3916] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x001E0980] UPX1 C:\Windows\system32\wbem\unsecapp.exe[3916] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x00402250] UPX1 C:\Windows\system32\wuauclt.exe[3960] C:\Windows\system32\ShowErrMsg.dll entry point in "UPX1" section [0x00350980] UPX1 C:\Windows\system32\wuauclt.exe[3960] C:\Windows\system32\BatchCrypto.dll entry point in "UPX1" section [0x00392250] UPX1 C:\Users\Dankesreiter\Desktop\z6kt3wxo.exe[4044] C:\Users\Dankesreiter\Desktop\z6kt3wxo.exe entry point in "UPX1" section [0x004B8360] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation) Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \ Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation) Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\KSecDD \Device\KsecDD ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\NDIS \Device\Ndis ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) Device \FileSystem\srvnet \Device\SrvNet srvnet.sys (Server Network driver/Microsoft Corporation) Device \Device\00000032 Device \Device\00000025 Device \Device\00000019 Device \Driver\RTL8192su \Device\NDMP10 ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) Device \Driver\RTL8192su \Device\NDMP10 ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation) Device \FileSystem\NetBIOS \Device\Netbios ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000033 Device \Device\00000026 Device \Driver\netbt \Device\NetBT_Tcpip_{48A662EA-D60D-493A-8AE5-4F9A413993EF} netbt.sys (MBT Transport driver/Microsoft Corporation) Device \Driver\netbt \Device\NetBT_Tcpip_{48A662EA-D60D-493A-8AE5-4F9A413993EF} ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000034 Device \Driver\ACPI \Device\00000040 acpi.sys (ACPI-Treiber für NT/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation) Device \Driver\psdvdisk \Device\PSDVDiskTemp psdvdisk.sys (PSD Virtual Disk Driver/HiTRUST) Device \Driver\psdvdisk \Device\PSDVDiskTemp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000027 Device \Driver\kbdclass \Device\KeyboardClass0 kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation) Device \Driver\kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\Video0 Device \Driver\PnpManager \Device\00000035 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000035 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ACPI \Device\00000041 acpi.sys (ACPI-Treiber für NT/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation) Device \Driver\Wdf01000 \Device\KMDF0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) Device \Driver\Wdf01000 \Device\KMDF0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000028 Device \Device\KeyboardClass1 Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation) Device \Driver\NDProxy \Device\NDProxy ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\RDPCDD \Device\Video1 VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) Device \Driver\RDPCDD \Device\Video1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000036 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000036 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\tunmp \Device\Tun0 ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) Device \Driver\tunmp \Device\Tun0 ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation) Device \Driver\ACPI \Device\00000042 acpi.sys (ACPI-Treiber für NT/Microsoft Corporation) Device \Device\00000029 Device \Driver\pfkcipoc \Device\pfkcipoc pfkcipoc.sys Device \Driver\pfkcipoc \Device\pfkcipoc ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\srvnet \Device\SrvAdmin srvnet.sys (Server Network driver/Microsoft Corporation) Device \Device\KeyboardClass2 Device \Driver\RDPENCDD \Device\Video2 VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) Device \Driver\RDPENCDD \Device\Video2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\PointerClass0 Device \Driver\PnpManager \Device\00000037 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000037 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\Serial \Device\Serial0 serial.sys (Serieller Gerätetreiber/Microsoft Corporation) Device \Driver\Serial \Device\Serial0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation) Device \Device\00000050 Device \Driver\ACPI \Device\00000043 acpi.sys (ACPI-Treiber für NT/Microsoft Corporation) Device \Device\0000000a Device \Driver\nvlddmkm \Device\Video3 nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 275.33 /NVIDIA Corporation) Device \Device\UMDFCtrlDev-454bcb9c-ada3-11e1-8dfc-001c252e9461 Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) Device \Driver\usbohci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000038 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000038 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\Serial \Device\Serial1 serial.sys (Serieller Gerätetreiber/Microsoft Corporation) Device \Driver\Serial \Device\Serial1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\mouclass \Device\PointerClass1 mouclass.sys (Mausklassentreiber/Microsoft Corporation) Device \Driver\mouclass \Device\PointerClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) |
Themen zu Trojan:Win32/Sirefef.ah kann nicht enfernt werden |
acer, antivir, avg, avira, bios, datei, desktop, explorer.exe, fehlermeldung, logfile, microsoft, microsoft security, namen, neustart, nvidia, opera, scan, security, server, services.exe, spoolsv.exe, system, system32, trojan, usbport.sys, windows, wrapper, wuauclt.exe |