kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)

blauer_alex · 07.04.2012, 16:39

[CODE].DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_30
Run by *** at 17:33:54 on 2012-04-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3003.1837 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksvr.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\FsUsbExService.Exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\IgrsSvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iSaver\iSaverCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\sppsvc.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IndicatorListener] rundll32.exe "c:\program files\motorola\bluetooth\mkil.dll",StartNotification
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\motorola\bluetooth\btmshell.dll",TrayApp
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\lenovo\lenovosecuritysolution fp\launcher.exe" /startup
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iSaverCtrl] c:\program files\isaver\iSaverCtrl.exe --startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\users\***\desktop\PartyPoker.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6BF9D236-A1D2-426D-9AB6-7E95DCBAC6B4} : NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{7010AAE3-7CBB-46A4-8500-130D143CA629} : NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{89FFD387-559B-46F8-BDE7-5656CFE00E67} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{89FFD387-559B-46F8-BDE7-5656CFE00E67}\456FD6368656E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{89FFD387-559B-46F8-BDE7-5656CFE00E67}\64259445A51224F6870264F6E60275C414E40273131323 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{89FFD387-559B-46F8-BDE7-5656CFE00E67}\64259445A51224F6870275C414E40233133313 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{89FFD387-559B-46F8-BDE7-5656CFE00E67}\9445D434D26505E4 : DhcpNameServer = 129.217.129.42
TCP: Interfaces\{89FFD387-559B-46F8-BDE7-5656CFE00E67}\9445D434D274143545 : DhcpNameServer = 129.217.129.42
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\lenovo\lenovosecuritysolution fp\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\lenovo\lenovosecuritysolution fp\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\ohh0ccb1.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\firefox\profiles\ohh0ccb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2009-2-3 63096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-20 218688]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-19 116608]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\motorola\bluetooth\obexsrv.exe [2010-6-29 474888]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-13 233472]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 UpekSrvc;Upek Service;c:\program files\lenovo\lenovosecuritysolution fp\upeksrvc.exe [2009-9-11 44808]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-6-29 21520]
R3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\motorola\bluetooth\devmgrsrv.exe [2010-6-29 3473672]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\motorola\bluetooth\audiosrv.exe [2010-6-29 709384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-13 36608]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-22 122368]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-8-14 51712]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-6-29 11792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2010-6-29 63240]
S3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\drivers\btmcom.sys [2010-6-29 40448]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\drivers\btmusb.sys [2010-6-29 516608]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-10-18 201168]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-10-18 101120]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-6-29 414984]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-6-29 472328]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
.
=============== Created Last 30 ================
.
2012-04-07 15:28:18	56200	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{b229ec3b-ddc6-4b44-b489-2b67029c0cdf}\offreg.dll
2012-04-06 03:11:44	--------	d-----w-	c:\users\***\appdata\local\temp
2012-04-06 03:10:45	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-04-06 00:12:16	--------	d-----w-	C:\ComboFix
2012-04-03 19:12:57	98816	----a-w-	c:\windows\sed.exe
2012-04-03 19:12:57	518144	----a-w-	c:\windows\SWREG.exe
2012-04-03 19:12:57	256000	----a-w-	c:\windows\PEV.exe
2012-04-03 19:12:57	208896	----a-w-	c:\windows\MBR.exe
2012-04-03 19:06:38	6582328	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{b229ec3b-ddc6-4b44-b489-2b67029c0cdf}\mpengine.dll
2012-04-03 09:21:08	--------	d-----w-	C:\FRST
2012-04-02 16:43:28	--------	d-----w-	C:\TDSS
2012-04-02 15:48:57	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-04-02 11:32:51	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-04-02 00:54:06	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-27 23:00:39	--------	d-----w-	c:\program files\iPod
2012-03-27 23:00:38	--------	d-----w-	c:\program files\iTunes
2012-03-27 22:57:01	--------	d-----w-	c:\program files\Bonjour
2012-03-26 01:20:10	--------	d-----w-	c:\program files\iSaver
2012-03-26 01:18:22	--------	d-----w-	c:\users\***\appdata\local\ScreeNet iSaver
2012-03-15 02:01:13	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-15 02:01:11	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 14:31:26	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-14 14:31:26	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-14 13:21:01	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 13:20:59	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 13:20:07	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:20:07	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:20:06	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 13:20:04	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 13:20:04	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:20:03	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-04-02 12:13:14	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05	237072	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:35:01,39 ===============

--- --- ---

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 26.09.2010 00:13:29
System Uptime: 07.04.2012 17:27:51 (0 hours ago)
.
Motherboard: LENOVO |  | Base Board Product Name
Processor: Genuine Intel(R) CPU           U4100  @ 1.30GHz | CPU | 1196/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 253 GiB total, 176,042 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 26,292 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM-Laufwerk
Device ID: IDE\CDROMTSSTCORP_CDDVDW_TS-U633A________________LEW1____\5&1FE67507&0&1.0.0
Manufacturer: (Standard-CD-ROM-Laufwerke)
Name: TSSTcorp CDDVDW TS-U633A ATA Device
PNP Device ID: IDE\CDROMTSSTCORP_CDDVDW_TS-U633A________________LEW1____\5&1FE67507&0&1.0.0
Service: cdrom
.
Class GUID: {a173b237-6a34-4bb5-aa63-2561160fa200}
Description: CSR Bluetooth Device
Device ID: USB\VID_0A12&PID_0001\5&EB2F1B2&0&2
Manufacturer: Motorola, Inc.
Name: CSR Bluetooth Device
PNP Device ID: USB\VID_0A12&PID_0001\5&EB2F1B2&0&2
Service: BTMUSB
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM-Laufwerk
Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&0&00
Manufacturer: (Standard-CD-ROM-Laufwerke)
Name: DTSoftBusCd00
PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&0&00
Service: cdrom
.
==== System Restore Points ===================
.
RP466: 21.03.2012 01:37:36 - Windows Update
RP467: 25.03.2012 17:55:11 - Windows Update
RP468: 26.03.2012 03:12:17 - Installiert iSaver 
RP469: 26.03.2012 03:19:04 - Entfernt iSaver 
RP470: 26.03.2012 03:19:54 - Installiert iSaver 
RP472: 26.03.2012 16:44:04 - Microsoft Antimalware Checkpoint
RP473: 27.03.2012 03:32:00 - Removed simfy
RP474: 27.03.2012 03:33:31 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP475: 27.03.2012 03:34:06 - Microsoft Visual C++ 2005 Redistributable wird entfernt
RP476: 29.03.2012 13:28:00 - Windows Update
RP477: 01.04.2012 21:01:00 - Windows Update
RP479: 02.04.2012 02:57:04 - Microsoft Antimalware Checkpoint
RP480: 02.04.2012 17:20:11 - Wiederherstellungsvorgang
RP481: 04.04.2012 02:39:52 - ComboFix created restore point
.
==== Installed Programs ======================
.
.
 Update for Microsoft Office 2007 (KB2508958)
"Nero SoundTrax Help
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.0 - Deutsch
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audiosurf DE
Bonjour
Broadcom 802.11 Wireless Driver
Business Contact Manager für Outlook 2007 SP2
Canon Easy-WebPrint EX
Canon iP1600
Canon MP Navigator EX 3.0
Canon MP560 series Benutzerregistrierung
Canon MP560 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Clock Screen Saver
DAEMON Tools Lite
Das Fussball Studio 8.5.1
Die Kunst des Mordens – Der Marionettenspieler
DolbyFiles
Dr. Watson - Katakomben
EA Installer
Energy Management
ESET Online Scanner v3
Fahrenheit
FUSSBALL MANAGER 11
Google Chrome
Google Earth
Google Update Helper
ICQ7.6
ImagXpress
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 30
JDownloader
Junk Mail filter update
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Lenovo Security Solution FP
Malwarebytes Anti-Malware Version 1.60.1.1000
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Antimalware
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (German) 2007
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobile Partner
Motorola Bluetooth
Movie Templates - Starter Kit
Mozilla Firefox 11.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser und SDK
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA PhysX
OpenAL
OpenOffice.org 3.2
PartyPoker
PC Connectivity Solution
PDF Settings CS5
PHOTOfunSTUDIO 5.0
Power2Go
ProtectDisc Driver, Version 11
QuickTime
Rapture3D 2.3.22 Game
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Retail Virtual EVE
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Schlag den Raab
Schlag den Raab - Das 2. Spiel
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Sony Picture Utility
Sony USB Driver
SopCast 3.3.2
SoundTrax
SUPERAntiSpyware
Sweet Home 3D version 3.3
Synaptics Pointing Device Driver
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Virtual DJ - Atomix Productions
VirtualDJ PRO Full
VLC media player 1.1.8
vShare.tv plugin 1.3
Winamp Erkennungs-Plug-in
Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR
ZoneAlarm
.
==== End Of File ===========================

Psychotic · 07.04.2012, 18:08

Schritt 1: CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

DDS::
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [iSaverCtrl] c:\program files\isaver\iSaverCtrl.exe --startup
FIREFOX::
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\ohh0ccb1.default\
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FOLDER::
c:\program files\iSaver
c:\users\***\AppData\Local\ScreeNet iSaver
C:\$RECYCLE.BIN

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2: Farbars Service Scanner

Downloade dir bitte Farbar's Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)

Plagegeister aller Art und deren Bekämpfung: kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)

Ähnliche Themen: kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)