PDA

View Full Version : Malware - Trojan Horse Win32:Sirefef found in system



Joshen
2013-06-07, 20:22
Hi
Apparently a update codecs file what run on the family computer, and guess what...

I found instructions on the net, but i wanted to ask you first what the best was
(http:// www. im-infected.com/trojan/win32-sirefef-pl.html) Disabled url, site registrant is hidden by proxy.

Not been able to disable the tee timer yet?!

Data as requested below..


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Johan at 18:21:41 on 2013-06-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.16337.13409 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
D:\Program\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\MSI\OTPService\OTPService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Johan\AppData\Local\Temp\ose00000.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ione] C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - D:\Program\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 8.8.8.8 192.168.0.1 195.67.199.24
TCP: Interfaces\{3CEBF187-6429-4DA0-B127-7F61A891F08D} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{8DCAF5A5-151F-4B80-B037-F8BE8C5EE4C6} : DHCPNameServer = 8.8.8.8 192.168.0.1 195.67.199.24
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\173a9p2n.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll
FF - plugin: C:\Users\Johan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\173a9p2n.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-21 10:37; {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}; C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\173a9p2n.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 189936]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-14 16152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-22 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-22 378432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-6 235520]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-31 46808]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-14 189608]
R2 MSI_OTPService;MSI_OTPService;C:\Program Files (x86)\MSI\OTPService\OTPService.exe [2012-8-14 252432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 I1KBFLTR;Gaming Keyboard;C:\Windows\System32\drivers\I1KBFLTR.sys [2012-6-11 29440]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-14 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-14 787736]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-8-14 32344]
R3 NTIOLib_1_0_T;NTIOLib_1_0_T;C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [2012-8-14 14136]
R3 SaiK0CD7;SaiK0CD7;C:\Windows\System32\drivers\SaiK0CD7.sys [2012-9-20 180544]
R3 SaiU0CD7;SaiU0CD7;C:\Windows\System32\drivers\SaiU0CD7.sys [2012-9-20 47168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-8-14 160256]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-11 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-11 1369624]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-11 168384]
S3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2008-9-8 15360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-22 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Johan\Desktop\RealTemp_370\WinRing0x64.sys [2008-7-26 14544]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2013-06-07 15:03:13 225280 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-06-07 15:03:05 -------- d-----w- C:\Program Files (x86)\x264 Video Codec
2013-06-05 02:14:01 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{897977DD-55E1-461C-B43E-35FFBA326220}\mpengine.dll
2013-05-31 18:33:56 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-30 16:12:33 -------- d-----w- C:\Users\Johan\.gstreamer-0.10
2013-05-30 16:11:46 -------- d-----w- C:\Users\Johan\.mp3splt-gtk
2013-05-30 16:11:41 -------- d-----w- C:\Program Files (x86)\mp3splt-gtk
2013-05-15 22:08:48 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-12 19:50:52 -------- d-----w- C:\Users\Johan\AppData\Roaming\iPodder
2013-05-11 05:42:31 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-11 05:42:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-11 05:40:53 -------- d-----w- C:\Users\Johan\AppData\Local\Programs
.
==================== Find3M ====================
.
2013-06-06 20:14:35 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-06 20:14:35 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-06 20:14:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-31 18:33:56 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-14 23:39:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 23:39:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 14:22:58 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-10 14:22:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 03:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 18:21:48,88 ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-07 18:35:14
-----------------------------
18:35:14.512 OS Version: Windows x64 6.1.7601 Service Pack 1
18:35:14.512 Number of processors: 8 586 0x3A09
18:35:14.513 ComputerName: HOMER UserName: Johan
18:35:14.821 Initialize success
18:35:14.900 AVAST engine defs: 13060700
18:35:30.306 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:35:30.309 Disk 0 Vendor: Corsair_ 1.3. Size: 114473MB BusType: 8
18:35:30.312 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-4
18:35:30.314 Disk 1 Vendor: Intel___ 1.0. Size: 476936MB BusType: 8
18:35:30.317 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
18:35:30.320 Disk 2 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 8
18:35:30.324 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-3
18:35:30.327 Disk 3 Vendor: WDC_WD15 80.0 Size: 1430799MB BusType: 8
18:35:30.341 Disk 0 MBR read successfully
18:35:30.345 Disk 0 MBR scan
18:35:30.350 Disk 0 Windows 7 default MBR code
18:35:30.354 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:35:30.357 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
18:35:30.694 Disk 0 scanning C:\Windows\system32\drivers
18:35:31.612 Service scanning
18:35:34.236 Modules scanning
18:35:34.243 Disk 0 trace - called modules:
18:35:34.251 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:35:34.256 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d047790]
18:35:34.261 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800cb9ab10]
18:35:34.266 5 ACPI.sys[fffff88000d667a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cb9d050]
18:35:34.500 AVAST engine scan C:\Windows
18:35:34.793 AVAST engine scan C:\Windows\system32
18:35:43.945 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
18:35:47.742 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:35:47.915 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:35:54.427 AVAST engine scan C:\Windows\system32\drivers
18:35:55.709 AVAST engine scan C:\Users\Johan
18:36:18.854 Disk 0 MBR has been saved successfully to "C:\Users\Johan\Desktop\MBR.dat"
18:36:18.855 The log file has been saved successfully to "C:\Users\Johan\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-07 18:35:14
-----------------------------
18:35:14.512 OS Version: Windows x64 6.1.7601 Service Pack 1
18:35:14.512 Number of processors: 8 586 0x3A09
18:35:14.513 ComputerName: HOMER UserName: Johan
18:35:14.821 Initialize success
18:35:14.900 AVAST engine defs: 13060700
18:35:30.306 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:35:30.309 Disk 0 Vendor: Corsair_ 1.3. Size: 114473MB BusType: 8
18:35:30.312 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-4
18:35:30.314 Disk 1 Vendor: Intel___ 1.0. Size: 476936MB BusType: 8
18:35:30.317 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
18:35:30.320 Disk 2 Vendor: WDC_WD20 51.0 Size: 1907729MB BusType: 8
18:35:30.324 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-3
18:35:30.327 Disk 3 Vendor: WDC_WD15 80.0 Size: 1430799MB BusType: 8
18:35:30.341 Disk 0 MBR read successfully
18:35:30.345 Disk 0 MBR scan
18:35:30.350 Disk 0 Windows 7 default MBR code
18:35:30.354 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:35:30.357 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
18:35:30.694 Disk 0 scanning C:\Windows\system32\drivers
18:35:31.612 Service scanning
18:35:34.236 Modules scanning
18:35:34.243 Disk 0 trace - called modules:
18:35:34.251 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:35:34.256 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d047790]
18:35:34.261 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800cb9ab10]
18:35:34.266 5 ACPI.sys[fffff88000d667a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cb9d050]
18:35:34.500 AVAST engine scan C:\Windows
18:35:34.793 AVAST engine scan C:\Windows\system32
18:35:43.945 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
18:35:47.742 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:35:47.915 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:35:54.427 AVAST engine scan C:\Windows\system32\drivers
18:35:55.709 AVAST engine scan C:\Users\Johan
18:36:18.854 Disk 0 MBR has been saved successfully to "C:\Users\Johan\Desktop\MBR.dat"
18:36:18.855 The log file has been saved successfully to "C:\Users\Johan\Desktop\aswMBR.txt"
18:36:48.277 AVAST engine scan C:\ProgramData
18:36:52.550 Scan finished successfully
18:39:14.937 Disk 0 MBR has been saved successfully to "C:\Users\Johan\Desktop\MBR.dat"
18:39:14.940 The log file has been saved successfully to "C:\Users\Johan\Desktop\aswMBR.txt"



Search results from Spybot - Search & Destroy

2013-06-07 19:20:54
Scan took 00:12:28.
12 items found.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2860466470-321762071-2317893264-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2860466470-321762071-2317893264-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2860466470-321762071-2317893264-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2860466470-321762071-2317893264-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2860466470-321762071-2317893264-1000\Software\WinRAR\DialogEditHistory\ArcName

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (25) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (8) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (86) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-05-11 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2013-05-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-05-29 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-29 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)

tashi
2013-06-15, 20:36
Joshen started a topic at another site as Joshen74.

This thread archived.