Zitat:

"bdxty" (bdxty) - ? - C:\WINDOWS\System32\drivers\xqeaviru.sys (File found, but it contains no detailed information)

Bitte mit osam deaktivieren und löschen (delete from storage) - erfordert einen Neustart!!

"bdxty" (bdxty) - ? - C:\WINDOWS\System32\drivers\xqeaviru.sys (File found, but it contains no detailed information)

wurde deaktiviert.
Morgen bin ich wieder im Büro (kann erst dann wieder die Fernverwaltung starten) soll ich dann OSAM nochmal durchlaufen lassen?

Ja, ein ein neues osam Log wäre gut

Hier der neue Bericht von OSAM:

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 08:18:03 on 31.05.2010

OS: Windows Server 2003, Standard Edition Service Pack 2 (Build 3790)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Projekt.job" - "MySQL AB" - C:\Programme\MySQL\MySQL Tools for 5.0\MySQLAdministrator.exe
"TrayBackup Dienstag.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe
"TrayBackup Donnerstg.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe
"traybackup Freitag.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe
"TrayBackup Mittwoch.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe
"TrayBackup Montag.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe
"TrayBackup täglich.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir für KEN! " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"SMAX3CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM KEN Internet" (KEN) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\KEN.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"detakg" (detakg) - ? - C:\WINDOWS\System32\drivers\brnptmk.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IP/IP-Tunneltreiber" (IpInIp) - ? - C:\WINDOWS\System32\DRIVERS\ipinip.sys  (File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\2F.tmp  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
(Disabled) "bdxty" (bdxty) - ? - C:\WINDOWS\System32\drivers\xqeaviru.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? - hticons.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93} "wodShellMenu" - "WeOnlyDo! COM" - C:\WINDOWS\system32\wodShellMenu.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"wow64" - ? - C:\WINDOWS\system32\wow64.dll  (File not found)
"wow64cpu" - ? - C:\WINDOWS\system32\wow64cpu.dll  (File not found)
"wow64win" - ? - C:\WINDOWS\system32\wow64win.dll  (File not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit KMFtp.exe.lnk" - "KONICA MINOLTA BUSINESS TECHNOLOGIES, INC." - D:\install\tools\KONICA MINOLTA\FTP Utility\KMFtp.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"CS License Server Monitor" - "SoftGold" - C:\Programme\Soft Gold\CS Floating License Server\CS_LicSrvMonitor.exe
"KEN Taskbar Service" - "AVM Berlin" - "C:\Programme\KEN!\kentbsrv.exe"
"Popup" - "LSI" - "C:\Programme\RAID Web Console 2\MegaPopup\Popup.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir für KEN! Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir für KEN! Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir für KEN! Service-PC" (AntiVirKENScanService) - "Avira GmbH" - C:\Programme\KEN!\Avira\avesvc.exe
"Avira Internet Update Manager" (IUMService) - "Avira GmbH" - C:\Programme\KEN!\Avira\ium.exe
"AVM KEN" (KEN Service) - "AVM Berlin" - C:\Programme\KEN!\KENSERV.EXE
"CAD Soft Tools Licensing Service" (CSLicenseServer) - "SoftGold" - C:\Programme\Soft Gold\CS Floating License Server\CS_LicenseServer.exe
"Hilfsdienst von SQL Server für Active Directory" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MRMonitor" (MegaMonitorSrv) - ? - C:\Programme\RAID Web Console 2\MegaMonitor\mrmonitor.exe  (File found, but it contains no detailed information)
"MySQL" (MySQL) - ? - C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe  (File found, but it contains no detailed information)
"NPLSecure" (NPLSecure) - "Niakwa, Inc." - C:\WINDOWS\system32\NPLSecure.exe
"RWCFramework" (MSMFramework) - ? - C:\Programme\RAID Web Console 2\Framework\VivaldiFramework.exe  (File found, but it contains no detailed information)
"SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
"SQL Server (MSSQLSERVER)" (MSSQLSERVER) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server (VVWSOFTWARE)" (MSSQL$VVWSOFTWARE) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"STLB-Bau XML V2 2007-10 - HTTP-Server" (HTTPServer_stlbbauxmlv2einzelserver_07_10) - "www.AW-SyStems.net" - C:\Programme\STLB-Bau\STLB-Bau XML V2 - SE\HTTPServer\HttpServer.Service.exe
"STLB-Bau XML V2 2007-10 - XML-Server" (XMLServer_stlbbauxmlv2einzelserver_07_10) - "www.AW-SyStems.net" - C:\Programme\STLB-Bau\STLB-Bau XML V2 - SE\XMLServer\XMLServer.Service.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

C:\WINDOWS\System32\drivers\xqeaviru.sys

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

Ich möchte an dieser Stelle nochmal drauf hinweisen: Auch wenn alle Logs (auch zukünftige) vom Server unauffällig sind, ist nicht garantiert, dass die Maschine 100% virenfrei ist.