Trojaner TR/Kazy.mekml.1 - ich bin auch dabei - malware-datei liegt bei

Toschi · 16.05.2011, 09:14

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 10:09:22 on 16.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17096

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"viahdcpl.cpl" - "VIA Technologies, Inc" - C:\WINDOWS\system32\viahdcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AWISp50 NDIS Protocol Driver" (AWISp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\AWISp50.sys
"BOVOLUME" (BOVOLUME) - ? - C:\PROGRA~1\T-DSLB~1\BOVOLUME.SYS  (File not found)
"BusinessOnline PPPoE Adapter" (BOAdapter) - "T-Systems Nova GmbH, Berkom Berlin" - C:\WINDOWS\System32\DRIVERS\BOPPPoE.sys
"BusinessOnline PPPoE Protokoll" (BOProtocol) - ? - C:\WINDOWS\System32\DRIVERS  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\Lisa\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Deutsche Telekom Dynamic ISDN (WDM)" (TDDIWAN) - "T-Systems Nova GmbH" - C:\WINDOWS\System32\DRIVERS\WTDDI.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pwldqpog" (pwldqpog) - ? - C:\DOKUME~1\Lisa\LOKALE~1\Temp\pwldqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"smserial" (smserial) - ? - C:\WINDOWS\System32\DRIVERS\smserial.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"T-DSL SpeedManager Service" (TSMPacket) - ? - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - ? - C:\WINDOWS\System32\Drivers\ZDPSp50.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} "IPS Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson File Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll
{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -   (File not found | COM-object registry key not found) / https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"Temporary Shortcut.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Temporary Shortcut.lnk  (Shortcut exists | File not found)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Lisa\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 2.3.lnk" - ? - C:\Programme\OpenOffice.org 2.3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"CHotkey" - ? - mHotkey.exe
"HDAudDeck" - "VIA Technologies, Inc." - C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
"NeroCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"showwnd" - ? - showwnd.exe  (File found, but it contains no detailed information)
"Sony Ericsson PC Suite" - ? - "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON Stylus SX200 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBEFE.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - ? - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe  (File not found)
"AVM IGD CTRL Service" (AVM IGD CTRL Service) - ? - C:\Programme\FRITZ!DSL\IGDCTRL.EXE  (File not found)
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Toschi · 16.05.2011, 09:17

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 113):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF79D2000 \WINDOWS\system32\KDCOM.DLL
0xF78E2000 \WINDOWS\system32\BOOTVID.dll
0xF73A2000 ACPI.sys
0xF79D4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7391000 pci.sys
0xF74D2000 isapnp.sys
0xF78E6000 compbatt.sys
0xF78EA000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A9A000 pciide.sys
0xF7752000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF79D6000 viaide.sys
0xF74E2000 MountMgr.sys
0xF7372000 ftdisk.sys
0xF78EE000 ACPIEC.sys
0xF7A9B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF775A000 PartMgr.sys
0xF74F2000 VolSnap.sys
0xF735A000 atapi.sys
0xF7502000 disk.sys
0xF7512000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF733A000 fltmgr.sys
0xF7328000 sr.sys
0xF7311000 KSecDD.sys
0xF7284000 Ntfs.sys
0xF7257000 NDIS.sys
0xF7522000 uagp35.sys
0xF723D000 Mup.sys
0xF7682000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7154000 \SystemRoot\system32\DRIVERS\S3gIGPm.sys
0xF7140000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7812000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF711C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF781A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7692000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7822000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF782A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF70F4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF76B2000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF70E0000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF76C2000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF799A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF799E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\BOPPPoE.sys
0xF7B78000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79A2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF70C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7702000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7832000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF70B8000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7712000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF783A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7842000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7722000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7095000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7037000 \SystemRoot\system32\DRIVERS\update.sys
0xF79B2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7742000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7562000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79F8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF5F3C000 \SystemRoot\system32\drivers\viahduaa.sys
0xF5F18000 \SystemRoot\system32\drivers\portcls.sys
0xF7572000 \SystemRoot\system32\drivers\drmk.sys
0xF79FC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B3C000 \SystemRoot\System32\Drivers\Null.SYS
0xF79FE000 \SystemRoot\System32\Drivers\Beep.SYS
0xF786A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7872000 \SystemRoot\System32\drivers\vga.sys
0xF7A00000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A02000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF787A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7882000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7209000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5EE5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5E8C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF5E64000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5E42000 \SystemRoot\System32\drivers\afd.sys
0xF7592000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF788A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5E17000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5D7F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75C2000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5D59000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF75D2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5D3D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A08000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF5CF8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A2A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF701B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C2000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B79000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\S3gIGP.dll
0xBF0F2000 \SystemRoot\System32\s3gcil_inv.dll
0xBF415000 \SystemRoot\System32\ATMFD.DLL
0xECBE8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF77DA000 \SystemRoot\System32\Drivers\AWISp50.sys
0xECBCC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEC98B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEC86B000 \SystemRoot\system32\DRIVERS\srv.sys
0xEC69E000 \SystemRoot\system32\drivers\wdmaud.sys
0xEC6EB000 \SystemRoot\system32\drivers\sysaudio.sys
0xEC325000 \SystemRoot\System32\Drivers\HTTP.sys
0xEBDA8000 \SystemRoot\system32\DRIVERS\RTL8187.sys
0xEBD64000 \??\C:\DOKUME~1\Lisa\LOKALE~1\Temp\pwldqpog.sys
0xEBD39000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
528 C:\WINDOWS\system32\smss.exe
640 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
852 C:\WINDOWS\system32\services.exe
864 C:\WINDOWS\system32\lsass.exe
1024 C:\WINDOWS\system32\svchost.exe
1080 svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1340 svchost.exe
1572 C:\WINDOWS\system32\spoolsv.exe
1620 C:\Programme\Avira\AntiVir Desktop\sched.exe
1664 svchost.exe
1720 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1868 C:\WINDOWS\system32\svchost.exe
1296 C:\WINDOWS\explorer.exe
152 alg.exe
796 C:\WINDOWS\system32\VTTimer.exe
1272 C:\WINDOWS\mHotkey.exe
800 C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
1796 C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
1988 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
280 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
192 C:\WINDOWS\system32\ctfmon.exe
2360 C:\Programme\OpenOffice.org 2.3\program\soffice.exe
2368 C:\Programme\OpenOffice.org 2.3\program\soffice.bin
544 C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
3248 C:\Programme\Internet Explorer\iexplore.exe
2692 C:\Dokumente und Einstellungen\Lisa\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TSEUK1U5\bp1j1frb[1].exe
3904 C:\Programme\Outlook Express\msimn.exe
2724 C:\Programme\Messenger\msmsgs.exe
2932 C:\Dokumente und Einstellungen\Lisa\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHW2080BH, Rev: 00000012

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

cosinus · 16.05.2011, 12:03

Zitat:

"BOVOLUME" (BOVOLUME) - ? - C:\PROGRA~1\T-DSLB~1\BOVOLUME.SYS (File not found)
"BusinessOnline PPPoE Adapter" (BOAdapter) - "T-Systems Nova GmbH, Berkom Berlin" - C:\WINDOWS\System32\DRIVERS\BOPPPoE.sys
"BusinessOnline PPPoE Protokoll" (BOProtocol) - ? - C:\WINDOWS\System32\DRIVERS (File not found)

Ist das gewollt? GMER zeigt BOProtocol als Rootkit an!

Service C:\WINDOWS\system32\DRIVERS (*** hidden *** ) [MANUAL] BOProtocol <-- ROOTKIT !!!

Toschi · 16.05.2011, 16:35

Ich weiß nicht was das ist. Also sicher nichts gewolltes.

cosinus · 16.05.2011, 20:38

Zitat:

BusinessOnline PPPoE Adapter

Sagt dir nichts? PPPoE hier nachlesen => PPP over Ethernet ? Wikipedia
Wird bei DSL benutzt. Du hast keinen T-Systems Business Adapter?

Toschi · 17.05.2011, 11:26

Hhm, nein, ich habe keinen T-Systems Business Adapter, nutze auch einen anderen Anbieter. Aber WLAN bei den Eltern läuft über das große T.

Was schlägst du vor?

cosinus · 17.05.2011, 11:28

Zitat:

Aber WLAN bei den Eltern läuft über das große T.

Über den Rechner, den wir jetzt hier unter die Lupe nehmen?

Toschi · 17.05.2011, 11:39

Ja. Der Rechner ist ein Notebook, wird auf Reise mitgenommen und dann am etwaig vorhandenen WLAN bei Freunden/Verwandten gearbeitet

cosinus · 17.05.2011, 11:44

Dann sollte es ok sein.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

17.05.2011, 11:44	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner TR/Kazy.mekml.1 - ich bin auch dabei - malware-datei liegt bei Dann sollte es ok sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner TR/Kazy.mekml.1 - ich bin auch dabei - malware-datei liegt bei

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Kazy.mekml.1 - ich bin auch dabei - malware-datei liegt bei