Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
AntiVir Fund: TR/Kazy.mekml.1

AntiVir Fund: TR/Kazy.mekml.1


Log-Analyse und Auswertung: AntiVir Fund: TR/Kazy.mekml.1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.05.2011, 19:36   #1
Kiwi204
 
AntiVir Fund: TR/Kazy.mekml.1 - Standard

AntiVir Fund: TR/Kazy.mekml.1


Ich hab nur OSAM ausgeführt. GMER ist immer abgestürzt.

Hier der OSAM-Bericht:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:31:40 on 03.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Nero BurnRights" - "Ahead Software AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"NokiaConnectionManager" - "Nokia" - D:\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acehlp10.sys
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"Alcatel Speed Touch ADSL Modem ATM Transport" (alcaudsl) - "THOMSON multimedia" - C:\WINDOWS\System32\DRIVERS\alcaudsl.sys
"Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)" (alcan5ln) - "THOMSON multimedia" - C:\WINDOWS\System32\DRIVERS\alcan5ln.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
"catchme" (catchme) - ? - C:\DOKUME~1\FAMILI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"CBTNDIS5 NDIS Protocol Driver" (CBTNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\CBTNDIS5.SYS
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TP-LINK TL-WN620G 11G Wireless Adapter Service" (AR5523) - "Atheros Communications, Inc." - C:\WINDOWS\System32\DRIVERS\ar5523.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZyAIR G-200 Wireless LAN USB Adapter" (wind502u) - ? - C:\WINDOWS\System32\DRIVERS\wind502u.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{3A93B640-3755-4D0A-AC39-2DB8CEB0B0D1} "MMCopyHook Class" - "TODO: <Company name>" - C:\Programme\Nokia\Nokia Map Manager\MapMgrCopyHook.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - D:\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} "PhotoToys" - "Microsoft Corporation" - C:\WINDOWS\system32\phototoys.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Familie***\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"PC Suite Tray" - "Nokia" - "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Sony Ericsson PC Companion" - "Sony Ericsson" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"TomTomHOME.exe" - "TomTom" - "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TWCU" - "TP-LINK TECHNOLOGIES CO., LTD" - C:\Programme\TP-LINK\TWCU\TWCU.exe -nogui

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"OdysseyNetProv" - "Funk Software, Inc." - C:\Programme\Funk Software\Odyssey Client\odLogin.dll
"TP-LINK Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll  (File not found)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"SeaPort" (SeaPort) - ? - C:\WINDOWS\system32\drivers\SeaPort.sys  (File not found)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
"TP-LINK Configuration Service" (ACS) - ? - C:\WINDOWS\system32\acs.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Hier der MBRCheck-Bericht:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000027d

Kernel Drivers (total 125):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80701000 \WINDOWS\system32\hal.dll
  0xF7B2F000 \WINDOWS\system32\KDCOM.DLL
  0xF7A3F000 \WINDOWS\system32\BOOTVID.dll
  0xF75DF000 ACPI.sys
  0xF7B31000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF75CE000 pci.sys
  0xF762F000 isapnp.sys
  0xF7BF7000 pciide.sys
  0xF78AF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF763F000 MountMgr.sys
  0xF75AF000 ftdisk.sys
  0xF78B7000 PartMgr.sys
  0xF764F000 VolSnap.sys
  0xF7597000 atapi.sys
  0xF765F000 disk.sys
  0xF766F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7577000 fltmgr.sys
  0xF7565000 sr.sys
  0xF767F000 PxHelp20.sys
  0xF754E000 KSecDD.sys
  0xF753B000 WudfPf.sys
  0xF74AE000 Ntfs.sys
  0xF7481000 NDIS.sys
  0xF7467000 Mup.sys
  0xF784F000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF61E8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF61D4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF61AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF6192000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
  0xF7987000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF616E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF798F000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF785F000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF7997000 \SystemRoot\system32\DRIVERS\irsir.sys
  0xF7AFB000 \SystemRoot\system32\DRIVERS\irenum.sys
  0xF799F000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xF615A000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF786F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF79A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF7B03000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF787F000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF611E000 \??\C:\WINDOWS\system32\drivers\acehlp10.sys
  0xF788F000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF789F000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF60FB000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF79AF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF7D6A000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF79B7000 \SystemRoot\system32\DRIVERS\rasirda.sys
  0xF79BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF6C3C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7B13000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF60E4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF6C2C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF6C1C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF60D3000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF6C0C000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF79C7000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF79CF000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF6BFC000 \SystemRoot\system32\DRIVERS\odysseyIM3.sys
  0xF6BEC000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF79D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7B3D000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF6075000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7B1B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF7B3F000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF6BCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF3ABA000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF3A96000 \SystemRoot\system32\drivers\portcls.sys
  0xF6BAC000 \SystemRoot\system32\drivers\drmk.sys
  0xF76AF000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF79E7000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xF7B43000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7D0B000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7B45000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF79F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF79FF000 \SystemRoot\System32\drivers\vga.sys
  0xF7B47000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7B49000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7A07000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7A0F000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7AE7000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3A13000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF39BA000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF3992000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF396C000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF394A000 \SystemRoot\System32\drivers\afd.sys
  0xF76CF000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF76DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF7A17000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF391F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF3887000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF76EF000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF3861000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF7B4D000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF3809000 \SystemRoot\system32\DRIVERS\ar5523.sys
  0xF7A27000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF6061000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF770F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF3A8E000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF37E5000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF77DF000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF37CD000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7BAF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF7ADF000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF794F000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7D5C000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBD610000 \SystemRoot\System32\ATMFD.DLL
  0xB86AB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xB868B000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xB8555000 \SystemRoot\system32\DRIVERS\irda.sys
  0xB8683000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB830B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF7B99000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB828D000 \??\C:\WINDOWS\system32\drivers\acedrv10.sys
  0xB8250000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB850D000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF78FF000 \SystemRoot\System32\Drivers\TDTCP.SYS
  0xB8027000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xB7EDF000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB7B56000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
       0 System Idle Process
       4 System
    1096 C:\WINDOWS\system32\smss.exe
    1220 csrss.exe
    1244 C:\WINDOWS\system32\winlogon.exe
    1288 C:\WINDOWS\system32\services.exe
    1300 C:\WINDOWS\system32\lsass.exe
    1480 C:\WINDOWS\system32\nvsvc32.exe
    1504 C:\WINDOWS\system32\svchost.exe
    1552 svchost.exe
    1612 C:\WINDOWS\system32\svchost.exe
    1648 C:\WINDOWS\system32\svchost.exe
    1780 svchost.exe
    1972 svchost.exe
     492 C:\WINDOWS\system32\spoolsv.exe
     572 C:\WINDOWS\system32\acs.exe
     592 C:\Programme\Avira\AntiVir Desktop\sched.exe
     628 svchost.exe
     936 C:\Programme\Avira\AntiVir Desktop\avguard.exe
     952 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     968 C:\Programme\Bonjour\mDNSResponder.exe
    1040 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    1928 C:\Programme\ICQ6Toolbar\ICQ Service.exe
    1144 C:\Programme\Java\jre6\bin\jqs.exe
    1836 C:\WINDOWS\explorer.exe
     296 C:\WINDOWS\system32\svchost.exe
     412 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
    3008 C:\WINDOWS\RTHDCPL.exe
    3260 C:\Programme\TP-LINK\TWCU\TWCU.exe
    3892 alg.exe
    2568 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    2700 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2848 C:\Programme\iTunes\iTunesHelper.exe
    2868 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
    3232 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3332 C:\Programme\Windows Live\Messenger\msnmsgr.exe
    3408 D:\Nokia\Nokia PC Suite 7\PCSuite.exe
    3420 C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
    3472 C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    1680 C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    3532 C:\WINDOWS\system32\svchost.exe
    2408 C:\Programme\Mozilla Firefox\firefox.exe
    2468 C:\Programme\iPod\bin\iPodService.exe
    3912 C:\Programme\PC Connectivity Solution\ServiceLayer.exe
    3052 C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
    3716 C:\Programme\PC Connectivity Solution\Transports\NclIrSrv.exe
    2220 C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
    3656 C:\Dokumente und Einstellungen\Familie***\Desktop\osam.exe
    3044 D:\Usenext\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`5d8f7200  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000037`c7750a00  (FAT32)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JD-00HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: PI-239USB 2.0 Drive, Rev: 1.08

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    465 GB  \\.\PhysicalDrive1   RE: Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

Antwort

Themen zu AntiVir Fund: TR/Kazy.mekml.1
0x00000001, alcatel, alternate, antivir, any video converter, avgntflt.sys, avira, becker, bho, bonjour, brief, call of duty, converter, dateien weg, defekte festplatte, desktop, device driver, disabletaskmgr, error, failed, festplatte, finds, firefox, fishing, flash player, google, hijack, hijackthis, home, iexplore.exe, location, logfile, mp3, msiinstaller, ntdll.dll, oldtimer, picasa, pirates, plug-in, realtek, registry, saver, scan, searchplugins, secrets, security, shell32.dll, software, sptd.sys, studio, thomson, unerwarteter fehler, video converter, visual studio, windows, windows internet, wma, world at war


« Trojaner eingefangen: Windows Recovery | kazy.mekl Trojaner »


Ähnliche Themen: AntiVir Fund: TR/Kazy.mekml.1


  1. Fund von TR/PSW.Zbot.7439 und TR/Kazy.17952.100 mittels Avira AntiVir
    Log-Analyse und Auswertung - 01.03.2013 (15)
  2. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  3. TR/Kazy.mekml.1 aus einer email eingefangen, obwohl Antivir nix festgestellt hat
    Log-Analyse und Auswertung - 13.05.2011 (32)
  4. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  5. Antivir findet TR/Kazy.mekml.1, Scans bereits durchgeführt
    Log-Analyse und Auswertung - 02.05.2011 (22)
  6. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  7. Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!
    Log-Analyse und Auswertung - 30.04.2011 (6)
  8. AntiVir meldet TR/Kazy.mekml.1, OTLogfile
    Log-Analyse und Auswertung - 29.04.2011 (10)
  9. [FUND] TR/Kazy.mekml.1 auf meinem Laptop
    Log-Analyse und Auswertung - 29.04.2011 (29)
  10. Avira Antivir findet TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 27.04.2011 (4)
  11. TR/Kazy.mekml.1 durch Antivir entdeckt - OTL bereits durchgeführt !
    Log-Analyse und Auswertung - 27.04.2011 (1)
  12. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  13. Antivir findet TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 21.04.2011 (10)
  14. Antivir zeigt TR/Kazy.mekml.1 als Trojaner an
    Log-Analyse und Auswertung - 21.04.2011 (12)
  15. Trojaner TR/kazy.mekml.1 (laut AntiVir) ?
    Log-Analyse und Auswertung - 21.04.2011 (20)
  16. Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (25)
  17. Antivir Fund: TR/kazy.2369.1
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AntiVir Fund: TR/Kazy.mekml.1 - Ich hab nur OSAM ausgeführt. GMER ist immer abgestürzt. Hier der OSAM -Bericht: Code: Alles auswählen Aufklappen ATTFilter Report of OSAM : Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:31:40 on - AntiVir Fund: TR/Kazy.mekml.1...
Archiv
Du betrachtest: AntiVir Fund: TR/Kazy.mekml.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19