Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rootkit.Dropper firefox.exe und diverses -Überprüfung

Rootkit.Dropper firefox.exe und diverses -Überprüfung


Log-Analyse und Auswertung: Rootkit.Dropper firefox.exe und diverses -Überprüfung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.07.2011, 17:57   #16
Ecca
 
Rootkit.Dropper firefox.exe und diverses -Überprüfung - Standard

Rootkit.Dropper firefox.exe und diverses -Überprüfung


Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:38:34 on 19.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Marion\AppData\Local\Temp\catchme.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"tvicport" (tvicport) - "EnTech Taiwan" - C:\Windows\system32\drivers\tvicport.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"zntport" (zntport) - "Zeal SoftStudio" - C:\Windows\system32\drivers\zntport.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? -   (File not found | COM-object registry key not found)
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"ASETRES.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Empowering Technology Monitor" - ? - C:\Acer\Empowering Technology\SysMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5.5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eDataSecurity Loader" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NVRaidService" - "NVIDIA Corporation" - C:\Windows\system32\nvraidservice.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - ? - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"  (File not found)
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - ? - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe  (File not found)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\system32\ARCSOF~1.SCR  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-20 18:54:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 WDC_WD64 rev.01.0
Running: fgwmkqst.exe; Driver: C:\Users\Marion\AppData\Local\Temp\fgriypod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                   section is writeable [0x8EE04000, 0x38E905, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Windows\Explorer.EXE[500] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5  75CCB37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}

---- EOF - GMER 1.0.15 ----
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	ACER
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ACER
System Product Name:		Aspire M5641
Logical Drives Mask:		0x000001fc

Kernel Drivers (total 163):
  0x82000000 \SystemRoot\system32\ntkrnlpa.exe
  0x823BA000 \SystemRoot\system32\hal.dll
  0x80604000 \SystemRoot\system32\kdcom.dll
  0x8060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8067B000 \SystemRoot\system32\PSHED.dll
  0x8068C000 \SystemRoot\system32\BOOTVID.dll
  0x80694000 \SystemRoot\system32\CLFS.SYS
  0x806D5000 \SystemRoot\system32\CI.dll
  0x82604000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x82675000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x82683000 \SystemRoot\system32\drivers\acpi.sys
  0x826C9000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x826D2000 \SystemRoot\system32\drivers\msisadrv.sys
  0x826DA000 \SystemRoot\system32\drivers\pci.sys
  0x82701000 \SystemRoot\System32\drivers\partmgr.sys
  0x82710000 \SystemRoot\system32\drivers\volmgr.sys
  0x8271F000 \SystemRoot\System32\drivers\volmgrx.sys
  0x82769000 \SystemRoot\system32\drivers\nvrd32.sys
  0x8278C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x827AD000 \SystemRoot\system32\drivers\pciide.sys
  0x827B4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x827C2000 \SystemRoot\System32\drivers\mountmgr.sys
  0x827D2000 \SystemRoot\system32\drivers\nvraid.sys
  0x827ED000 \SystemRoot\system32\drivers\atapi.sys
  0x807B5000 \SystemRoot\system32\drivers\ataport.SYS
  0x807D3000 \SystemRoot\system32\drivers\nvstor32.sys
  0x8A20E000 \SystemRoot\system32\drivers\storport.sys
  0x8A24F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A281000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A291000 \SystemRoot\system32\DRIVERS\psdfilter.sys
  0x8A29A000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8A40A000 \SystemRoot\system32\drivers\ndis.sys
  0x8A515000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A540000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A30B000 \SystemRoot\System32\drivers\tcpip.sys
  0x8A57B000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A600000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A710000 \SystemRoot\system32\drivers\wd.sys
  0x8A718000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A751000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A759000 \SystemRoot\System32\Drivers\mup.sys
  0x8A768000 \SystemRoot\System32\drivers\ecache.sys
  0x8A78F000 \SystemRoot\system32\drivers\disk.sys
  0x8A7A0000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8A7E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8A7EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8A596000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A5A5000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8A5BF000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8A5DC000 \SystemRoot\system32\DRIVERS\L8042mou.Sys
  0x8A5EA000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
  0x8A3F5000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A7F8000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x8A400000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8E400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8E43E000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E44D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E4DA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8E4EA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8E4F8000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x8E806000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8E538000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8EFC4000 \SystemRoot\System32\drivers\watchdog.sys
  0x8EFD0000 \SystemRoot\system32\drivers\Afc.sys
  0x8EFD8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8EFF0000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8F20B000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
  0x8F307000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8F310000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F33F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F34A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F361000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F36C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F38F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F39E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F3B2000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F3C7000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F3D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F3E2000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F406000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F430000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F43A000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F447000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8F47C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F60D000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F93D000 \SystemRoot\system32\drivers\portcls.sys
  0x8F96A000 \SystemRoot\system32\drivers\drmk.sys
  0x8F98F000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x8F99D000 \SystemRoot\system32\drivers\AtihdLH3.sys
  0x8F9B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F9C0000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F9C7000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F9CE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F9EA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F9F1000 \SystemRoot\System32\drivers\vga.sys
  0x8F48D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F9E1000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F4AE000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F4B9000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F4C7000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8F4D0000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8F4E6000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8F4FA000 \SystemRoot\system32\drivers\afd.sys
  0x8F542000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8F574000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8F58A000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8F598000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F5AB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F5B1000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F5ED000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F3E4000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E5D8000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8A7A9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x8F9FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8EFF2000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8F200000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8A7BE000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
  0x8F5F7000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0x8A5C9000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x97007000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x97017000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9702E000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x97036000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9703E000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x97046000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x97A10000 \SystemRoot\System32\win32k.sys
  0x9704F000 \SystemRoot\System32\drivers\Dxapi.sys
  0x97059000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x97C30000 \SystemRoot\System32\TSDDD.dll
  0x97C50000 \SystemRoot\System32\ATMFD.DLL
  0x97068000 \SystemRoot\system32\drivers\luafv.sys
  0x97083000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x97CA0000 \SystemRoot\System32\cdd.dll
  0x9709A000 \SystemRoot\system32\drivers\spsys.sys
  0x9714A000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9715A000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9716D000 \SystemRoot\system32\drivers\HTTP.sys
  0x971DA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D800000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D819000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D82E000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9D84F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9D86E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9D8A7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9D8BF000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9D8E7000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9D936000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA7205000 \SystemRoot\system32\drivers\peauth.sys
  0xA72E3000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
  0xA72EC000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
  0xA72FE000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA7308000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA7314000 \??\C:\Windows\system32\drivers\tvicport.sys
  0xA7317000 \??\C:\Windows\system32\drivers\zntport.sys
  0xA7318000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA732D000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA733F000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA7355000 \??\C:\Windows\system32\drivers\mbam.sys
  0xA7383000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0xA7385000 \??\C:\Users\Marion\AppData\Local\Temp\catchme.sys
  0xA7394000 \??\C:\Users\Marion\AppData\Local\Temp\fgriypod.sys
  0x77C90000 \Windows\System32\ntdll.dll

Processes (total 75):
       0 System Idle Process
       4 System
     456 C:\Windows\System32\smss.exe
     524 csrss.exe
     596 C:\Windows\System32\wininit.exe
     608 csrss.exe
     640 C:\Windows\System32\services.exe
     652 C:\Windows\System32\lsass.exe
     664 C:\Windows\System32\lsm.exe
     808 C:\Windows\System32\svchost.exe
     876 C:\Windows\System32\svchost.exe
     920 C:\Windows\System32\svchost.exe
     960 C:\Windows\System32\atiesrxx.exe
    1012 C:\Windows\System32\winlogon.exe
    1044 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\audiodg.exe
    1184 C:\Windows\System32\SLsvc.exe
    1224 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\svchost.exe
    1552 C:\Windows\System32\spoolsv.exe
    1588 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1624 C:\Windows\System32\svchost.exe
    1676 C:\Windows\System32\atieclxx.exe
     472 C:\Windows\System32\dwm.exe
     492 C:\Windows\System32\taskeng.exe
     860 C:\Windows\System32\taskeng.exe
    2284 C:\Program Files\Windows Defender\MSASCui.exe
    2292 C:\Acer\Empowering Technology\SysMonitor.exe
    2300 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    2324 C:\Windows\System32\nvraidservice.exe
    2332 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2356 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    2556 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2624 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2668 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    2788 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    2860 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3108 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    3116 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3484 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    3500 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    3516 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    3604 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    3636 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    3760 C:\Windows\System32\svchost.exe
    3828 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    3884 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    3904 C:\Windows\System32\svchost.exe
    4004 C:\Windows\System32\svchost.exe
    4044 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    4092 C:\Windows\System32\SearchIndexer.exe
    1432 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    1600 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    1340 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2972 WUDFHost.exe
    3092 WmiPrvSE.exe
    4204 WmiPrvSE.exe
    4444 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4580 C:\Windows\System32\mobsync.exe
    4616 C:\Windows\System32\wbem\unsecapp.exe
    5420 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    4544 C:\Windows\System32\svchost.exe
    2112 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    3920 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    1456 C:\Windows\System32\rundll32.exe
    3216 C:\Windows\System32\conime.exe
    5848 C:\Windows\explorer.exe
    5360 C:\Windows\System32\wbem\unsecapp.exe
    2492 D:\Programme\Mozilla Firefox\firefox.exe
     768 D:\Programme\Mozilla Firefox\plugin-container.exe
    4132 C:\Windows\System32\SearchProtocolHost.exe
    5844 C:\Windows\System32\SearchFilterHost.exe
    4604 C:\Users\Marion\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f3a00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004b`89000000  (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

      Size  Device Name          MBR Status
  --------------------------------------------
    596 GB  \\.\PhysicalDrive0   MBR Code Faked!
            SHA1: E43E29FA989EDD40E2C31C97D282243B52D36B81


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Themen zu Rootkit.Dropper firefox.exe und diverses -Überprüfung
antivir, antivir guard, autorun, avira, bho, c:\windows\system32\rundll32.exe, converter, diner dash, error, excel.exe, flash player, focus, google earth, helper, hijack, hijackthis, home, ilivid, install.exe, logfile, microsoft office word, mp3, nvlddmkm.sys, office 2007, plug-in, popup, problem, prozess, registry, rootkit.dropper, rundll, scan, security update, senden, shortcut, siteadvisor, software, start menu, studio, teamspeak, vista, wenig ahnung


« bundeskriminalamt trojaner | Websites werden langsam geladen, aber nur bei 2 PCs im Netzwerk! »


Ähnliche Themen: Rootkit.Dropper firefox.exe und diverses -Überprüfung


  1. Win32 Dropper Gen Meldung von Avast, aber kein Fund durch Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2014 (14)
  2. IE hängt sich andauernd auf, google Bildersuche funktioniert nicht und diverses ...
    Alles rund um Windows - 02.12.2012 (44)
  3. Google analytics und diverses
    Diskussionsforum - 10.08.2011 (3)
  4. AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2011 (37)
  5. Firefox Problem, Rootkit?
    Log-Analyse und Auswertung - 29.04.2011 (12)
  6. Google Chrome und Windows Update gehen nicht mehr + Diverses
    Log-Analyse und Auswertung - 15.01.2011 (26)
  7. Firefox entführt + stürzt ab (Rootkit, Backdoor)
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (9)
  8. Trojan.Dropper gefunden - angebl beseitigt GMER meldet Rootkit
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (3)
  9. Rootkit.Win32.TDSS.d - und Firefox friert ein
    Plagegeister aller Art und deren Bekämpfung - 04.03.2010 (18)
  10. Trojan.Dropper im Firefox CACHE.
    Plagegeister aller Art und deren Bekämpfung - 07.08.2009 (2)
  11. Win32/Rootkit.Agent.Odg entfernt - Überprüfung des HJT-Logs
    Log-Analyse und Auswertung - 05.07.2009 (1)
  12. TR/Dropper.Gen Rootkit
    Plagegeister aller Art und deren Bekämpfung - 02.06.2009 (48)
  13. TR/Dropper.Gen auf USB entdeckt - Rootkit im System! Bitte Logfiles checken!
    Log-Analyse und Auswertung - 22.01.2009 (3)
  14. Diverses Ungeziefer
    Plagegeister aller Art und deren Bekämpfung - 10.07.2007 (4)
  15. Trojaner TR/QHosts.Script + Diverses?
    Log-Analyse und Auswertung - 11.12.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit.Dropper firefox.exe und diverses -Überprüfung - Code: Alles auswählen Aufklappen ATTFilter Report of OSAM : Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:38:34 on 19.07.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit - Rootkit.Dropper firefox.exe und diverses -Überprüfung...
Archiv
Du betrachtest: Rootkit.Dropper firefox.exe und diverses -Überprüfung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55