Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Scheinbarer Spambot - bin ratlos!

Scheinbarer Spambot - bin ratlos!


Plagegeister aller Art und deren Bekämpfung: Scheinbarer Spambot - bin ratlos!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.05.2010, 19:52   #16
flowfish
 
Scheinbarer Spambot - bin ratlos! - Standard

Scheinbarer Spambot - bin ratlos!


GMER:
--
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-11 20:43:22
Windows 5.1.2600
Running: srxyfk95.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\fxlorpoc.sys


---- System - GMER 1.0.15 ----

SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF77F3BB8]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xF77F3B70]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF77E7C70]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF77E84FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF77F3CB0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF77F3B34]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF77E851E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF77F3C06]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF77F3450]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 804FC688 4 Bytes [B8, 3B, 7F, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [70, 3B, 7F, F7] {JO 0x3d; JG 0xfffffffffffffffb}
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C0 804FC6D8 4 Bytes [70, 7C, 7E, F7] {JO 0x7e; JLE 0xfffffffffffffffb}
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 804FC740 4 Bytes [FE, 84, 7E, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 804FC748 4 Bytes [B0, 3C, 7F, F7] {MOV AL, 0x3c; JG 0xfffffffffffffffb}
.text ...
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7916B8D]
.text C:\WINDOWS\System32\drivers\ACEDRV09.sys section is writeable [0xA8E81000, 0x3326E, 0xE8000020]
.pklstb C:\WINDOWS\System32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0xA8EC6000]
.relo2 C:\WINDOWS\System32\drivers\ACEDRV09.sys unknown last section [0xA8EE2000, 0x8E, 0x42000040]
.text C:\WINDOWS\System32\DRIVERS\atksgt.sys section is writeable [0xA8CAB300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\System32\DRIVERS\lirsgt.sys section is writeable [0xF2984300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xA8A67F00, 0x24000, 0x48000000]
? C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\cofi\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\System32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollInfo 77D1466C 7 Bytes JMP 0254A68D C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollRange 77D193E8 3 Bytes JMP 0254A6E3 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollRange + 4 77D193EC 2 Bytes [8A, CC] {MOV CL, AH}
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!ShowScrollBar 77D2BE13 5 Bytes JMP 0254A711 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!GetScrollInfo 77D2C6AE 7 Bytes JMP 0254A615 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!GetScrollRange 77D2D6DF 6 Bytes JMP 0254A662 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollPos 77D2D729 6 Bytes JMP 0254A6B8 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!GetScrollPos 77D2D759 9 Bytes JMP 0254A63D C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!EnableScrollBar 77D36C25 7 Bytes JMP 0254A5ED C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[6908] ntdll.dll!LdrLoadDll 77F46EA1 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[1292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00CB2BC8] C:\WINDOWS\System32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[1292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00CB2CE9] C:\WINDOWS\System32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F32F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F32DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F32D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F32DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008A2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008A2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008A2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008A2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01012F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01012DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01012D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01012DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8637E500
Device \Driver\Cdrom \Device\CdRom0 861C5228
Device \FileSystem\Rdbss \Device\FsWrap 85D7EAC0
Device \Driver\Cdrom \Device\CdRom1 861C5228
Device \Driver\Cdrom \Device\CdRom2 861C5228
Device \FileSystem\Srv \Device\LanmanServer 85F9DE38
Device \Driver\nvatabus \Device\NvAta0 85EECD68
Device \Driver\nvatabus \Device\0000007b 85EECD68
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86247910
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86247910
Device \Driver\nvatabus \Device\0000007c 85EECD68
Device \FileSystem\Npfs \Device\NamedPipe 85F94DD0
Device \Driver\nvatabus \Device\0000007d 85EECD68
Device \Driver\nvatabus \Device\0000007e 85EECD68
Device \FileSystem\Msfs \Device\Mailslot 85FB9BB8
Device \Driver\vax347s \Device\Scsi\vax347s1 85DE1A80
Device \Driver\vax347s \Device\Scsi\vax347s1Port0Path0Target0Lun0 85DE1A80
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 85DC1AC0
Device \FileSystem\Cdfs \Cdfs 85FA9C88

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% (Trial Version)
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% (Trial Version)

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Fxxxxxxx\Lokale Einstellungen\temp\fla1E.tmp 8336529 bytes
File C:\Dokumente und Einstellungen\Fxxxxxxx\Lokale Einstellungen\temp\plugtmp\plugin-crossdomain.xml 298 bytes

---- EOF - GMER 1.0.15 ----
--

OSAM:
---
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:51:04 on 11.05.2010

OS: Windows XP Professional (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\System32\lsdelete.exe (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl
"DIRECTX.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\DIRECTX.CPL
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\WINDOWS\System32\drivers\ACEDRV09.sys
"Asapi" (Asapi) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\drivers\Asapi.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\System32\Drivers\CVPNDRVA.sys
"Cisco Systems VPN Adapter" (CVirtA) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\CVirtA.sys
"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys
"fxlorpoc" (fxlorpoc) - ? - C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\fxlorpoc.sys (Hidden registry entry, rootkit activity | File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"Logitech Kernel Audio Processing Filter Driver" (Lvckap) - "Logitech Inc." - C:\WINDOWS\system32\drivers\Lvckap.sys
"Logitech LVPrcMon Driver" (LVPrcMon) - "Logitech Inc." - C:\WINDOWS\system32\drivers\LVPrcMon.sys
"Logitech Machine Vision Engine Loader" (lvmvdrv) - "Logitech Inc." - C:\WINDOWS\system32\drivers\lvmvdrv.sys
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\System32\mbmiodrvr.sys
"mbr" (mbr) - ? - C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"NetworkX" (NetworkX) - ? - C:\WINDOWS\system32\ckldrv.sys (File found, but it contains no detailed information)
"Nokia USB Generic" (nmwcdc) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcdc.sys
"Nokia USB Modem" (nmwcdcm) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcdcm.sys
"Nokia USB Phone Parent" (nmwcd) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcd.sys
"Nokia USB Port" (nmwcdcj) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcdcj.sys
"OrangeWare USB 2.0 Root Hub Support" (ousb2hub) - "OrangeWare Corporation" - C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
"OrangeWare USB Enhanced Host Controller Service" (ousbehci) - "OrangeWare Corporation" - C:\WINDOWS\System32\Drivers\ousbehci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"pgfilter" (pgfilter) - ? - C:\Programme\PeerGuardian2\pgfilter.sys (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys
"Sony Ericsson Device 217 driver (WDM)" (s217bus) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217bus.sys
"Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)" (s217nd5) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217nd5.sys
"Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)" (s217unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\s217unic.sys
"Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)" (s217mgmt) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217mgmt.sys
"Sony Ericsson Device 217 USB WMC Modem Driver" (s217mdm) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217mdm.sys
"Sony Ericsson Device 217 USB WMC Modem Filter" (s217mdfl) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217mdfl.sys
"Sony Ericsson Device 217 USB WMC OBEX Interface" (s217obex) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217obex.sys
"Sony Ericsson Device 916 driver (WDM)" (s916bus) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s916bus.sys
"Sony Ericsson Device 916 USB WMC Modem Driver" (s916mdm) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s916mdm.sys
"Sony Ericsson Device 916 USB WMC Modem Filter" (s916mdfl) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s916mdfl.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\Drivers\truecrypt.sys
"TSP" (TSP) - ? - C:\WINDOWS\system32\drivers\klif.sys (File not found)
"vax347b" (vax347b) - " " - C:\WINDOWS\System32\DRIVERS\vax347b.sys
"vax347s" (vax347s) - " " - C:\WINDOWS\System32\Drivers\vax347s.sys
"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\System32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll
{AC54FB61-7D59-49A9-BA7C-C36E084D547E} "Mp3/Tag Studio shell extension" - ? - (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\System32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\System32\dfshim.dll
{B8323370-FF27-11D2-97B6-204C4F4F5020} "SmartFTP Shell Extension DLL" - "SmartFTP" - C:\Programme\SmartFTP Client 2.0\smarthook.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{FE063DB9-4EC0-403E-8DD8-394C54984B2C}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) /
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\System32\Macromed\Flash\Flash10b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\System32\wuweb.dll / hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253106379484
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"PeerGuardian.lnk" - "Methlabs" - C:\Programme\PeerGuardian2\pg2.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Fxxxxxxxxxx\Startmenü\Programme\Autostart\desktop.ini
"Rainlendar.lnk" - "Rainy" - C:\Programme\Rainlendar\Rainlendar.exe (Shortcut exists | File exists)
"Verknüpfung mit K9.lnk" - "KeirNet" - C:\Programme\k9v1\K9.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"TVgenial" - ? - C:\Programme\TVgenial\TVgenial.exe -d (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"MBM 5" - "Alex van Kaam" - "C:\Programme\Motherboard Monitor 5\MBM5.EXE"
"NVMixerTray" - "NVIDIA Corporation" - "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ad-Aware 2007 Service" (aawservice) - "Lavasoft AB" - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"CLCV0" (UTSCSI) - ? - C:\WINDOWS\System32\UTSCSI.EXE
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Logitech Process Monitor" (LVPrcSrv) - "Logitech Inc." - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Programme\MSN Messenger\usnsvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\System32\PnkBstrA.exe (File found, but it contains no detailed information)
"wscsvc" (wscsvc) - ? - C:\WINDOWS\system32\wscsvc.dll (File not found)
"xmlprov" (xmlprov) - ? - C:\WINDOWS\System32\xmlprov.dll (File not found)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
---

 

Themen zu Scheinbarer Spambot - bin ratlos!
ad-aware, dateien, explorer, firefox, forum, gupdate, hotkey, internet, internet explorer, log, microsoft, monitor, mozilla, mp3, neu, nvidia, outlook express, port, ratlos, software, spambot, system, system32, taskmanager, tetris, win32.agent.pz, windows, windows xp


« Trojaner/Virus gefunden, schon versucht zu entfernen - Überprüfung des Logs benötigt | Tr/Dropper.gen + Worm.kido »


Ähnliche Themen: Scheinbarer Spambot - bin ratlos!


  1. Yahoo Email-Spambot
    Plagegeister aller Art und deren Bekämpfung - 26.07.2014 (9)
  2. Skype Spambot Virus
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (11)
  3. Domäne Blacklisted (CBL,BARRACUDA) Verdacht auf Cutwail-Spambot im Netzwerk
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (7)
  4. mobilecashmechanisms wahrscheinlich gmx Spambot - um Einschätzung wird gebeten
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (17)
  5. Spambot Befall GMX
    Plagegeister aller Art und deren Bekämpfung - 12.05.2012 (1)
  6. Spambot PostMaster@qq.com
    Überwachung, Datenschutz und Spam - 08.03.2012 (1)
  7. Xarvester Spambot laut CBL vorhanden, aber nicht auffindbar!
    Log-Analyse und Auswertung - 12.11.2010 (15)
  8. Spambot an Bord? Wurde ich gehackt, oder ist es ein Trojaner/Virus?
    Log-Analyse und Auswertung - 07.07.2010 (1)
  9. Spambot im Heimnetzwerk
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (3)
  10. antivir & internet funktioniert nicht mehr trotz scheinbarer "bereinigung"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2009 (5)
  11. Mein HiJackThis-Log nach scheinbarer Säuberung des PCs
    Mülltonne - 29.10.2008 (0)
  12. trojaner spambot und rootkit agent
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (21)
  13. SpamBot
    Plagegeister aller Art und deren Bekämpfung - 09.03.2007 (8)
  14. TR & Spambot werden autom. ausm I-Net gezogen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2007 (1)
  15. Spambot verteilt Links zu (angeblich) kompromittierter Seite
    Plagegeister aller Art und deren Bekämpfung - 26.10.2006 (2)
  16. Habe Problem mit Trojan.Spambot.BX
    Plagegeister aller Art und deren Bekämpfung - 06.08.2006 (11)
  17. Trojan.Spambot.Az
    Plagegeister aller Art und deren Bekämpfung - 25.04.2006 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Scheinbarer Spambot - bin ratlos! - GMER: -- GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-05-11 20:43:22 Windows 5.1.2600 Running: srxyfk95.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\fxlorpoc.sys ---- System - GMER 1.0.15 ---- SSDT vax347b.sys (Plug and Play BIOS Extension/ ) - Scheinbarer Spambot - bin ratlos!...
Archiv
Du betrachtest: Scheinbarer Spambot - bin ratlos! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132