Trojaner-Board - PC-Start sehr langsam, Verbindung zu unbekanntem Server, Rootkit-Anzeichen (TDSS?)

Hier der OSAM-Log. Der Rest kommt sobald fertig. "kwlyapow.sys" sollte der Treiber von Gmer sein welches ich davor kurz gestartet aber wieder beendet habe.
Code:
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 20:42:18 on 04.12.2011
 

OS: Windows XP Professional Service Pack 3, v.6055 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.24
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)

"DeathAdder.cpl" - "Razer Inc." - C:\WINDOWS\system32\DeathAdder.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Premium" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys

"Acronis Try&Decide and Restore Points filter (build 273)" (tdrpman273) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm273.sys

"afcdp" (afcdp) - "Acronis" - C:\WINDOWS\System32\DRIVERS\afcdp.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys

"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys

"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)

"EagleXNt" (EagleXNt) - ? - C:\WINDOWS\system32\drivers\EagleXNt.sys  (File not found)

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys

"kwlyapow" (kwlyapow) - ? - C:\DOKUME~1\Gamer\LOKALE~1\Temp\kwlyapow.sys  (Hidden registry entry, rootkit activity | File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)

"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\WINDOWS\System32\drivers\npf.sys

"NetLimiter Ndis Protocol Service" (NLNdisPT) - "Locktime Software" - C:\WINDOWS\System32\DRIVERS\nlndis.sys

"NLNdisMP" (NLNdisMP) - "Locktime Software" - C:\WINDOWS\System32\DRIVERS\nlndis.sys

"NTIOLib_1_0_4" (NTIOLib_1_0_4) - ? - C:\Programme\MSI\Live Update 5\NTIOLib.sys  (File not found)

"NTIOLib_1_0_8" (NTIOLib_1_0_8) - "MSI" - C:\PROGRA~2\MSI\MSIWDev\NTIOLib.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"Revoflt" (Revoflt) - "VS Revo Group" - C:\WINDOWS\System32\DRIVERS\revoflt.sys

"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieDrv.sys

"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys

"VirtualBox Bridged Networking Service" (VBoxNetFlt) - "Oracle Corporation" - C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys

"VirtualBox Host-Only Ethernet Adapter" (VBoxNetAdp) - "Oracle Corporation" - C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys

"VirtualBox Service" (VBoxDrv) - "Oracle Corporation" - C:\WINDOWS\System32\DRIVERS\VBoxDrv.sys

"VirtualBox USB Monitor Driver" (VBoxUSBMon) - "Oracle Corporation" - C:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{0A479751-02BC-11d3-A855-0004AC2568AA} "HardLink Context Menu" - "Hermann Schinagl" - C:\Programme\LinkShellExtension\HardlinkShellExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{693B08DA-DA1F-4f2b-A145-C06BDF01868A} "CmdOpen Shell Extension" - "code.kliu.org" - C:\WINDOWS\system32\ShellExt\CmdOpen.dll

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{0A479751-02BC-11d3-A855-0004AC2568AA} "HardLink Context Menu" - "Hermann Schinagl" - C:\Programme\LinkShellExtension\HardlinkShellExt.dll

{0A479751-02BC-11d3-A855-0004AC2568BB} "HardLink Copyhook" - "Hermann Schinagl" - C:\Programme\LinkShellExtension\HardlinkShellExt.dll

{0A479751-02BC-11d3-A855-0004AC2568DD} "HardLink IconOverlay Hardlink" - "Hermann Schinagl" - C:\Programme\LinkShellExtension\HardlinkShellExt.dll

{0A479751-02BC-11d3-A855-0004AC2568CC} "HardLink PropertySheetPage" - "Hermann Schinagl" - C:\Programme\LinkShellExtension\HardlinkShellExt.dll

{705977C7-86CB-4743-BFAF-6908BD19B7B0} "HashCheck Shell Extension" - "code.kliu.org" - C:\WINDOWS\system32\ShellExt\HashCheck.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll

{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} "RUShellExt Class" - "VS Revo Group" - C:\Programme\Revo Uninstaller Pro\RUExt.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Programme\TeraCopy\TeraCopy.dll  (File found, but it contains no detailed information)

{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Programme\TeraCopy\TeraCopyExt.dll  (File found, but it contains no detailed information)

{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{5802D092-1784-4908-8CDB-99B6842D353D} "Webtestaufzeichnung 10.0" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.6" - "ICQ, LLC." - C:\Programme\ICQ7.6\ICQ.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Gamer\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Gamer\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"DeathAdder" - ? - :C:\Programme\Razer\DeathAdder\razerhid.exe  (File not found)

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"snp2std" - ? - :C:\WINDOWS\vsnp2std.exe  (File not found)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Autodesk Licensing Service" (Autodesk Licensing Service) - ? - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"CiSvc" (CiSvc) - ? - C:\WINDOWS\system32\cisvc.exe  (File not found)

"ERSvc" (ERSvc) - ? - C:\WINDOWS\System32\ersvc.dll  (File not found)

"iPod Service" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"OpenVPN Service" (OpenVPNService) - ? - C:\Programme\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)

"PEVSystemStart" (PEVSystemStart) - ? - C:\ComboFix\pev.3XE  (File found, but it contains no detailed information)

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Windows Service Pack Installer update service" (spupdsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\spupdsvc.exe

"wscsvc" (wscsvc) - ? - C:\WINDOWS\system32\wscsvc.dll  (File not found)
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

"Proxifier NSP" - ? - C:\WINDOWS\system32\PrxerNsp.dll

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"PROXIFIER LSP" - "Initex" - C:\WINDOWS\system32\PrxerDrv.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru